• Stars
    star
    115
  • Rank 305,916 (Top 7 %)
  • Language
    Rust
  • License
    MIT License
  • Created over 1 year ago
  • Updated about 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

A path-normalization pentesting tool.

pathbuster

A path-normalization pentesting tool



Whats New โ€ข Bug Fixes โ€ข Installation โ€ข Usage โ€ข Examples โ€ข Contributing โ€ข License โ€ข Join Discord


What's New?

  • Removed redundant --filter-status which filtered the status codes but also missed a ton of valid findings.
  • Removed redundant --filter-body-size which filtered the response sizes but also missed a ton of valid findings.
  • Implemented --drop-after-fail which will ignore requests with the same response code multiple times in a row.
  • Added in a --proxy argument, so you can now perform proxy-related tasks such as sending everything to burp.
  • Pathbuster will now give you an eta on when the tool will finish processing all jobs.
  • Added in a --skip-brute argument, so you have the choice to perform a directory brute force or not.
  • Replaced --match-status with --pub-status and --int-status so we have more control over the detection stage.
  • Added in a --skip-validation argument which is used to bypass known protected endpoints using traversals.
  • Added in a --header argument which is used to add in additonal headers into each request.

Bug fixes?

  • Fixed a bug with the ETA, it would not produce the correct results.
  • Fixed a bug with the --proxy argument as well as some other small bugs.
  • Fixed a ton of performance issues and included directory bruteforcing at the end.
  • Massive performance and accuracy increases using itertools instead of double for loops reducing O(n^2) time complexity.

Installation

Install rust

curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh

Install pathbuster

cargo install pathbuster

Usage

pathbuster -h

This command will show the tool's help information and present a list of all the switches that are available.

USAGE:
    pathbuster [OPTIONS] --urls <urls> --payloads <payloads> --wordlist <wordlist>

OPTIONS:
    -u, --urls <urls>
            the url you would like to test

    -r, --rate <rate>
            Maximum in-flight requests per second

            [default: 1000]

        --skip-brute
            skip the directory bruteforcing stage

        --drop-after-fail <drop-after-fail>
            ignore requests with the same response code multiple times in a row

            [default: 302,301]

        --int-status <int-status>
            the internal web root status

            [default: 404,500]

        --pub-status <pub-status>
            the public web root status

            [default: 400]

    -p, --proxy <proxy>
            http proxy to use (eg http://127.0.0.1:8080)

    -s, --skip-validation
            this is used to bypass known protected endpoints using traversals

    -c, --concurrency <concurrency>
            The amount of concurrent requests

            [default: 1000]

        --timeout <timeout>
            The delay between each request

            [default: 10]

        --header <header>
            The header to insert into each request

            [default: ]

    -w, --workers <workers>
            The amount of workers

            [default: 10]

        --payloads <payloads>
            the file containing the traversal payloads

            [default: ./payloads/traversals.txt]

        --wordlist <wordlist>
            the file containing the wordlist used for directory bruteforcing

            [default: ./wordlists/wordlist.txt]

    -o, --out <out>
            The output file

    -h, --help
            Print help information

    -V, --version
            Print version information

Flags

Flag Description
--urls the file containing the urls to test make sure it contains a path
--payloads file containing the payloads to test
--int-status used to match the status codes for identifying the internal web root
--pub-status used to match the status codes for identifying broken path normalization
--drop-after-fail specify a status code to ignore if it reoccurs more than 5 times in a row
--rate used set the maximum in-flight requests per second
--workers number of workers to process the jobs
--timeout the delay between each request
--concurrency number of threads to be used for processing
--wordlist the wordlist used for directory bruteforcing
--proxy http proxy to use (eg http://127.0.0.1:8080)
--header The header to insert into each request
--skip-brute use to skip the directory brute forcing stage
--skip-validation this is used to bypass known protected endpoints using traversals
--out save output to a file
--help prints help information
--version prints version information

Examples

Usage:

$ pathbuster --urls crawls.txt --payloads traversals.txt --wordlist wordlist.txt -o output.txt

Screenshot

If you find any cool bugs, it would be nice if I have some sorta appreciation such as shouting me out on your Twitter, buying me a coffee or donating to my Paypal.

BuyMeACoffee PayPal

I hope you enjoy

Contributing

Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.

Please make sure to update tests as appropriate.

License

Pathbuster is distributed under MIT License

More Repositories

1

ssrf-king

SSRF plugin for burp Automates SSRF Detection in all of the Request
Java
548
star
2

bxss

Go
219
star
3

TProxer

A Burp Suite extension made to automate the process of finding reverse proxy path based SSRF.
Python
172
star
4

ssrf-tool

Go
141
star
5

erebus

Erebus is a fast tool for parameter-based vulnerability scanning using a Yaml based template engine like nuclei.
Go
130
star
6

Bug-Bounty-Tools

The tools I have programmed to help me with bugbounty's
Python
111
star
7

wordlistgen

Generates target specific word lists for Fuzzing with fuff
Go
107
star
8

Zin

A Payload Injector for bugbounties written in go
Go
72
star
9

dnsresolver

A Lightning-Fast DNS Resolver written in Rust ๐Ÿฆ€
Rust
62
star
10

dorkX

Pipe different tools with google dork Scanner
Go
57
star
11

linkJS

Go
57
star
12

SubNuke

Subdomain Takeover tool with web UI
HTML
56
star
13

xsspwn

Cross-Site-Scripting (XSS) Automatic Scanner
Python
43
star
14

hrekt

A really fast http prober.
Rust
38
star
15

mailsploit

Sends some one a malicious payload through smtp and starts a listener with metasploit.
Python
35
star
16

gocrawler

Go
33
star
17

tprox

TProx is a fast reverse proxy path traversal detector and directory bruteforcer.
Go
28
star
18

endzy

Endpoint monitor tool
Go
20
star
19

aem-eye

A very simple AEM detector written in rust.๐Ÿฆ€
Rust
20
star
20

EvilPhisher

Social Media Phisher
HTML
19
star
21

erebus-templates

Community curated list of templates for the erebus engine to find security vulnerabilities.
16
star
22

recon_db_scripts

Creating a Database for Mass Recon
12
star
23

bcaem

Fast AEM scope gathering tool for all your public and private BugCrowd Programs
Go
11
star
24

pdtools

Install and upgrade projectdiscovery tools
Shell
10
star
25

hostparser

A very fast hostparser.
Rust
9
star
26

corsX

Cross Origin Resource Sharing Scanner (CORS Scanner)
Go
8
star
27

fbkiller

Brute Forces A Facebook Account
Python
6
star
28

facebookscraper

Python
3
star
29

hakku

Hakku is a android take over tool using various deployment options.
Python
2
star
30

specter

SMTP Password Bruteforcer
Python
2
star
31

subdomaintakeover

HTML
1
star
32

sha1decryper

Attempts to crack a sha1 hash
Python
1
star
33

nextjs-blog-theme

JavaScript
1
star
34

ethicalhackingplayground

1
star
35

native-mockups

HTML
1
star
36

JsX

Recon your way through java script with this tool finding subdomains, parameters, sinks & relative paths.
1
star
37

documents.uber.com

1
star
38

Electron-Boilerplate

CSS
1
star