{"id":13438428,"url":"https://github.com/phra/rustbuster","last_synced_at":"2025-04-05T02:11:27.274Z","repository":{"id":40618471,"uuid":"184758554","full_name":"phra/rustbuster","owner":"phra","description":"A Comprehensive Web Fuzzer and Content Discovery Tool","archived":false,"fork":false,"pushed_at":"2023-07-21T00:15:15.000Z","size":412,"stargazers_count":539,"open_issues_count":16,"forks_count":61,"subscribers_count":13,"default_branch":"master","last_synced_at":"2025-03-28T16:54:39.195Z","etag":null,"topics":["bug-bounty","hacktoberfest","pentesting","reconnaissance","security","security-tools"],"latest_commit_sha":null,"homepage":"https://iwantmore.pizza","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/phra.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-05-03T13:18:54.000Z","updated_at":"2025-03-09T11:43:34.000Z","dependencies_parsed_at":"2024-10-25T22:41:38.962Z","dependency_job_id":null,"html_url":"https://github.com/phra/rustbuster","commit_stats":{"total_commits":279,"total_committers":4,"mean_commits":69.75,"dds":0.07168458781362008,"last_synced_commit":"4a243d4a5b943c88adcc1b2e55201234cb456900"},"previous_names":[],"tags_count":12,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phra%2Frustbuster","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phra%2Frustbuster/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phra%2Frustbuster/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phra%2Frustbuster/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/phra","download_url":"https://codeload.github.com/phra/rustbuster/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247276189,"owners_count":20912288,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bug-bounty","hacktoberfest","pentesting","reconnaissance","security","security-tools"],"created_at":"2024-07-31T03:01:05.463Z","updated_at":"2025-04-05T02:11:27.254Z","avatar_url":"https://github.com/phra.png","language":"Rust","readme":"# rustbuster [![CircleCI](https://circleci.com/gh/phra/rustbuster.svg?style=svg)](https://circleci.com/gh/phra/rustbuster)\n\nA Comprehensive Web Fuzzer and Content Discovery Tool\n\n[![asciicast](https://asciinema.org/a/ymyCFj4NBRukQIEcjjzK9JYEU.svg)](https://asciinema.org/a/ymyCFj4NBRukQIEcjjzK9JYEU)\n\n## Introduction\n\nCheck the blog post: [Introducing Rustbuster — A Comprehensive Web Fuzzer and Content Discovery Tool](https://iwantmore.pizza/posts/rustbuster)\n\n## Download\n\nYou can download prebuilt binaries from [here](https://github.com/phra/rustbuster/releases).\n\n## Installation\n\n```bash\ninstall_rustbuster() {\n echo \"Installing latest version of Rustbuster\"\n latest_version=`curl -s https://github.com/phra/rustbuster/releases | grep \"rustbuster-v\" | head -n1 | cut -d'/' -f6`\n echo \"Latest release: $latest_version\"\n mkdir -p /opt/rustbuster\n wget -qP /opt/rustbuster https://github.com/phra/rustbuster/releases/download/$latest_version/rustbuster-$latest_version-x86_64-unknown-linux-gnu\n ln -fs /opt/rustbuster/rustbuster-$latest_version-x86_64-unknown-linux-gnu /opt/rustbuster/rustbuster\n chmod +x /opt/rustbuster/rustbuster\n echo \"Done! Try running\"\n echo \"/opt/rustbuster/rustbuster -h\"\n}\n\ninstall_rustbuster\n```\n\n## Usage\n\n```text\nrustbuster 2.1.0\nDirBuster for rust\n\nUSAGE:\n rustbuster [SUBCOMMAND]\n\nFLAGS:\n -h, --help Prints help information\n -V, --version Prints version information\n\nSUBCOMMANDS:\n dir Directories and files enumeration mode\n dns A/AAAA entries enumeration mode\n fuzz Custom fuzzing enumeration mode\n help Prints this message or the help of the given subcommand(s)\n vhost Virtual hosts enumeration mode\n tilde IIS 8.3 shortname enumeration mode\n\nEXAMPLES:\n 1. Dir mode:\n rustbuster dir -u http://localhost:3000/ -w examples/wordlist -e php\n 2. Dns mode:\n rustbuster dns -d google.com -w examples/wordlist\n 3. Vhost mode:\n rustbuster vhost -u http://localhost:3000/ -w examples/wordlist -d test.local -x \"Hello\"\n 4. Fuzz mode:\n rustbuster fuzz -u http://localhost:3000/login \\\n -X POST \\\n -H \"Content-Type: application/json\" \\\n -b '{\"user\":\"FUZZ\",\"password\":\"FUZZ\",\"csrf\":\"CSRFCSRF\"}' \\\n -w examples/wordlist \\\n -w /usr/share/seclists/Passwords/Common-Credentials/10-million-password-list-top-10000.txt \\\n -s 200 \\\n --csrf-url \"http://localhost:3000/csrf\" \\\n --csrf-regex '\\{\"csrf\":\"(\\w+)\"\\}'\n 5. Tilde mode:\n rustbuster tilde -u http://localhost:3000/ -e aspx -X OPTIONS\n```\n\n### `dir` usage\n\n```text\nrustbuster-dir\nDirectories and files enumeration mode\n\nUSAGE:\n rustbuster dir [FLAGS] [OPTIONS] --url \u003curl\u003e --wordlist \u003cwordlist\u003e...\n\nFLAGS:\n -f, --append-slash Tries to also append / to the base request\n -K, --exit-on-error Exits on connection errors\n -h, --help Prints help information\n -k, --ignore-certificate Disables TLS certificate validation\n --no-banner Skips initial banner\n --no-progress-bar Disables the progress bar\n -V, --version Prints version information\n -v, --verbose Sets the level of verbosity\n\nOPTIONS:\n -e, --extensions \u003cextensions\u003e Sets the extensions [default: ]\n -b, --http-body \u003chttp-body\u003e Uses the specified HTTP method [default: ]\n -H, --http-header \u003chttp-header\u003e... Appends the specified HTTP header\n -X, --http-method \u003chttp-method\u003e Uses the specified HTTP method [default: GET]\n -S, --ignore-status-codes \u003cignore-status-codes\u003e Sets the list of status codes to ignore [default: 404]\n -s, --include-status-codes \u003cinclude-status-codes\u003e Sets the list of status codes to include [default: ]\n -o, --output \u003coutput\u003e Saves the results in the specified file [default: ]\n -t, --threads \u003cthreads\u003e Sets the amount of concurrent requests [default: 10]\n -u, --url \u003curl\u003e Sets the target URL\n -a, --user-agent \u003cuser-agent\u003e Uses the specified User-Agent [default: rustbuster]\n -w, --wordlist \u003cwordlist\u003e... Sets the wordlist\n\nEXAMPLE:\n rustbuster dir -u http://localhost:3000/ -w examples/wordlist -e php\n```\n\n### `dns` usage\n\n```text\nrustbuster-dns\nA/AAAA entries enumeration mode\n\nUSAGE:\n rustbuster dns [FLAGS] [OPTIONS] --domain \u003cdomain\u003e --wordlist \u003cwordlist\u003e...\n\nFLAGS:\n -K, --exit-on-error Exits on connection errors\n -h, --help Prints help information\n --no-banner Skips initial banner\n --no-progress-bar Disables the progress bar\n -V, --version Prints version information\n -v, --verbose Sets the level of verbosity\n\nOPTIONS:\n -d, --domain \u003cdomain\u003e Uses the specified domain\n -o, --output \u003coutput\u003e Saves the results in the specified file [default: ]\n -t, --threads \u003cthreads\u003e Sets the amount of concurrent requests [default: 10]\n -w, --wordlist \u003cwordlist\u003e... Sets the wordlist\n\nEXAMPLE:\n rustbuster dns -d google.com -w examples/wordlist\n```\n\n### `vhost` usage\n\n```text\nrustbuster-vhost \nVirtual hosts enumeration mode\n\nUSAGE:\n rustbuster vhost [FLAGS] [OPTIONS] --domain \u003cdomain\u003e --ignore-string \u003cignore-string\u003e... --url \u003curl\u003e --wordlist \u003cwordlist\u003e...\n\nFLAGS:\n -K, --exit-on-error Exits on connection errors\n -h, --help Prints help information\n -k, --ignore-certificate Disables TLS certificate validation\n --no-banner Skips initial banner\n --no-progress-bar Disables the progress bar\n -V, --version Prints version information\n -v, --verbose Sets the level of verbosity\n\nOPTIONS:\n -d, --domain \u003cdomain\u003e Uses the specified domain to bruteforce\n -b, --http-body \u003chttp-body\u003e Uses the specified HTTP body [default: ]\n -H, --http-header \u003chttp-header\u003e... Appends the specified HTTP header\n -X, --http-method \u003chttp-method\u003e Uses the specified HTTP method [default: GET]\n -S, --ignore-status-codes \u003cignore-status-codes\u003e Sets the list of status codes to ignore [default: 404]\n -x, --ignore-string \u003cignore-string\u003e... Ignores results with specified string in the HTTP body\n -s, --include-status-codes \u003cinclude-status-codes\u003e Sets the list of status codes to include [default: ]\n -o, --output \u003coutput\u003e Saves the results in the specified file [default: ]\n -t, --threads \u003cthreads\u003e Sets the amount of concurrent requests [default: 10]\n -u, --url \u003curl\u003e Sets the target URL\n -a, --user-agent \u003cuser-agent\u003e Uses the specified User-Agent [default: rustbuster]\n -w, --wordlist \u003cwordlist\u003e... Sets the wordlist\n\nEXAMPLE:\n rustbuster vhost -u http://localhost:3000/ -w examples/wordlist -d test.local -x \"Hello\"\n```\n\n### `fuzz` usage\n\n```text\nrustbuster-fuzz\nCustom fuzzing enumeration mode\n\nUSAGE:\n rustbuster fuzz [FLAGS] [OPTIONS] --url \u003curl\u003e --wordlist \u003cwordlist\u003e...\n\nFLAGS:\n -K, --exit-on-error Exits on connection errors\n -h, --help Prints help information\n -k, --ignore-certificate Disables TLS certificate validation\n --no-banner Skips initial banner\n --no-progress-bar Disables the progress bar\n -V, --version Prints version information\n -v, --verbose Sets the level of verbosity\n\nOPTIONS:\n --csrf-header \u003ccsrf-header\u003e... Adds the specified headers to CSRF GET request\n --csrf-regex \u003ccsrf-regex\u003e Grabs the CSRF token applying the specified RegEx\n --csrf-url \u003ccsrf-url\u003e Grabs the CSRF token via GET to csrf-url\n -b, --http-body \u003chttp-body\u003e Uses the specified HTTP method [default: ]\n -H, --http-header \u003chttp-header\u003e... Appends the specified HTTP header\n -X, --http-method \u003chttp-method\u003e Uses the specified HTTP method [default: GET]\n -S, --ignore-status-codes \u003cignore-status-codes\u003e Sets the list of status codes to ignore [default: 404]\n -x, --ignore-string \u003cignore-string\u003e... Ignores results with specified string in the HTTP Body\n -s, --include-status-codes \u003cinclude-status-codes\u003e Sets the list of status codes to include [default: ]\n -i, --include-string \u003cinclude-string\u003e... Includes results with specified string in the HTTP body\n -o, --output \u003coutput\u003e Saves the results in the specified file [default: ]\n -t, --threads \u003cthreads\u003e Sets the amount of concurrent requests [default: 10]\n -u, --url \u003curl\u003e Sets the target URL\n -a, --user-agent \u003cuser-agent\u003e Uses the specified User-Agent [default: rustbuster]\n -w, --wordlist \u003cwordlist\u003e... Sets the wordlist\n\nEXAMPLE:\n rustbuster fuzz -u http://localhost:3000/login \\\n -X POST \\\n -H \"Content-Type: application/json\" \\\n -b '{\"user\":\"FUZZ\",\"password\":\"FUZZ\",\"csrf\":\"CSRFCSRF\"}' \\\n -w examples/wordlist \\\n -w /usr/share/seclists/Passwords/Common-Credentials/10-million-password-list-top-10000.txt \\\n -s 200 \\\n --csrf-url \"http://localhost:3000/csrf\" \\\n --csrf-regex '\\{\"csrf\":\"(\\w+)\"\\}'\n```\n\n### `tilde` usage\n\n```text\nrustbuster-tilde\nIIS 8.3 shortname enumeration mode\n\nUSAGE:\n rustbuster tilde [FLAGS] [OPTIONS] --url \u003curl\u003e\n\nFLAGS:\n -K, --exit-on-error Exits on connection errors\n -h, --help Prints help information\n -k, --ignore-certificate Disables TLS certificate validation\n --no-banner Skips initial banner\n --no-progress-bar Disables the progress bar\n -V, --version Prints version information\n -v, --verbose Sets the level of verbosity\n\nOPTIONS:\n -e, --extension \u003cextension\u003e Sets the redirect extension\n -b, --http-body \u003chttp-body\u003e Uses the specified HTTP body [default: ]\n -H, --http-header \u003chttp-header\u003e... Appends the specified HTTP header\n -X, --http-method \u003chttp-method\u003e Uses the specified HTTP method [default: GET]\n -S, --ignore-status-codes \u003cignore-status-codes\u003e Sets the list of status codes to ignore [default: 404]\n -s, --include-status-codes \u003cinclude-status-codes\u003e Sets the list of status codes to include [default: ]\n -o, --output \u003coutput\u003e Saves the results in the specified file [default: ]\n -t, --threads \u003cthreads\u003e Sets the amount of concurrent requests [default: 10]\n -u, --url \u003curl\u003e Sets the target URL\n -a, --user-agent \u003cuser-agent\u003e Uses the specified User-Agent [default: rustbuster]\n\nEXAMPLE:\n rustbuster tilde -u http://localhost:3000/ -e aspx -X OPTIONS\n```\n","funding_links":[],"categories":["Asset Discovery","Applications","Web and Cloud Security","Rust","[↑](#contents)Content Discovery","Rust (42)","应用程序 Applications","Web"],"sub_categories":["Content Discovery","Security tools","Pentesting","安全工具 Security tools"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fphra%2Frustbuster","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fphra%2Frustbuster","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fphra%2Frustbuster/lists"}