A path-normalization pentesting tool.

Related tags

Command-line rust bug-bounty path-normalization url-filter-bypass
Overview

pathbuster

A path-normalization pentesting tool


TodosInstallationUsageExamplesContributingLicenseJoin Discord

Todos

  • Implement --filter-status which will filter the status codes.
  • Implement --filter-body-size which will filter the response sizes.
  • Implement --drop-after-fail which will ignore requests with the same response code multiple times in a row.
  • Fixed a ton performance issues and included directory bruteforcing at the end.

Installation

Install rust

curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh

Install pathbuster

cargo install pathbuster

Usage

pathbuster -h

This command will show the tool's help information and present a list of all the switches that are available.

USAGE:
    pathbuster [OPTIONS] --urls <urls> --payloads <payloads> --wordlist <wordlist>

OPTIONS:
    -c, --concurrency <concurrency>
            The amount of concurrent requests [default: 1000]

        --drop-after-fail <drop-after-fail>
            ignore requests with the same response code multiple times in a row [default: 302,301]

    -h, --help
            Print help information

        --match-status <match-status>
            [default: 400]

    -o, --out <out>
            The output file

        --payloads <payloads>
            the file containing the traversal payloads [default: ./payloads/traversals.txt]

    -r, --rate <rate>
            Maximum in-flight requests per second [default: 1000]

        --timeout <timeout>
            The delay between each request [default: 10]

    -u, --urls <urls>
            the url you would like to test

    -V, --version
            Print version information

    -w, --workers <workers>
            The amount of workers [default: 1]

        --wordlist <wordlist>
            the file containing the wordlist used for directory bruteforcing [default:
            ./wordlists/wordlist.txt]

Flags

Flag Description
--urls the file containing the urls to test make sure it contains a path
--payloads file containing the payloads to test
--match-status status code used to match internal responses
--drop-after-fail specify a status code to ignore if it reoccurs more than 5 times in a row
--rate used set the maximum in-flight requests per second
--workers number of workers to process the jobs
--timeout the delay between each request
--concurrency number of threads to be used for processing
--wordlist the wordlist used for directory bruteforcing
--out save output to a file
--help prints help information
--version prints version information

Examples

Usage:

$ pathbuster --urls crawls.txt --payloads traversals.txt --wordlist wordlist.txt -o output.txt

asciicast

Contributing

Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.

Please make sure to update tests as appropriate.

License

Pathbuster is distributed under MIT License

You might also like...
qsv - Performant CLI tool to query CSVs through SQL

qsv Performant CLI tool to query CSVs through SQL Installation After cloning the repository, you can install a binary locally using cargo install --pa

Dermot Haughey 3 Oct 28, 2021
dua (- Disk Usage Analyzer) is a tool to conveniently learn about the usage of disk space of a given directory

dua (- Disk Usage Analyzer) is a tool to conveniently learn about the usage of disk space of a given directory. It's parallel by default and will max

Sebastian Thiel 1.8k Jan 2, 2023
rip is a command-line deletion tool focused on safety, ergonomics, and performance

rip (Rm ImProved) rip is a command-line deletion tool focused on safety, ergonomics, and performance. It favors a simple interface, and does not imple

Kevin Liu 776 Jan 1, 2023
A command-line benchmarking tool
A command-line benchmarking tool

hyperfine 中文 A command-line benchmarking tool. Demo: Benchmarking fd and find: Features Statistical analysis across multiple runs. Support for arbitra

David Peter 14.1k Jan 4, 2023
An interactive cheatsheet tool for the command-line
An interactive cheatsheet tool for the command-line

navi An interactive cheatsheet tool for the command-line. navi allows you to browse through cheatsheets (that you may write yourself or download from

Denis Isidoro 12.2k Dec 30, 2022
fastmod is a fast partial replacement for the codemod tool

fastmod is a fast partial replacement for codemod. Like codemod, it is a tool to assist you with large-scale codebase refactors, and it supports most of codemod's options.

Facebook Incubator 1.4k Dec 29, 2022
😎 A CLI tool for fetching data and displaying it nicely

😎 A CLI tool for fetching data and displaying it nicely. (The neofetch for remote data fetching)

Milo 6 Aug 24, 2022
kwctl is the go-to CLI tool for Kubewarden users.

kwctl kwctl is the go-to CLI tool for Kubewarden users. Think of it as the docker CLI tool if you were working with containers. How does kwctl help me

Kubewarden 45 Dec 21, 2022
A Rust CLI tool that helps you enforce Git policies through Git hooks both server and client side

GitPolicyEnforcer This is a command line utility written in Rust, that helps you utilize Git hooks, to enforce various policies. It currently supports

Vagelis Prokopiou 4 Aug 14, 2022
Releases(v0.3.9)

  • v0.3.9(Mar 27, 2023)

    What's Changed

    • Added back in the --wordlist flag with more efficient directory bruteforcing.
    • Improved CLI view.
    • Saves results into 2 files, one containing the traversals and the other with the internal route discovered.
    • Massive performance fixes and directory brute force is at the end.

    Note: you may need to use change the ulimit using the command

    ulimit -n  -n 70000

    asciicast

    Full Changelog: https://github.com/ethicalhackingplayground/pathbuster/compare/v0.3.8...v0.3.9

    Source code(tar.gz)
    Source code(zip)
    pathbuster(10.84 MB)
    pathbuster.exe(5.35 MB)

  • v0.3.4(Mar 25, 2023)

  • v0.2.9(Mar 25, 2023)

Owner
zoidsec
I'm an ethical hacker researcher and love to help people learn about computer security.
zoidsec
GitHub
A command-line tool aiming to upload the local image used in your markdown file to the GitHub repo and replace the local file path with the returned URL.

Pup A command line tool aiming to upload the local image used in your markdown file to the GitHub repo and replace the local file path with the return

SteveLau 11 Aug 17, 2022
Add path effects to open glyphs in a UFO file

ufostroker Add path effects to open contours in a UFO file Given a glyph with open contours: You can apply a noodle effect: ufostroker -i Open.ufo -o

Simon Cozens 5 Jun 28, 2021
A small unix and windows lib to search for executables in PATH folders.

A small unix and windows lib to search for executables in path folders.

Robiot 2 Dec 25, 2021
Jump Point Search Implementation for Path Finding, in Rust

jps : Jump Point Search in Rust. Jump Point Search Algorithm Implementation in Rust. Current implementation status JPS Implementation 3D case ✅ Lifeti

null 3 Dec 15, 2022
Generate commands that add node_modules/.bin to PATH

npx-bin-helper Generate commands that add node_modules/.bin to PATH. Supports Linux, MacOS and Windows. Installation cargo install npx-bin-helper Usag

Yumeoto Zorin 2 Nov 11, 2022
lace up GFA files using panSN path name sub-ranges to coordinate the lacing

gfalace gfalace is a Rust-based tool designed to process a collection of GFA (Graphical Fragment Assembly) files. It aims to interpret the path names

null 3 Mar 14, 2024
A command line tool written in Rust and designed to be a modern build tool + package manager for C/C++ projects.

CCake CCake is a command line tool written in Rust and designed to be a modern build tool + package manager for C/C++ projects. Goals To be easily und

Boston Vanseghi 4 Oct 24, 2022
CLI Tool for tagging and organizing files by tags.

wutag ?? ??️ CLI tool for tagging and organizing files by tags. Install If you use arch Linux and have AUR repositories set up you can use your favour

Wojciech Kępka 32 Dec 6, 2022
CLI tool to bake your fresh and hot MD files

At least once in your Rust dev lifetime you wanted to make sure all code examples in your markdown files are up-to-date, correct and code is formated, but you couldn't make that done with already existing tools - fear not!

Patryk Budzyński 39 May 8, 2021
A CLI tool that allow you to create a temporary new rust project using cargo with already installed dependencies

cargo-temp A CLI tool that allow you to create a new rust project in a temporary directory with already installed dependencies. Install Requires Rust

Yohan Boogaert 61 Oct 31, 2022