Python directory buster, multiple threads, gobuster-like CLI, web server brute-forcer, URL replace pattern feature.

Overview

pybuster v1.1

pybuster is a tool that is used to brute-force URLs of web servers.

Features

  • Directory busting (URI)
  • URL replace patterns (put PYBUSTER in URL for it to get replaced with current word)
  • Multiple threads
  • Clean data outputting
  • Custom success status code selection
  • Custom wordlist selection

Command Line Usage

usage: pybuster.py mode [-h] --wordlist WORDLIST --threads THREADS --url URL [--success SUCCESS]

positional arguments:
  mode                 Mode to run pybuster [dir,subdomain]

optional arguments:
  -h, --help           show this help message and exit
  --wordlist WORDLIST  Full path to wordlist
  --threads THREADS    Number of threads to use
  --url URL            URL to check
  --success SUCCESS    Success status codes, split by comma [optional]

Why should i use this over gobuster?

The gobuster tool might be overall quicker, and it might be better in other fields, but;

  • This tool runs on python3, which is pre-installed on most systems
  • It uses pip3 for modules, and it only requires one, requests, which is already installed in most systems
  • It is easier to understand python code over go code, when you aren't a programmer, thus you can easily edit this.
  • Faster setup, you dont need to install golang, you can start it directly.

Changes in v1.1

Features below, +;

  • Added subdomain search mode
  • Changed cli usage, changed "dns" to "subdomain"
  • Use python3 pybuster.py subdomain to start to scan for subdomains
  • The url shall not change, do not try to do https://PYBUSTER.url.com, this will break the tool, it will automatically do that, just write out the URL normally, like; https://url.com.
  • Minor changes to outputting

Changes in v1.0

First stable release, with main features, +:

  • Clean outputting
  • Easy exiting out of threads
  • Cleaner display of found URLs/URIs
  • Time formatting better, still need to modify a small thing, when time is 1am, 5 minutes, it will show 1:5, but it should show 01:05.
  • Mode still not changing anything, although you can use pattern to check for subdomains and other things
  • Slightly modified src/script.py to make it less CPU intensive, so more threads can run.
  • Exiting only requires you to press enter
  • Cleaner exiting summary.

Changes in v0.1.0

  • Can select mode (still only dir mode is fully supported)
  • used python argparse module for cleaner commandline arguments
  • URL pattern to replace, you can put PYBUSTER in the URL, and it will replace it with the current wordlist item. Example: http://PYBUSTER.glaukio.com/ (do NOT put PYBUSTER in the end of the URL, for example; /PYBUSTER, it will start checking the URL like this; /wordlist_item/wordlist_item!)

Changes in v0.0.1

  • Added base files
  • Support for dir mode
  • Custom thread selection
  • CLI-like interface for displaying data while-running, no long outputs
  • On exit, show a summary of what happend
  • Pipe between threads
  • Stop on command
  • Custom wordlist selection
  • Custom sucess status selection
You might also like...
This is simple python FTP password craker. To crack FTP login using wordlist based brute force attack
This is simple python FTP password craker. To crack FTP login using wordlist based brute force attack

This is simple python FTP password craker. To crack FTP login using wordlist based brute force attack

A python script to decrypt media files encrypted using the Android application 'Decrypting 'LOCKED Secret Calculator Vault''. Will identify PIN / pattern.

A python script to decrypt media files encrypted using the Android application 'Decrypting 'LOCKED Secret Calculator Vault''. Will identify PIN / pattern.

zip-brute Zip File Password Cracking with Using Password List
zip-brute Zip File Password Cracking with Using Password List

Zip brute is a python script that cracks zip that are password protected using a wordlist dictionary.

Script for automatic dump and brute-force passwords using Volatility Framework
Script for automatic dump and brute-force passwords using Volatility Framework

Volatility-auto-hashdump Script for automatic dump and brute-force passwords using Volatility Framework

Brute-forcing (or not!) deck builder for Pokemon Trading Card Game.

PokeBot Deck Builder Brute-forcing (or not!) deck builder for Pokemon Trading Card Game. Warning: intensely not optimized and spaghetti coded Credits

A (completely native) python3 wifi brute-force attack using the 100k most common passwords (2021)
A (completely native) python3 wifi brute-force attack using the 100k most common passwords (2021)

wifi-bf [LINUX ONLY] A (completely native) python3 wifi brute-force attack using the 100k most common passwords (2021) This script is purely for educa

Dapunta Multi Brute Force Facebook - Crack Facebook With Login - Free

✭ DMBF CRACK Dibuat Dengan ❤️ Oleh Dapunta Author: - Dapunta Khurayra X ⇨ Fitur Login [✯] Login Token ⇨ Fitur Crack [✯] Crack Dari Teman, Public,

This program will brute force any Instagram account you send it its way given a list of proxies.

Instagram Bruter This program will brute force any Instagram account you send it its way given a list of proxies. NOTICE I'm no longer maintaining thi

Instagram brute force tool that uses tor as its proxy connections

Insta-crack This is a instagram brute force tool that uses tor as its proxy connections, keep in mind that you should not do anything illegal with thi

Releases(v1.1)
  • v1.1(Jan 4, 2022)

    Changes in v1.1

    Features below, +;

    • Added subdomain search mode
    • Changed cli usage, changed "dns" to "subdomain"
    • Use python3 pybuster.py subdomain to start to scan for subdomains
    • The url shall not change, do not try to do https://PYBUSTER.url.com, this will break the tool, it will automatically do that, just write out the URL normally, like; https://url.com.
    • Minor changes to outputting
    Source code(tar.gz)
    Source code(zip)
  • v1.0(Jan 4, 2022)

    First stable release, with main features, +:

    • Clean outputting
    • Easy exiting out of threads
    • Cleaner display of found URLs/URIs
    • Time formatting better, still need to modify a small thing, when time is 1am, 5 minutes, it will show 1:5, but it should show 01:05.
    • Mode still not changing anything, although you can use pattern to check for subdomains and other things
    • Slightly modified src/script.py to make it less CPU intensive, so more threads can run.
    • Exiting only requires you to press enter
    • Cleaner exiting summary.
    Source code(tar.gz)
    Source code(zip)
  • v0.1.0(Jan 4, 2022)

    New changes;

    • Can select mode (still only dir mode is fully supported)
    • used python argparse module for cleaner commandline arguments
    • URL pattern to replace, you can put PYBUSTER in the URL, and it will replace it with the current wordlist item. Example: http://PYBUSTER.glaukio.com/ (do NOT put PYBUSTER in the end of the URL, for example; /PYBUSTER, it will start checking the URL like this; /wordlist_item/wordlist_item!)
    Source code(tar.gz)
    Source code(zip)
  • v0.0.1(Jan 4, 2022)

    FIrst pybuster release;

    Changes in v0.0.1

    • Added base files
    • Support for dir mode
    • Custom thread selection
    • CLI-like interface for displaying data while-running, no long outputs
    • On exit, show a summary of what happend
    • Pipe between threads
    • Stop on command
    • Custom wordlist selection
    • Custom sucess status selection
    Source code(tar.gz)
    Source code(zip)
Owner
Glaukio
1128d463bad6bc935ea53cde84141a2165d4650606f2ec07cdb73b64032a2df0
Glaukio
Brute smb share - Brute force a SMB share

brute_smb_share I wrote this small PoC after bumping into SMB servers where Hydr

devloop 3 Feb 21, 2022
DirBruter is a Python based CLI tool. It looks for hidden or existing directories/files using brute force method. It basically works by launching a dictionary based attack against a webserver and analyse its response.

DirBruter DirBruter is a Python based CLI tool. It looks for hidden or existing directories/files using brute force method. It basically works by laun

vijay sahu 12 Dec 17, 2022
A tool to brute force a gmail account. Use this tool to crack multiple accounts

A tool to brute force a gmail account. Use this tool to crack multiple accounts. This tool is developed to crack multiple accounts

Saad 12 Dec 30, 2022
edgedressing leverages a Windows "feature" in order to force a target's Edge browser to open. This browser is then directed to a URL of choice.

edgedressing One day while experimenting with airpwn-ng, I noticed unexpected GET requests on the target node. The node in question happened to be a W

stryngs 43 Dec 23, 2022
Add a Web Server based on Rogue Mysql Server to allow remote user get

介绍 对于需要使用 Rogue Mysql Server 的漏洞来说,若想批量检测这种漏洞的话需要自备一个服务器。并且我常用的Rogue Mysql Server 脚本 不支持动态更改读取文件名、不支持远程用户访问读取结果、不支持批量化检测网站。于是乎萌生了这个小脚本的想法 Rogue-MySql-

null 6 May 17, 2022
A simple multi-threaded distributed SSH brute-forcing tool written in Python.

OrbitalDump A simple multi-threaded distributed SSH brute-forcing tool written in Python. How it Works When the script is executed without the --proxi

K4YT3X 408 Jan 3, 2023
Brute Force Guess the password for Instgram accounts with python

Brute-Force-instagram Guess the password for Instgram accounts Tool features : It has two modes: 1- Combo system from you 2- Automatic (random) system

null 45 Dec 11, 2022
python script for hack gmail account using brute force attack

#Creator: johnry #coded by john ry GBrute python script for hack gmail account using brute force attack Commands apt update && apt upgrade git clone h

null 6 Dec 9, 2022
A python script to brute-force guess the passwords to Instagram accounts

Instagram-Brute-Force The purpose of this script is to brute-force guess the passwords to Instagram accounts. Specifics: Comes with 2 separate modes i

Moondog 2 Nov 16, 2021
BF-Hash - A Python Tool to decrypt hashes by brute force

BF-Hash Herramienta para descifrar hashes por fuerza bruta Instalación git clone

null 5 Apr 9, 2022