#brute-force #directory #web #brute #force #cli #security

app wbuster

A simple multi threaded web directory brute forcing tool

4 releases

0.1.4 Jun 17, 2023
0.1.3 Jun 16, 2023
0.1.2 Jun 16, 2023
0.1.1 Jun 16, 2023
0.1.0 Jun 16, 2023

#926 in Network programming

MIT license

183 lines


Description ❤

A simple tool for brute forcing web directories! This tool is designed to be used in a penetration testing environment and is not intended for malicious use. Only supports GET requests and single sweep at the moment. Note: This is one of my first Rust projects, so the code is not the best. I am still learning the language and will continue to improve the code as I learn more. This is also a very early version of the tool, so there are still many features that I plan to add 😅

Screenshots 📸


Installation 📥

Cargo Install
cargo install wbuster
From Source
git clone https://github.com/0bject-0bject/wbuster.git
cd wbuster
cargo build --release

Usage 🧰

This tool works with the dirbuster word lists (txt only), and any other word list that is formatted the same way. The tool will automatically remove any comments and blank lines from the word list. The tool will also automatically add a "/" to the end of the URL if it is not already there.
This tool also works with json files that are formatted like this

    "directories": [

CLI example:
wbuster --path PATH/TO/WORDLIST.TXT --url URL --threads 10 --timeout 10

Arguments 📝

Argument Description Example Required Default
--path Path to wordlist --path /usr/share/wordlists/dirb/common.txt True Null
--url URL to brute force --url http://example.com True Null
--threads Number of threads to use --threads 10 False 1
--timeout Timeout for each request (seconds) --timeout 10 False 10

Examples 📚

wbuster --path /usr/share/wordlists/dirb/common.txt --url http://example.com
wbuster --path /usr/share/wordlists/dirb/common.txt --url http://example.com --threads 10 --timeout 10

License 📜

Licensed under the MIT license (LICENSE)


~293K SLoC