Python directory buster, multiple threads, gobuster-like CLI, web server brute-forcer, URL replace pattern feature.

Overview

pybuster v1.1

pybuster is a tool that is used to brute-force URLs of web servers.

Features

  • Directory busting (URI)
  • URL replace patterns (put PYBUSTER in URL for it to get replaced with current word)
  • Multiple threads
  • Clean data outputting
  • Custom success status code selection
  • Custom wordlist selection

Command Line Usage

usage: pybuster.py mode [-h] --wordlist WORDLIST --threads THREADS --url URL [--success SUCCESS]

positional arguments:
  mode                 Mode to run pybuster [dir,subdomain]

optional arguments:
  -h, --help           show this help message and exit
  --wordlist WORDLIST  Full path to wordlist
  --threads THREADS    Number of threads to use
  --url URL            URL to check
  --success SUCCESS    Success status codes, split by comma [optional]

Why should i use this over gobuster?

The gobuster tool might be overall quicker, and it might be better in other fields, but;

  • This tool runs on python3, which is pre-installed on most systems
  • It uses pip3 for modules, and it only requires one, requests, which is already installed in most systems
  • It is easier to understand python code over go code, when you aren't a programmer, thus you can easily edit this.
  • Faster setup, you dont need to install golang, you can start it directly.

Changes in v1.1

Features below, +;

  • Added subdomain search mode
  • Changed cli usage, changed "dns" to "subdomain"
  • Use python3 pybuster.py subdomain to start to scan for subdomains
  • The url shall not change, do not try to do https://PYBUSTER.url.com, this will break the tool, it will automatically do that, just write out the URL normally, like; https://url.com.
  • Minor changes to outputting

Changes in v1.0

First stable release, with main features, +:

  • Clean outputting
  • Easy exiting out of threads
  • Cleaner display of found URLs/URIs
  • Time formatting better, still need to modify a small thing, when time is 1am, 5 minutes, it will show 1:5, but it should show 01:05.
  • Mode still not changing anything, although you can use pattern to check for subdomains and other things
  • Slightly modified src/script.py to make it less CPU intensive, so more threads can run.
  • Exiting only requires you to press enter
  • Cleaner exiting summary.

Changes in v0.1.0

  • Can select mode (still only dir mode is fully supported)
  • used python argparse module for cleaner commandline arguments
  • URL pattern to replace, you can put PYBUSTER in the URL, and it will replace it with the current wordlist item. Example: http://PYBUSTER.glaukio.com/ (do NOT put PYBUSTER in the end of the URL, for example; /PYBUSTER, it will start checking the URL like this; /wordlist_item/wordlist_item!)

Changes in v0.0.1

  • Added base files
  • Support for dir mode
  • Custom thread selection
  • CLI-like interface for displaying data while-running, no long outputs
  • On exit, show a summary of what happend
  • Pipe between threads
  • Stop on command
  • Custom wordlist selection
  • Custom sucess status selection
You might also like...
This is simple python FTP password craker. To crack FTP login using wordlist based brute force attack
This is simple python FTP password craker. To crack FTP login using wordlist based brute force attack

This is simple python FTP password craker. To crack FTP login using wordlist based brute force attack

A python script to decrypt media files encrypted using the Android application 'Decrypting 'LOCKED Secret Calculator Vault''. Will identify PIN / pattern.

A python script to decrypt media files encrypted using the Android application 'Decrypting 'LOCKED Secret Calculator Vault''. Will identify PIN / pattern.

zip-brute Zip File Password Cracking with Using Password List
zip-brute Zip File Password Cracking with Using Password List

Zip brute is a python script that cracks zip that are password protected using a wordlist dictionary.

Script for automatic dump and brute-force passwords using Volatility Framework
Script for automatic dump and brute-force passwords using Volatility Framework

Volatility-auto-hashdump Script for automatic dump and brute-force passwords using Volatility Framework

Brute-forcing (or not!) deck builder for Pokemon Trading Card Game.

PokeBot Deck Builder Brute-forcing (or not!) deck builder for Pokemon Trading Card Game. Warning: intensely not optimized and spaghetti coded Credits

A (completely native) python3 wifi brute-force attack using the 100k most common passwords (2021)
A (completely native) python3 wifi brute-force attack using the 100k most common passwords (2021)

wifi-bf [LINUX ONLY] A (completely native) python3 wifi brute-force attack using the 100k most common passwords (2021) This script is purely for educa

Dapunta Multi Brute Force Facebook - Crack Facebook With Login - Free

✭ DMBF CRACK Dibuat Dengan ❤️ Oleh Dapunta Author: - Dapunta Khurayra X ⇨ Fitur Login [✯] Login Token ⇨ Fitur Crack [✯] Crack Dari Teman, Public,

This program will brute force any Instagram account you send it its way given a list of proxies.

Instagram Bruter This program will brute force any Instagram account you send it its way given a list of proxies. NOTICE I'm no longer maintaining thi

Instagram brute force tool that uses tor as its proxy connections

Insta-crack This is a instagram brute force tool that uses tor as its proxy connections, keep in mind that you should not do anything illegal with thi

Releases(v1.1)
  • v1.1(Jan 4, 2022)

    Changes in v1.1

    Features below, +;

    • Added subdomain search mode
    • Changed cli usage, changed "dns" to "subdomain"
    • Use python3 pybuster.py subdomain to start to scan for subdomains
    • The url shall not change, do not try to do https://PYBUSTER.url.com, this will break the tool, it will automatically do that, just write out the URL normally, like; https://url.com.
    • Minor changes to outputting
    Source code(tar.gz)
    Source code(zip)
  • v1.0(Jan 4, 2022)

    First stable release, with main features, +:

    • Clean outputting
    • Easy exiting out of threads
    • Cleaner display of found URLs/URIs
    • Time formatting better, still need to modify a small thing, when time is 1am, 5 minutes, it will show 1:5, but it should show 01:05.
    • Mode still not changing anything, although you can use pattern to check for subdomains and other things
    • Slightly modified src/script.py to make it less CPU intensive, so more threads can run.
    • Exiting only requires you to press enter
    • Cleaner exiting summary.
    Source code(tar.gz)
    Source code(zip)
  • v0.1.0(Jan 4, 2022)

    New changes;

    • Can select mode (still only dir mode is fully supported)
    • used python argparse module for cleaner commandline arguments
    • URL pattern to replace, you can put PYBUSTER in the URL, and it will replace it with the current wordlist item. Example: http://PYBUSTER.glaukio.com/ (do NOT put PYBUSTER in the end of the URL, for example; /PYBUSTER, it will start checking the URL like this; /wordlist_item/wordlist_item!)
    Source code(tar.gz)
    Source code(zip)
  • v0.0.1(Jan 4, 2022)

    FIrst pybuster release;

    Changes in v0.0.1

    • Added base files
    • Support for dir mode
    • Custom thread selection
    • CLI-like interface for displaying data while-running, no long outputs
    • On exit, show a summary of what happend
    • Pipe between threads
    • Stop on command
    • Custom wordlist selection
    • Custom sucess status selection
    Source code(tar.gz)
    Source code(zip)
Owner
Glaukio
1128d463bad6bc935ea53cde84141a2165d4650606f2ec07cdb73b64032a2df0
Glaukio
Use scrapli to retrieve security zone information from a Juniper SRX firewall

Get Security Zones with Scrapli Overview This example will show how to retrieve security zone information on Juniper's SRX firewalls. In addition to t

Calvin Remsburg 2 Jun 19, 2022
Deobfuscate Log4Shell payloads with ease

Ox4Shell Deobfuscate Log4Shell payloads with ease. Description Since the release

Oxeye 137 Jan 02, 2023
A Python 3 script that uploads a tasks.pickle file that enables RCE in MotionEye

MotionEye/MotionEyeOS Authenticated RCE A Python 3 script that uploads a tasks.pickle file that enables RCE in MotionEye. You need administrator crede

Matt 1 Apr 18, 2022
对安卓APP注入MSF PAYLOAD,并且对手机管家进行BYPASS。

520_APK_HOOK 介绍 将msf生成的payload,注入到一个正常的apk文件中,重新打包后进行加固,bypass手机安全管家的检测。 项目地址: https://github.com/cleverbao/520apkhook 作者: BaoGuo 优点 相比于原始的msf远控,此版本ap

BaoGuo 368 Jan 02, 2023
python script for hack gmail account using brute force attack

#Creator: johnry #coded by john ry GBrute python script for hack gmail account using brute force attack Commands apt update && apt upgrade git clone h

6 Dec 09, 2022
version de mi tool de kali linux para miertuxzzzz digo, termux >:)

Msf-Tool 1.0 Termux apt install git -y apt install python apt install python3 apt install python3-pip apt install metasploit ---- ---- git clone ht

BruhGera 1 Feb 20, 2022
Apache Flink 目录遍历漏洞批量检测 (CVE-2020-17519)

使用方法&免责声明 该脚本为Apache Flink 目录遍历漏洞批量检测 (CVE-2020-17519)。 使用方法:Python CVE-2020-17519.py urls.txt urls.txt 中每个url为一行,漏洞地址输出在vul.txt中 影响版本: Apache Flink 1

45 Sep 21, 2022
一款辅助探测Orderby注入漏洞的BurpSuite插件,Python3编写,适用于上xray等扫描器被ban的场景

OrderbyHunter 一款辅助探测Orderby注入漏洞的BurpSuite插件,Python3编写,适用于上xray等扫描器被ban的场景 1. 支持Get/Post型请求参数的探测,被动探测,对于存在Orderby注入的请求将会在HTTP Histroy里标红 2. 自定义排序参数list

Automne 21 Aug 12, 2022
Separate handling of protected media in Django, with X-Sendfile support

Django Protected Media Django Protected Media is a Django app that manages media that are considered sensitive in a protected fashion. Not only does t

Cobus Carstens 46 Nov 12, 2022
Generate your own NFTs and their metadata based on your desired probabilities.

Generate your own NFTs and their metadata based on your desired probabilities. Use your own art assets too! Perfect for use with Candy Machine.

hex 7 Sep 16, 2022
Natural Language Processing - Sommer Semester 2022

Natural Language Processing (DIS25a/NLP) This course can be taken for the Bachelor Programm Data and Information Science (DIS25a) or the Master Progra

Classrooms of IR Group at Technische Hochschule Köln 19 Sep 07, 2022
An automated, reliable scanner for the Log4Shell (CVE-2021-44228) vulnerability.

Log4JHunt An automated, reliable scanner for the Log4Shell CVE-2021-44228 vulnerability. Video demo: Usage Here the help usage: $ python3 log4jhunt.py

RedHunt Labs 39 Nov 21, 2022
Simple python script for generating custom high-secure passwords for securing your social-apps ❤️

Opensource Project Simple Python Password Generator This repository is just for peoples who want to generate strong-passwords for there social-account

K A R T H I K 15 Dec 01, 2022
The Linux defender anti-virus software ported to work on CentOS Linux.

By: Seanpm2001, Et; Al. Top README.md Read this article in a different language Sorted by: A-Z Sorting options unavailable ( af Afrikaans Afrikaans |

Sean P. Myrick V19.1.7.2 2 Sep 12, 2022
Jolokia Exploitation Toolkit (JET) helps exploitation of exposed jolokia endpoints.

jolokia-exploitation-toolkit Jolokia Exploitation Toolkit (JET) helps exploitation of exposed jolokia endpoints. Core concept Jolokia is a protocol br

Laluka 194 Jan 01, 2023
windows电脑查看全部连接过的WiFi密码

python WIFI历史密码查看器 WIFI密码查看器 原理 win+R,输入cmd打开命令行窗口 #这个命令可以列出你所有连接过的wifi netsh wlan show profiles #替换你要查找的WiFi名称,就可以显示出这个wifi的所有信息,包括密码 netsh wlan show

GMYXDS 15 Dec 22, 2022
Compilation of resources and insights that helped me on my journey to data scientist

Compilation of resources and insights that helped me on my journey to data scientist

Conor Dewey 1.5k Jan 02, 2023
解密哥斯拉webshell管理工具流量

kingkong 解密哥斯拉Godzilla-V2.96 webshell管理工具流量 目前只支持jsp类型的webshell流量解密 Usage 获取攻击者上传到服务器的webshell样本 获取wireshark之类的流量包,一般甲方有科来之类的全流量镜像设备,联系运维人员获取,这里以test.

h4ck for fun 46 Dec 21, 2022
Workshop Material on VM-based Deobfuscation

Analysis of Virtualization-based Obfuscation This repository contains slides, samples and code of the 4h code deobfuscation workshop at r2con2021. We

Tim Blazytko 133 Dec 18, 2022
simple python keylogger

HELLogger simple python keylogger DISCLAIMERS: DON'T DO BAD THINGS. THIS PROGRAM IS MEANT FOR PERSONAL USES ONLY. USE IT ONLY IN COMPUTERS WHERE YOU H

Arya 10 Nov 10, 2022