{"id":31274162,"url":"https://github.com/aniruddhha/dirust","last_synced_at":"2025-09-23T22:39:36.771Z","repository":{"id":309534478,"uuid":"1036556213","full_name":"aniruddhha/dirust","owner":"aniruddhha","description":"🦀 Rust-powered directory buster for hacking \u0026 pentesting: ⚡️ fast async scans, 🔁 extension combos, 🎯 precise status/redirect reporting. 🌐 Cross-platform \u0026 dev-friendly.","archived":false,"fork":false,"pushed_at":"2025-08-12T11:16:52.000Z","size":26,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"master","last_synced_at":"2025-08-12T13:28:57.367Z","etag":null,"topics":["dirb","dirbrute","dirbuster","dirbuster-download","ethical-hacking","ethical-hacking-tools","ethicalhacking","hacking","hacking-tool","penetration-testing","pentest","pentest-tool","pentesting","rust","rust-lang"],"latest_commit_sha":null,"homepage":"","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/aniruddhha.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-08-12T08:47:19.000Z","updated_at":"2025-08-12T11:16:56.000Z","dependencies_parsed_at":"2025-08-12T13:28:59.488Z","dependency_job_id":"69c60eef-88d5-43ec-b3ba-0b0a024eaae2","html_url":"https://github.com/aniruddhha/dirust","commit_stats":null,"previous_names":["aniruddhha/dirust"],"tags_count":null,"template":false,"template_full_name":null,"purl":"pkg:github/aniruddhha/dirust","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aniruddhha%2Fdirust","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aniruddhha%2Fdirust/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aniruddhha%2Fdirust/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aniruddhha%2Fdirust/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/aniruddhha","download_url":"https://codeload.github.com/aniruddhha/dirust/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aniruddhha%2Fdirust/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":276662398,"owners_count":25682029,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-23T02:00:09.130Z","response_time":73,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["dirb","dirbrute","dirbuster","dirbuster-download","ethical-hacking","ethical-hacking-tools","ethicalhacking","hacking","hacking-tool","penetration-testing","pentest","pentest-tool","pentesting","rust","rust-lang"],"created_at":"2025-09-23T22:39:33.890Z","updated_at":"2025-09-23T22:39:36.765Z","avatar_url":"https://github.com/aniruddhha.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Dirust — Fast, Async Directory Brute-Forcer in Rust\n\n**Dirust** is a high-performance web content discovery tool (a.k.a. “directory buster”) written in Rust. It targets hidden files and directories by probing endpoints from a wordlist with optional extensions, using efficient async I/O and clean, explicit code.\n\n**Use cases:** web directory brute forcing, content discovery, red team/pentest recon, CI-friendly site checks, and rapid HTTP enumeration.\n\n---\n\n## Highlights\n\n- **Async \u0026 fast** — Tokio runtime + Reqwest client; bounded concurrency for stable throughput.\n- **HEAD with safe fallback** — Tries `HEAD` first for speed, falls back to `GET` on `405`.\n- **Extensions fan-out** — `--exts php,html,txt` turns `admin` into `admin.php`, `admin.html`, `admin.txt`, etc.\n- **Actionable output** — Prints status code, content length (if available), and redirect `Location` targets.\n- **Cross-platform** — Linux (incl. Kali), macOS, Windows, and Raspberry Pi (aarch64/armv7).\n- **No root needed** — Pure user-space HTTP(S).\n- **Readable codebase** — Clear modules, explicit error handling (no `anyhow`), easy to extend.\n\n---\n\n## Quick Start\n\n```bash\n# 1) Build\ncargo build --release\n\n# 2) Run against a target\n./target/release/dirust https://example.com/ -w /path/to/wordlist.txt\n\n# Add extensions and increase concurrency\n./target/release/dirust https://example.com/app/ -w words.txt --exts php,html,txt -c 100\n\n# Force GET (some servers block or alter HEAD)\n./target/release/dirust https://example.com/ -w words.txt --get\n\n# Set a custom timeout (seconds)\n./target/release/dirust https://example.com/ -w words.txt --timeout 20\n```\n\nShow help any time:\n\n```bash\n./target/release/dirust --help\n```\n\n---\n\n## Local Demo (localhost)\n\nSpin up a tiny site locally and point Dirust at it:\n\n```bash\n# Create a few files\nmkdir -p /tmp/dirust-site/{admin,secret,api}\nprintf \"admin home\"  \u003e /tmp/dirust-site/admin/index.html\nprintf \"top secret\"  \u003e /tmp/dirust-site/secret/flag.txt\nprintf \"ok\"          \u003e /tmp/dirust-site/api/status\nprintf \"read me\"     \u003e /tmp/dirust-site/readme.txt\n\n# Start a simple HTTP server (port 8000)\npython3 -m http.server 8000 --directory /tmp/dirust-site\n\n# Minimal wordlist\ncat \u003e /tmp/words.txt \u003c\u003c'EOF'\nadmin\nadmin/\nsecret\nsecret/\napi\napi/\nstatus\nreadme\nreadme.txt\nflag.txt\nEOF\n\n# Run Dirust\n./target/release/dirust http://127.0.0.1:8000/ -w /tmp/words.txt --exts html,txt -c 50\n```\n\n---\n\n## Features in Detail\n\n- **Directory \u0026 file discovery:** Reads a wordlist and probes each path relative to the base URL.\n- **Extensions expansion:** Applies a comma-separated list of extensions to each word (normalized to `.ext`).\n- **Concurrency control:** A semaphore ensures at most `--concurrency N` requests are in flight.\n- **Robust HTTP logic:**\n  - **Method:** `HEAD` by default; automatic GET retry on `405 Method Not Allowed`, or always `GET` with `--get`.\n  - **Redirect awareness:** Prints `→ Location` when present (e.g., `301/302`).\n  - **Interesting status filter:** Prints common “exists/protected” signals (`200/301/302/401/403`).\n- **Clear output format:**\n  ```\n  [\u003cunix_ts\u003e] \u003cstatus\u003e len=\u003ccontent_length_or_-\u003e_\u003e  \u003curl\u003e [-\u003e \u003clocation_if_any\u003e]\n  ```\n\n---\n\n## Installation\n\n**Requirements:** recent Rust toolchain (`rustup update` recommended).\n\n```bash\ngit clone \u003cyour-repo-url\u003e dirust\ncd dirust\ncargo build --release\n```\n\nBinary output:\n- Linux/macOS: `./target/release/dirust`\n- Windows: `.\target\nelease\\dirust.exe`\n\nRaspberry Pi:\n- Build on the Pi directly (recommended), or cross-compile using the appropriate target (`aarch64-unknown-linux-gnu` or `armv7-unknown-linux-gnueabihf`) and system linker.\n\n---\n\n## CLI Summary\n\n```\nUsage: dirust [OPTIONS] \u003cBASE\u003e\n\nArguments:\n  \u003cBASE\u003e  Base URL (e.g., https://example.com/ or https://example.com/app/)\n\nOptions:\n  -w, --wordlist \u003cWORDLIST\u003e         Path to wordlist file (required)\n  -c, --concurrency \u003cN\u003e             Requests in flight [default: 50]\n      --get                         Use GET instead of HEAD\n      --timeout \u003cSECS\u003e              Per-request timeout [default: 10]\n      --exts \u003cE1,E2,...\u003e            Extra extensions (e.g., php,html,txt)\n  -h, --help                        Print help\n  -V, --version                     Print version\n```\n\n---\n\n## Architecture\n\nThe project is organized into small, focused modules for clarity and maintainability:\n\n```\nsrc/\n  main.rs         # entry point: parse args, build client, run scan\n  args.rs         # clap-based CLI definition and helpers\n  error.rs        # explicit DirustError enum and conversions\n  url.rs          # base URL validation/normalization\n  scanner/\n    mod.rs        # orchestration: concurrency, task spawning, printing\n    wordlist.rs   # file I/O: load and filter wordlist\n    targets.rs    # build full URLs from base + words + extensions\n    http.rs       # single-request probe; summarize status/headers\n    util.rs       # timestamp and status filter helpers\n```\n\nDesign choices:\n- **Explicit error handling:** `DirustError` (no `anyhow`), clear `Result` returns, and full `match` statements for readability.\n- **No auto-redirect:** we want to **see** redirect responses and their `Location` targets.\n- **Stable concurrency:** acquire semaphore permits **before** spawning tasks to hard-cap active work.\n- **Separation of concerns:** wordlist reading, target generation, HTTP probe, and printing are isolated modules.\n\n---\n\n## Performance Tips\n\n- Tune `--concurrency` based on network conditions and target behavior. Watch for server rate-limits and adjust.\n- `HEAD` is usually faster; if a server misbehaves on HEAD, use `--get`.\n- Increase `--timeout` when probing slow or distant hosts; decrease it for aggressive scans on fast LANs.\n- Reuse a single process and a single HTTP client (Dirust does this by design) to benefit from connection pooling.\n\n---\n\n## Roadmap\n\nPlanned enhancements (kept intentionally focused and practical):\n\n- `--delay-ms` and retries with jitter (gentler on fragile hosts)\n- `--output \u003cfile\u003e` (text/JSON) and consistent structured logs\n- `--proxy`, `--header`, `--user-agent`, `--cookie`\n- Smart 404 detection (baseline + size tolerance) as an optional module\n- Depth-limited recursion (`--max-depth`) for directory trees\n- VHost mode (brute Host header) as a sibling tool\n\n---\n\n## Compatibility\n\n- **OS:** Linux (incl. Kali), macOS, Windows, Raspberry Pi\n- **Network:** HTTP/HTTPS, no root privileges required\n- **TLS:** Uses rustls; for custom corporate CAs, consider building with native roots (`rustls-tls-native-roots` feature in Reqwest)\n\n---\n\n## Security \u0026 Legal\n\nOnly scan systems you **own** or have explicit permission to test. Unauthorized scanning can be illegal and unethical. Use Dirust responsibly and comply with local laws and the target’s terms of service.\n\n---\n\n## Contributing\n\nContributions are welcome. Please keep changes:\n- Explicit and easy to read (prefer full `match` over terse shortcuts)\n- Modular (one concern per file/module)\n- Well-explained in commit messages\n\nOpen a PR with a clear description and example commands. Bug reports with repro steps are great.\n\n---\n\n## License\n\nMIT License — [See LICENSE](./LICENCE.md)\n\n---\n\n## Keywords\n\n`web discovery`, `directory brute force`, `dirb alternative`, `gobuster alternative`, `pentest`, `red team`, `content discovery`, `http enumeration`, `rust`, `async`, `tokio`, `reqwest`\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faniruddhha%2Fdirust","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Faniruddhha%2Fdirust","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faniruddhha%2Fdirust/lists"}