Skip to content

Commit

Permalink
docs: update usage and download link
Browse files Browse the repository at this point in the history
  • Loading branch information
phra committed Jun 13, 2019
1 parent 9188678 commit dfa4a2a
Showing 1 changed file with 25 additions and 13 deletions.
38 changes: 25 additions & 13 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,18 +4,11 @@ DirBuster for Rust

[![asciicast](https://asciinema.org/a/ymyCFj4NBRukQIEcjjzK9JYEU.svg)](https://asciinema.org/a/ymyCFj4NBRukQIEcjjzK9JYEU)

## Usage

There are three modules currently implemented:

1. Dirbuster (default)
`rustbuster -m dir -u http://localhost:3000/ -w examples/wordlist -e php`
## Download

1. Dnsbuster
`rustbuster -m dns -u google.com -w examples/wordlist`
You can download prebuilt binaries from [here](https://github.com/phra/rustbuster/releases).

1. Vhostbuster
`rustbuster -m vhost -u http://localhost:3000/ -w examples/wordlist -d test.local -x "Hello"`
## Usage

```shell

Expand All @@ -34,7 +27,7 @@ There are three modules currently implemented:
~ rustbuster v. 1.2.0 ~ by phra & ps1dr3x ~

USAGE:
rustbuster [FLAGS] [OPTIONS] --url <url> --wordlist <wordlist>
rustbuster [FLAGS] [OPTIONS] --url <url> --wordlist <wordlist>...

FLAGS:
-f, --append-slash Tries to also append / to the base request
Expand All @@ -47,19 +40,38 @@ FLAGS:
-v, --verbose Sets the level of verbosity

OPTIONS:
--csrf-header <csrf-header>... Adds the specified headers to CSRF GET request
--csrf-regex <csrf-regex> Grabs the CSRF token applying the specified RegEx
--csrf-url <csrf-url> Grabs the CSRF token via GET to csrf-url
-d, --domain <domain> Uses the specified domain
-e, --extensions <extensions> Sets the extensions [default: ]
-b, --http-body <http-body> Uses the specified HTTP method [default: ]
-H, --http-header <http-header>... Appends the specified HTTP header
-X, --http-method <http-method> Uses the specified HTTP method [default: GET]
-S, --ignore-status-codes <ignore-status-codes> Sets the list of status codes to ignore [default: 404]
-x, --ignore-string <ignore-string>... Ignores results with specified string in vhost mode
-x, --ignore-string <ignore-string>... Ignores results with specified string in the HTTP Body
-s, --include-status-codes <include-status-codes> Sets the list of status codes to include [default: ]
-i, --include-string <include-string>... Includes results with specified string in the HTTP body
-m, --mode <mode> Sets the mode of operation (dir, dns, fuzz) [default: dir]
-o, --output <output> Saves the results in the specified file [default: ]
-t, --threads <threads> Sets the amount of concurrent requests [default: 10]
-u, --url <url> Sets the target URL
-a, --user-agent <user-agent> Uses the specified User-Agent [default: rustbuster]
-w, --wordlist <wordlist> Sets the wordlist
-w, --wordlist <wordlist>... Sets the wordlist

EXAMPLES:
1. Dir mode:
rustbuster -m dir -u http://localhost:3000/ -w examples/wordlist -e php
2. Dns mode:
rustbuster -m dns -u google.com -w examples/wordlist
3. Vhost mode:
rustbuster -m vhost -u http://localhost:3000/ -w examples/wordlist -d test.local -x "Hello"
4. Fuzz mode:
rustbuster -m fuzz -m fuzz -u http://localhost:3000/login -X POST \
-H "Content-Type: application/json" \
-b '{"user":"FUZZ","password":"FUZZ","csrf":"CSRFCSRF"}' \
-w examples/wordlist \
-w /usr/share/seclists/Passwords/Common-Credentials/10-million-password-list-top-10000.txt \
-s 200

```

0 comments on commit dfa4a2a

Please sign in to comment.