Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/tiagorangel1/bunbuster

Ridiculously fast web & TCP fuzzer designed for brute-forcing directories, subdomains, and files on web servers.
https://github.com/tiagorangel1/bunbuster

bun fuzzer web-fuzzer

Last synced: about 1 month ago
JSON representation

Ridiculously fast web & TCP fuzzer designed for brute-forcing directories, subdomains, and files on web servers.

Host: GitHub
URL: https://github.com/tiagorangel1/bunbuster
Owner: tiagorangel1
License: agpl-3.0
Created: 2024-12-01T18:22:05.000Z (about 1 month ago)
Default Branch: main
Last Pushed: 2024-12-01T18:36:41.000Z (about 1 month ago)
Last Synced: 2024-12-01T19:29:19.872Z (about 1 month ago)
Topics: bun, fuzzer, web-fuzzer
Language: JavaScript
Homepage: https://tiagorangel.com
Size: 2.39 MB
Stars: 0
Watchers: 1
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

# BunBuster
## Ridiculously fast web & TCP fuzzer designed for brute-forcing directories, subdomains, and files on web servers.

Up to **3.5%** faster than ffuf and fully built with Bun.

![Screenshot of a BunBuster scan's result, finding 2 paths on a test server](./assets/screenshot.png)
![Screenshot of a BunBuster scan in progress](./assets/screenshot-loader.png)

* Without using artificial ratelimits, and in my own testing. Might vary depending on your machine.

## Installation

### Prebuilt Executable

Go to the [releases page](https://github.com/tiagorangel1/bunbuster/releases) and download the latest version for your platform.

Make sure it has executable permissions (`chmod +x bunbuster-xxxxxxx`) and to add it to PATH, or else you'll have to cd into the executable's folder and use `./bunbuster` instead of `bunbuster`.

### From Source

Clone the repo, `bun install` and then `bun run build`

## Features

- **Super fast**:
- Optimized for speed, multi-threaded by default.
- Built with Bun
- 3.5% faster than ffuf
- **Extensible**:
- Fully-fledged TCP support
- Fuzz by path, subdomains, parameters, request body, headers and more
- **Filtering**:
- Filter responses by size
- Filter responses by status code
- **Very customizable**:
- Custom headers
- Custom methods
- Fully configurable request parameters
- Use fuzzing in any request parameter, URL, paths, subdomains and more.
- **Bypass ratelimits**:
- Built-in rate limit detection and evasion by using a backoff delay.
- Configurable request throttling by using the `requests per minute` config.
- Simple IP spoofing by setting a randomized `X-Forwarded-For`/`X-Real-IP` header
- Built-in timeout handling
- **And more**:
- Export as CSV
- View request sizes
- Easy to understand docs
- Very simple to use UI

> Note: As all other web fuzzers, you'll need a wordlist. You can download sample ones from the `assets/wordlists` folder in this repo.

***

![BunBuster vs FFUF speed comparison](./assets/speed-graph.svg)

Speed comparison: Time to run a full scan

on http://ffuf.me/cd/basic/FUZZ, default settings, same wordlist (7530 words)

## Usage

```bash
bunbuster [options]
```

Run `bunbuster --help` to see all of the available arguments and options.

## Examples

### Basic
```bash
bunbuster http://ffuf.me/cd/basic/FUZZ -w ./wordlists/common.txt
```

### FUZZ between extension and path
```bash
bunbuster http://ffuf.me/cd/ext/logs/FUZZ.log -w ./wordlists/common.txt
```

### FUZZ in parameters
```bash
bunbuster http://ffuf.me/cd/param/data?FUZZ=1 -w ./wordlists/parameters.txt
```

### Set ratelimiting
```bash
bunbuster http://ffuf.test/cd/rate/FUZZ -w ./wordlists/common.txt -rpm 3000 # 50 req/s
```

### Automaric ratelimit detection
```bash
bunbuster http://ffuf.test/cd/rate/FUZZ -w ./wordlists/common.txt
# note that -rpm is not set
```

### Subdomain Discovery
```bash
bunbuster https://FUZZ.example.com -w ./wordlists/subdomains.txt
```

### Custom Headers
```bash
bunbuster https://api.example.com/FUZZ \
-w ./wordlists/all.txt \
-o '{"headers": {"Authorization": "Bearer TOKEN"}}'
```

## Roadmap
These features aren't currently implemented but they might be comming soon.
* Different wordlists that match to different keywords, e.g.
```bash
bunbuster https://$FUZZ1.example.com/$FUZZ2 -w "./wordlists/subdomains.txt, ./wordlists/common.txt"
```

* Ability to use with `bunx`

## Verbose logging

## Notes

- If you don't know how to use this, copy this file and give it to ChatGPT. It will tell you everything you need to know. Don't open an issue.
- Be mindful of potential IP blocking. BunBuster currently does not have support for Tor, but you can set up a VPN and it should use it too.
- As always, use this responsibly and only on systems you have explicit permission to test BunBuster is intended for security research and authorized penetration testing. Always obtain proper authorization before scanning or testing any system you do not own or have explicit permission to test.