pathbuster

A path-normalization pentesting tool


---

Whats NewBug FixesInstallationUsageExamplesContributingLicenseJoin Discord

--- ## What's New? - [x] Removed redundant **--filter-status** which filtered the status codes but also missed a ton of valid findings. - [x] Removed redundant **--filter-body-size** which filtered the response sizes but also missed a ton of valid findings. - [x] Implemented **--drop-after-fail** which will ignore requests with the same response code multiple times in a row. - [x] Added in a **--proxy** argument, so you can now perform proxy-related tasks such as sending everything to burp. - [x] Pathbuster will now give you an eta on when the tool will finish processing all jobs. - [x] Added in a **--skip-brute** argument, so you have the choice to perform a directory brute force or not. - [x] Replaced **--match-status** with **--pub-status** and **--int-status** so we have more control over the detection stage. - [x] Added in a **--skip-validation** argument which is used to bypass known protected endpoints using traversals. - [x] Added in a **--header** argument which is used to add in additonal headers into each request. --- ## Bug fixes? - [x] Fixed a bug with the ETA, it would not produce the correct results. - [x] Fixed a bug with the **--proxy** argument as well as some other small bugs. - [x] Fixed a ton of performance issues and included directory bruteforcing at the end. - [x] Massive performance and accuracy increases using itertools instead of double for loops reducing O(n^2) time complexity. --- ## Installation Install rust ```bash curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh ``` Install pathbuster ```bash cargo install pathbuster ``` ## Usage ```bash pathbuster -h ``` This command will show the tool's help information and present a list of all the switches that are available. ``` USAGE: pathbuster [OPTIONS] --urls --payloads --wordlist OPTIONS: -u, --urls the url you would like to test -r, --rate Maximum in-flight requests per second [default: 1000] --skip-brute skip the directory bruteforcing stage --drop-after-fail ignore requests with the same response code multiple times in a row [default: 302,301] --int-status the internal web root status [default: 404,500] --pub-status the public web root status [default: 400] -p, --proxy http proxy to use (eg http://127.0.0.1:8080) -s, --skip-validation this is used to bypass known protected endpoints using traversals -c, --concurrency The amount of concurrent requests [default: 1000] --timeout The delay between each request [default: 10] --header
The header to insert into each request [default: ] -w, --workers The amount of workers [default: 10] --payloads the file containing the traversal payloads [default: ./payloads/traversals.txt] --wordlist the file containing the wordlist used for directory bruteforcing [default: ./wordlists/wordlist.txt] -o, --out The output file -h, --help Print help information -V, --version Print version information ``` ## Flags | Flag | Description | | ----------------- | ------------------------------------------------------------------ | | --urls | the file containing the urls to test make sure it contains a path | --payloads | file containing the payloads to test | | --int-status | used to match the status codes for identifying the internal web root | | --pub-status | used to match the status codes for identifying broken path normalization | | --drop-after-fail | specify a status code to ignore if it reoccurs more than 5 times in a row | | --rate | used set the maximum in-flight requests per second | | --workers | number of workers to process the jobs | | --timeout | the delay between each request | | --concurrency | number of threads to be used for processing | | --wordlist | the wordlist used for directory bruteforcing | | --proxy | http proxy to use (eg http://127.0.0.1:8080) | | --header | The header to insert into each request | | --skip-brute | use to skip the directory brute forcing stage | | --skip-validation | this is used to bypass known protected endpoints using traversals | | --out | save output to a file | | --help | prints help information | | --version | prints version information | ## Examples Usage: ```rust $ pathbuster --urls crawls.txt --payloads traversals.txt --wordlist wordlist.txt -o output.txt ``` ![Screenshot](screenshots/screenshot.png) If you find any cool bugs, it would be nice if I have some sorta appreciation such as shouting me out on your Twitter, buying me a coffee or donating to my Paypal. [![BuyMeACoffee](https://img.shields.io/badge/Buy%20Me%20a%20Coffee-ffdd00?style=for-the-badge&logo=buy-me-a-coffee&logoColor=black)](https://www.buymeacoffee.com/SBhULWm) [![PayPal](https://img.shields.io/badge/PayPal-00457C?style=for-the-badge&logo=paypal&logoColor=white)](https://www.paypal.com/paypalme/cyberlixpty) I hope you enjoy ## Contributing Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change. Please make sure to update tests as appropriate. ## License Pathbuster is distributed under [MIT License](https://github.com/ethicalhackingplayground/pathbuster/blob/main/LICENSE)