Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/ethicalhackingplayground/pathbuster
A path-normalization pentesting tool.
https://github.com/ethicalhackingplayground/pathbuster
bug-bounty path-normalization rust url-filter-bypass
Last synced: 18 days ago
JSON representation
A path-normalization pentesting tool.
- Host: GitHub
- URL: https://github.com/ethicalhackingplayground/pathbuster
- Owner: ethicalhackingplayground
- License: mit
- Created: 2023-03-01T05:06:18.000Z (almost 2 years ago)
- Default Branch: main
- Last Pushed: 2023-09-25T14:24:02.000Z (about 1 year ago)
- Last Synced: 2024-11-17T21:12:01.169Z (25 days ago)
- Topics: bug-bounty, path-normalization, rust, url-filter-bypass
- Language: Rust
- Homepage:
- Size: 6.76 MB
- Stars: 115
- Watchers: 1
- Forks: 11
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- awesome-hacking-lists - ethicalhackingplayground/pathbuster - A path-normalization pentesting tool. (Rust)
README
pathbuster
A path-normalization pentesting tool
---
Whats New •
Bug Fixes •
Installation •
Usage •
Examples •
Contributing •
License •
Join Discord
---
## What's New?
- [x] Removed redundant **--filter-status** which filtered the status codes but also missed a ton of valid findings.
- [x] Removed redundant **--filter-body-size** which filtered the response sizes but also missed a ton of valid findings.
- [x] Implemented **--drop-after-fail** which will ignore requests with the same response code multiple times in a row.
- [x] Added in a **--proxy** argument, so you can now perform proxy-related tasks such as sending everything to burp.
- [x] Pathbuster will now give you an eta on when the tool will finish processing all jobs.
- [x] Added in a **--skip-brute** argument, so you have the choice to perform a directory brute force or not.
- [x] Replaced **--match-status** with **--pub-status** and **--int-status** so we have more control over the detection stage.
- [x] Added in a **--skip-validation** argument which is used to bypass known protected endpoints using traversals.
- [x] Added in a **--header** argument which is used to add in additonal headers into each request.
---
## Bug fixes?
- [x] Fixed a bug with the ETA, it would not produce the correct results.
- [x] Fixed a bug with the **--proxy** argument as well as some other small bugs.
- [x] Fixed a ton of performance issues and included directory bruteforcing at the end.
- [x] Massive performance and accuracy increases using itertools instead of double for loops reducing O(n^2) time complexity.
---
## Installation
Install rust
```bash
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
```
Install pathbuster
```bash
cargo install pathbuster
```
## Usage
```bash
pathbuster -h
```
This command will show the tool's help information and present a list of all the switches that are available.
```
USAGE:
pathbuster [OPTIONS] --urls --payloads --wordlist
OPTIONS:
-u, --urls
the url you would like to test
-r, --rate
Maximum in-flight requests per second
[default: 1000]
--skip-brute
skip the directory bruteforcing stage
--drop-after-fail
ignore requests with the same response code multiple times in a row
[default: 302,301]
--int-status
the internal web root status
[default: 404,500]
--pub-status
the public web root status
[default: 400]
-p, --proxy
http proxy to use (eg http://127.0.0.1:8080)
-s, --skip-validation
this is used to bypass known protected endpoints using traversals
-c, --concurrency
The amount of concurrent requests
[default: 1000]
--timeout
The delay between each request
[default: 10]
--header
The header to insert into each request
[default: ]
-w, --workers
The amount of workers
[default: 10]
--payloads
the file containing the traversal payloads
[default: ./payloads/traversals.txt]
--wordlist
the file containing the wordlist used for directory bruteforcing
[default: ./wordlists/wordlist.txt]
-o, --out
The output file
-h, --help
Print help information
-V, --version
Print version information
```
## Flags
| Flag | Description |
| ----------------- | ------------------------------------------------------------------ |
| --urls | the file containing the urls to test make sure it contains a path
| --payloads | file containing the payloads to test |
| --int-status | used to match the status codes for identifying the internal web root |
| --pub-status | used to match the status codes for identifying broken path normalization |
| --drop-after-fail | specify a status code to ignore if it reoccurs more than 5 times in a row |
| --rate | used set the maximum in-flight requests per second |
| --workers | number of workers to process the jobs |
| --timeout | the delay between each request |
| --concurrency | number of threads to be used for processing |
| --wordlist | the wordlist used for directory bruteforcing |
| --proxy | http proxy to use (eg http://127.0.0.1:8080) |
| --header | The header to insert into each request |
| --skip-brute | use to skip the directory brute forcing stage |
| --skip-validation | this is used to bypass known protected endpoints using traversals |
| --out | save output to a file |
| --help | prints help information |
| --version | prints version information |
## Examples
Usage:
```rust
$ pathbuster --urls crawls.txt --payloads traversals.txt --wordlist wordlist.txt -o output.txt
```
If you find any cool bugs, it would be nice if I have some sorta appreciation such as shouting me out on your Twitter, buying me a coffee or donating to my Paypal.
[](https://www.buymeacoffee.com/SBhULWm) [](https://www.paypal.com/paypalme/cyberlixpty)
I hope you enjoy
## Contributing
Pull requests are welcome. For major changes, please open an issue first
to discuss what you would like to change.
Please make sure to update tests as appropriate.
## License
Pathbuster is distributed under [MIT License](https://github.com/ethicalhackingplayground/pathbuster/blob/main/LICENSE)