Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/noptrix/lulzbuster

A very fast and smart web directory and file enumeration tool written in C.
https://github.com/noptrix/lulzbuster

Last synced: about 1 month ago
JSON representation

A very fast and smart web directory and file enumeration tool written in C.

Awesome Lists containing this project

README

        

# Description

Lulzbuster is a very fast and smart web directory and file enumeration tool written in C.

# Usage

```
$ lulzbuster -H
__ __ __ __
/ /_ __/ /___ / /_ __ _______/ /____ _____
/ / / / / /_ / / __ \/ / / / ___/ __/ _ \/ ___/
/ / /_/ / / / /_/ /_/ / /_/ (__ ) /_/ __/ /
/_/\__,_/_/ /___/_.___/\__,_/____/\__/\___/_/

--==[ by nullsecurity.net ] ==--

usage

lulzbuster -s [opts] |

target options

-s - start url to begin scan with

http options

-h - http request type (default: GET) - ? to list types
-x - exclude http status codes (default: 400,404,500,501,502,503
multi codes separated by ',')
-f - follow http redirects. hint: better try appending a '/'
with '-A' option first instead of using '-f'
-F - num level to follow http redirects (default: 0)
-u - user-agent string (default: built-in windows firefox)
-U - use random built-in user-agents
-c - pass custom header(s) (e.g. 'Cookie: foo=bar; lol=lulz')
-a - http auth credentials (format: :)
-r - turn on auto update referrer
-j - define http version (default: curl's default) - ? to list

timeout options

-D - num seconds for delay between requests (default: 0)
-C - num seconds for connect timeout (default: 10)
-R - num seconds for request timeout (default: 30)
-T - num seconds to give up and exit lulzbuster completely
(default: none)

tuning options

-t - num threads for concurrent scanning (default: 30)
-g - num connection cache size for curl (default: 30)
note: this value should always equal to -t's value

other options

-w - wordlist file
(default: /usr/local/share/lulzbuster/lists/medium.txt)
-A - append any words separated by comma (e.g. '/,.php,~bak)
-p - proxy address (format: ://:) - ? to
list supported schemes
-P - proxy auth credentials (format: :)
-i - insecure mode (skips ssl/tls cert verification)
-S - smart mode aka eliminate false-positives, more infos,
etc. (use this if speed is not your 1st priority!)
-n - nameservers (default: '1.1.1.1,8.8.8.8,208.67.222.222'
multi separated by '.')
-l - log found paths and valid urls to file

misc

-X - print built-in user-agents
-V - print version of lulzbuster and exit
-H - print this help and exit
```

# Author

noptrix

# Notes

- clean code; real project
- lulzbuster is already packaged and available for [BlackArch Linux](https://www.blackarch.org/)
- My master-branches are always stable; dev-branches are created for current work.
- All of my public stuff you find are officially announced and published via [nullsecurity.net](https://www.nullsecurity.net/).

# License

Check docs/LICENSE.

# Disclaimer

We hereby emphasize, that the hacking related stuff found on
[nullsecurity.net](http://nullsecurity.net) are only for education purposes.
We are not responsible for any damages. You are responsible for your own
actions.