Python directory buster, multiple threads, gobuster-like CLI, web server brute-forcer, URL replace pattern feature.

Last update: Jan 05, 2022

Overview

pybuster v1.1

pybuster is a tool that is used to brute-force URLs of web servers.

Features

Directory busting (URI)
URL replace patterns (put PYBUSTER in URL for it to get replaced with current word)
Multiple threads
Clean data outputting
Custom success status code selection
Custom wordlist selection

Command Line Usage

usage: pybuster.py mode [-h] --wordlist WORDLIST --threads THREADS --url URL [--success SUCCESS]

positional arguments:
  mode                 Mode to run pybuster [dir,subdomain]

optional arguments:
  -h, --help           show this help message and exit
  --wordlist WORDLIST  Full path to wordlist
  --threads THREADS    Number of threads to use
  --url URL            URL to check
  --success SUCCESS    Success status codes, split by comma [optional]

Why should i use this over gobuster?

The gobuster tool might be overall quicker, and it might be better in other fields, but;

This tool runs on python3, which is pre-installed on most systems
It uses pip3 for modules, and it only requires one, requests, which is already installed in most systems
It is easier to understand python code over go code, when you aren't a programmer, thus you can easily edit this.
Faster setup, you dont need to install golang, you can start it directly.

Changes in v1.1

Features below, +;

Added subdomain search mode
Changed cli usage, changed "dns" to "subdomain"
Use python3 pybuster.py subdomain to start to scan for subdomains
The url shall not change, do not try to do https://PYBUSTER.url.com, this will break the tool, it will automatically do that, just write out the URL normally, like; https://url.com.
Minor changes to outputting

Changes in v1.0

First stable release, with main features, +:

Clean outputting
Easy exiting out of threads
Cleaner display of found URLs/URIs
Time formatting better, still need to modify a small thing, when time is 1am, 5 minutes, it will show 1:5, but it should show 01:05.
Mode still not changing anything, although you can use pattern to check for subdomains and other things
Slightly modified src/script.py to make it less CPU intensive, so more threads can run.
Exiting only requires you to press enter
Cleaner exiting summary.

Changes in v0.1.0

Can select mode (still only dir mode is fully supported)
used python argparse module for cleaner commandline arguments
URL pattern to replace, you can put PYBUSTER in the URL, and it will replace it with the current wordlist item. Example: http://PYBUSTER.glaukio.com/ (do NOT put PYBUSTER in the end of the URL, for example; /PYBUSTER, it will start checking the URL like this; /wordlist_item/wordlist_item!)

Changes in v0.0.1

Added base files
Support for dir mode
Custom thread selection
CLI-like interface for displaying data while-running, no long outputs
On exit, show a summary of what happend
Pipe between threads
Stop on command
Custom wordlist selection
Custom sucess status selection

You might also like...

This is simple python FTP password craker. To crack FTP login using wordlist based brute force attack

5 Oct 8, 2022

A python script to decrypt media files encrypted using the Android application 'Decrypting 'LOCKED Secret Calculator Vault''. Will identify PIN / pattern.

3 Sep 26, 2022

zip-brute Zip File Password Cracking with Using Password List

Zip brute is a python script that cracks zip that are password protected using a wordlist dictionary.

13 Nov 3, 2022

Script for automatic dump and brute-force passwords using Volatility Framework

Volatility-auto-hashdump Script for automatic dump and brute-force passwords using Volatility Framework

11 Apr 11, 2022

Brute-forcing (or not!) deck builder for Pokemon Trading Card Game.

PokeBot Deck Builder Brute-forcing (or not!) deck builder for Pokemon Trading Card Game. Warning: intensely not optimized and spaghetti coded Credits

0 Jan 10, 2022

A (completely native) python3 wifi brute-force attack using the 100k most common passwords (2021)

wifi-bf [LINUX ONLY] A (completely native) python3 wifi brute-force attack using the 100k most common passwords (2021) This script is purely for educa

20 Nov 12, 2022

Dapunta Multi Brute Force Facebook - Crack Facebook With Login - Free

✭ DMBF CRACK Dibuat Dengan ❤️ Oleh Dapunta Author: - Dapunta Khurayra X ⇨ Fitur Login [✯] Login Token ⇨ Fitur Crack [✯] Crack Dari Teman, Public,

10 Oct 19, 2022

This program will brute force any Instagram account you send it its way given a list of proxies.

Instagram Bruter This program will brute force any Instagram account you send it its way given a list of proxies. NOTICE I'm no longer maintaining thi

1 Nov 15, 2021

Instagram brute force tool that uses tor as its proxy connections

Insta-crack This is a instagram brute force tool that uses tor as its proxy connections, keep in mind that you should not do anything illegal with thi

3 Jan 28, 2022

Releases(v1.1)

v1.1(Jan 4, 2022)
Changes in v1.1

Features below, +;

Added subdomain search mode

Changed cli usage, changed "dns" to "subdomain"

Use python3 pybuster.py subdomain to start to scan for subdomains

The url shall not change, do not try to do https://PYBUSTER.url.com, this will break the tool, it will automatically do that, just write out the URL normally, like; https://url.com.

Minor changes to outputting

Source code(tar.gz)
Source code(zip)
v1.0(Jan 4, 2022)
First stable release, with main features, +:

Clean outputting

Easy exiting out of threads

Cleaner display of found URLs/URIs

Time formatting better, still need to modify a small thing, when time is 1am, 5 minutes, it will show 1:5, but it should show 01:05.

Mode still not changing anything, although you can use pattern to check for subdomains and other things

Slightly modified src/script.py to make it less CPU intensive, so more threads can run.

Exiting only requires you to press enter

Cleaner exiting summary.

Source code(tar.gz)
Source code(zip)
v0.1.0(Jan 4, 2022)
New changes;

Can select mode (still only dir mode is fully supported)

used python argparse module for cleaner commandline arguments

URL pattern to replace, you can put PYBUSTER in the URL, and it will replace it with the current wordlist item. Example: http://PYBUSTER.glaukio.com/ (do NOT put PYBUSTER in the end of the URL, for example; /PYBUSTER, it will start checking the URL like this; /wordlist_item/wordlist_item!)

Source code(tar.gz)
Source code(zip)
v0.0.1(Jan 4, 2022)
FIrst pybuster release;

Changes in v0.0.1

Added base files

Support for dir mode

Custom thread selection

CLI-like interface for displaying data while-running, no long outputs

On exit, show a summary of what happend

Pipe between threads

Stop on command

Custom wordlist selection

Custom sucess status selection

Source code(tar.gz)
Source code(zip)

Owner

Glaukio

1128d463bad6bc935ea53cde84141a2165d4650606f2ec07cdb73b64032a2df0

GitHub Repository

macOS persistence tool

PoisonApple Command-line tool to perform various persistence mechanism techniques on macOS. This tool was designed to be used by threat hunters for cy

212 Dec 29, 2022

SCodeScanner stands for Source Code scanner where the user can scans the source code for finding the Critical Vulnerabilities.

The SCodeScanner stands for Source Code Scanner, where you can scan your source code files like PHP and get identify the vulnerabilities inside it. The tool can use by Pentester, Developer to quickly

136 Dec 13, 2022

zip-brute Zip File Password Cracking with Using Password List

Zip brute is a python script that cracks zip that are password protected using a wordlist dictionary.

13 Nov 03, 2022

FOSSLight Scanner performs open source analysis after downloading the source by passing a link that can be cloned by wget or git.

FOSSLight Scanner Analyze at once for Open Source Compliance. FOSSLight Scanner performs open source analysis after downloading the source by passing

8 Nov 03, 2022

Anti Supercookie - Confusing the ISP & Escaping the Supercookie

Confusing the ISP & Escaping the Supercookie

2 Nov 22, 2022

A quick script to spot the usage of Unicode Bidi (bidirectional) characters that could lead to an Invisible Backdoor

Invisible Backdoor Detector is a little Python script that allows you to spot and remove Bidi characters that could lead to an invisible backdoor. If you don't know what that is you should check the

28 Dec 29, 2022

For educational purposes only. (Uzbek Edition)

DISCLAIMER 💣 Ushbu skriptdagi materiallar bilan bog'liq har qanday xatti-harakatlar faqat sizning javobgarligingizdir. Ushbu skriptdagi ma'lumotlarda

1 Feb 12, 2022

一款Web在线自动免杀工具

一款利用加载器以及Python反序列化绕过AV的在线免杀工具因为打包方式的局限性，不能跨平台，若要生成exe格式的只能在Windows下运行本项目打包速度有点慢，提交后稍等一会开发环境及运行前端使用Bootstrap框架，后端使用Django框架。

172 Nov 28, 2022

Scan publicly accessible assets on your AWS cloud environment

poro Description Scan for publicly accessible assets on your AWS environment Services covered by this tool: AWS ELB API Gateway S3 Buckets RDS Databas

134 Dec 16, 2022

IDAPatternSearch adds a capability of finding functions according to bit-patterns into the well-known IDA Pro disassembler based on Ghidra’s function patterns format.

IDA Pattern Search by Argus Cyber Security Ltd. The IDA Pattern Search plugin adds a capability of finding functions according to bit-patterns into th

48 Dec 29, 2022

Python directory buster, multiple threads, gobuster-like CLI, web server brute-forcer, URL replace pattern feature.

Related tags

Overview

pybuster v1.1

Features

Command Line Usage

Why should i use this over gobuster?

Changes in v1.1

Changes in v1.0

Changes in v0.1.0

Changes in v0.0.1

You might also like...

This is simple python FTP password craker. To crack FTP login using wordlist based brute force attack

A python script to decrypt media files encrypted using the Android application 'Decrypting 'LOCKED Secret Calculator Vault''. Will identify PIN / pattern.

zip-brute Zip File Password Cracking with Using Password List

Script for automatic dump and brute-force passwords using Volatility Framework

Brute-forcing (or not!) deck builder for Pokemon Trading Card Game.

A (completely native) python3 wifi brute-force attack using the 100k most common passwords (2021)

Dapunta Multi Brute Force Facebook - Crack Facebook With Login - Free

This program will brute force any Instagram account you send it its way given a list of proxies.

Instagram brute force tool that uses tor as its proxy connections

Releases(v1.1)

v1.1(Jan 4, 2022)

Changes in v1.1

v1.0(Jan 4, 2022)

v0.1.0(Jan 4, 2022)

v0.0.1(Jan 4, 2022)

Changes in v0.0.1

Owner

Glaukio

macOS persistence tool

SCodeScanner stands for Source Code scanner where the user can scans the source code for finding the Critical Vulnerabilities.

zip-brute Zip File Password Cracking with Using Password List

FOSSLight Scanner performs open source analysis after downloading the source by passing a link that can be cloned by wget or git.

Anti Supercookie - Confusing the ISP & Escaping the Supercookie

A quick script to spot the usage of Unicode Bidi (bidirectional) characters that could lead to an Invisible Backdoor

For educational purposes only. (Uzbek Edition)

一款Web在线自动免杀工具

Scan publicly accessible assets on your AWS cloud environment

IDAPatternSearch adds a capability of finding functions according to bit-patterns into the well-known IDA Pro disassembler based on Ghidra’s function patterns format.

Python library to remotely extract credentials on a set of hosts.

WinRemoteEnum is a module-based collection of operations achievable by a low-privileged domain user.

Simples brute forcer de diretorios para web pentest.

This is a repository filled with scripts that were made with Python, and designed to exploit computer systems.

A traceroute tool that also displays IP information

log4j burp scanner

Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞利用功能

A GitHub action for organizations that enables advanced security code scanning on all new repos

Find exposed API keys based on RegEx and get exploitation methods for some of keys that are found

This repository is one of a few malware collections on the GitHub.