rustbuster v3.0.3 releases: Comprehensive Web Fuzzer and Content Discovery Tool
DirBuster for Rust. It ended up by becoming a collection of modules useful in a different situation. Having a single executable suitable for most common web fuzzing tasks is very handy. At the time of writing, there are five modules available, that are: dir, dns, vhost, fuzz, and tilde.
dir — Directories and files enumeration mode
The dir module can be used to discover new content. You can set up a wordlist and an extensions list to discover directories and files hosted on the webserver. Rustbuster will send all the requests with the given concurrency level and report back which one is existing.
dns — A/AAAA DNS entries enumeration mode
The dns module can be used to discover subdomains of a given domain. It works by simply asking your default DNS resolver to resolve potential hostnames and reporting which one successfully resolve.
vhost — Virtual hosts enumeration mode
The vhost module can be used to enumerate which Virtual Hosts are available on the webserver. It works by fuzzing the Host HTTP Header using the given wordlist and filtering out the results by checking the presence of provided -x,–ignore-string parameter in the HTTP body of the response.
fuzz — Custom fuzzing enumeration mode
The fuzz module can be used when a more flexible fuzzing pattern is needed. You can define the injection points and a wordlist for each of them. A cartesian product of requests will be generated. CSRF token is also supported!
tilde — IIS 8.3 shortname enumeration mode
The tilde module can be used to exploit the known information disclosure issue related to Microsoft IIS and DOS 8.3 filenames that makes possible to easily enumerate the server-side file system structure.
- fixed false positives (#34)
- optimized build for size
Copyright (C) 2019 Phra