Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/NetSPI/AutoDirbuster
Automatically run and save ffuf scans for multiple IPs
https://github.com/NetSPI/AutoDirbuster
Last synced: about 1 month ago
JSON representation
Automatically run and save ffuf scans for multiple IPs
- Host: GitHub
- URL: https://github.com/NetSPI/AutoDirbuster
- Owner: NetSPI
- License: other
- Created: 2020-08-25T12:45:01.000Z (about 4 years ago)
- Default Branch: master
- Last Pushed: 2024-03-19T19:34:33.000Z (6 months ago)
- Last Synced: 2024-04-14T05:29:13.900Z (5 months ago)
- Language: Python
- Homepage:
- Size: 13.1 MB
- Stars: 72
- Watchers: 7
- Forks: 20
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
```
___ __ ____ _ __ __
/ | __ __/ /_____ / __ \(_)____/ /_ __ _______/ /____ _____
/ /| |/ / / / __/ __ \/ / / / / ___/ __ \/ / / / ___/ __/ _ \/ ___/
/ ___ / /_/ / /_/ /_/ / /_/ / / / / /_/ / /_/ (__ ) /_/ __/ /
/_/ |_\__,_/\__/\____/_____/_/_/ /_.___/\__,_/____/\__/\___/_/
```### Automatically run and save ffuf scans for multiple IPs
## Contents
* [Quick Run](#quick-run)
* [FAQ](#faq)
* [Why?](#why)
* [What is the recommended usage?](#what-is-the-recommended-usage)
* [What data does this need?](#what-data-does-this-need)
* [How does this script work?](#how-does-this-script-work)
* [This program isn't working](#this-program-isnt-working)
* [Usage](#usage)## Quick Run
```
git clone https://github.com/NetSPI/AutoDirbuster.git
cd AutoDirbuster && pip3 install -r requirements.txt
python AutoDirbuster.py ip_port_list.txt -w my_wordlist.txt
```## FAQ
### Why?
Ffuf is a great directory buster but running it against multiple IPs and ports is a very manual process with a lot of downtime between scans. This script attempts to automate that process and eliminates downtime between scans.### What is the recommended usage?
**If attacking multiple targets:**
* Run Nmap and find open ports
* Review the Nmap results and create an IP:port list, one per line
* Run AutoDirbuster against the open ports
* AutoDirbuster will determine if the provided port is open and if the service is HTTP based* `python AutoDirbuster.py ip_port_list.txt -w my_wordlist.txt`
**If attacking a single target:**
* `python AutoDirbuster.py -u example.com:80 -w my_wordlist.txt`
**Useful options include:**
| Option | Purpose |
|-----------------|-------------------------------------------------------------------|
| --dns | Resolve IPs to hostnames |
| --extensions | File extensions to use when scanning |
| --rate | Rate of requests per second |
| --timeout | Set a timeout value for each host in minutes |
| --match-codes | Match provided HTTP status codes |
| --custom-option | Specify ffuf option that AutoDirbuster doesn't support by default |Specify the `--help` flag for a full list of options.
### What data does this need?
The program can take two data sources:
1. List of IP:port or hostname:port, one per line* `python AutoDirbuster.py ip_port_list.txt -w my_wordlist.txt`
2. Single target
* `python AutoDirbuster.py -u example.com:80 -w my_wordlist.txt`
### How does this script work?
* A list of targets is provided
* A TCP connect scan is done on the target port to test if it's open
* If the port open, HTTP and HTTPS requests are sent to determine if the service is HTTP-based and whether it requires TLS
* If the service is HTTP, a check is done to determine if a previous report file is in the same directory
* Report files follow the format: `ffuf-report-{proto}_{target}_{port}'`
* ffuf is run using Python's `subprocess.Popen()`
* The next IP:port goes through the same process (TCP connect, HTTP service query, dirbust)### This program isn't working
Ensure the following:
* Are all the dependencies listed in `requirements.txt` installed?
* Is `ffuf` installed and in your system path?
* Try running `ffuf -V`
* Installation instructions can be found on the [ffuf GitHub repository page](https://github.com/ffuf/ffuf)
* You may need to use Python 3.11+
* Version information can be obtained by running `python -V`## Usage
```
# python AutoDirbuster.py --help
usage:
___ __ ____ _ __ __
/ | __ __/ /_____ / __ \(_)____/ /_ __ _______/ /____ _____
/ /| |/ / / / __/ __ \/ / / / / ___/ __ \/ / / / ___/ __/ _ \/ ___/
/ ___ / /_/ / /_/ /_/ / /_/ / / / / /_/ / /_/ (__ ) /_/ __/ /
/_/ |_\__,_/\__/\____/_____/_/_/ /_.___/\__,_/____/\__/\___/_/AutoDirbuster.py [options] {target file}
Automatically run and save ffuf scans for multiple IPs
options:
-h, --help show this help message and exitAutoDirbuster options:
target Target file with IP:port, one per line
-u, --url Single target mode, positional argument is target in IP:port
format
-f, --force Force mode; don't check if report file exists, this will result in
previous reports being overwritten
--dns Automatically resolve IP address to hostname to use during dirbust
--debug Show debugging informationffuf options:
-w WORDLIST, --wordlist WORDLIST
Wordlist to use for list based brute force
-X METHOD, --method METHOD
HTTP method to use; default=GET
-e EXTENSIONS, --extensions EXTENSIONS
File extension list (e.g.: "asp,aspx"); default is None
-t THREADS, --threads THREADS
Override the default number of ffuf threads
--rate RATE Rate of requests per second
-to TIMEOUT, --timeout TIMEOUT
Set a timeout value for each host in minutes; default is None
-fr, --follow-redirects
Follow redirects; default is False
-r, --recursive Recursive mode; default is False
-s STARTPOINT, --startpoint STARTPOINT
Start point of the scan; default=/
-of OUTPUT_FORMAT, --output-format OUTPUT_FORMAT
Output format to write results to; default=csv
-mc MATCH_CODES, --match-codes MATCH_CODES
Match HTTP status codes;
default=200,204,301,302,307,401,403,405,500
-nac, --no-auto-calibrate
Do not automatically calibrate filtering options
-H HEADER, --header HEADER
HTTP header "Name: Value", separated by colon
--custom-option CUSTOM_OPTION [CUSTOM_OPTION ...]
Specify ffuf option that AutoDirbuster doesn't support by default.
Argument should be a key/value pair separated by a comma with no
leading '-', example: --custom-option=ml,1. If the provided
argument is a boolean, provide an empty value: --custom-option=sa,Examples:
python AutoDirbuster.py ip_port_list.txt -w my_wordlist.txt
python AutoDirbuster.py -st example.com:80 -w my_wordlist.txt -mc 200,500
python AutoDirbuster.py ip_port_list.txt -w my_wordlist.txt -r -e "php,html" --dns
```