Shulou(Shulou.com)05/31 Report--

This article mainly shows you "what a tool Urlbuster is". The content is simple and clear. I hope it can help you solve your doubts. Let the editor lead you to study and learn this article "what is Urlbuster?"

Urlbuster is a powerful Web directory ambiguity testing tool that can help researchers locate existing and hidden files and directories in target applications. The function of the tool is similar to dirb and gobuster, but Urlbuster also provides a number of variation options.

Function introduction

Agent support

Cookie support

Basic authentication

Summary authorization

Retry (for slow servers)

Persistent and non-persistent HTTP connections

Request method: GET, POST, PUT, DELETE, PATCH, HEAD, OPTIONS

Custom HTTP header

Modify POST,PUT and PATCHPayload

Mutate using different request methods

Use different HTTP headers for mutation

Mutate with different file extensions

Use slashes to mutate

Enumerate GET parameter values

Tool installation

After configuring the Python and pip environments, researchers can directly install Urlbuster using the following commands:

The pip install urlbuster tool uses usage: urlbuster [options]-w /-W BASE_URL urlbuster-V,-- help urlbuster-h,-- version URL bruteforcer to locate existing and/or hidden files or directories. Similar to dirb or gobuster, but also allows to iterate over multiple HTTP request methods,multiple useragents and multiple host header values. Positional arguments: BASE_URL The base URL to scan. Required arguments: W str,-- word str Word to use. WF,-- wordlist f Path to wordlist to use. Optional global arguments:-n,-- new Use a new connection for every request. If not specified persistent http connection will be used for all requests. Note, using a new connection will decrease performance, but ensure to have a clean state on every request. A persistent connection on the other hand will use any additional cookie values it has received from a previous request. -f,-- follow Follow redirects. -k,-- insecure Do not verify TLS certificates. -v,-- verbose Show also missed URLs. -- code str [str...] HTTP status code to treat as success. You can use a'. (dot) as a wildcard. Default: 2.. 3.。 403 407 411 426 429 500 505 511-- payload p [p...] POST, PUT and PATCH payloads for all requests. Note, multiple values are allowed for multiple payloads. Note, if duplicates are specified, the last one will overwrite. See-- mpayload for mutations. Format: = [=]-- header h [h...] Custom http header string to add to all requests. Note, multiple values are allowed for multiple headers. Note, if duplicates are specified, the last one will overwrite. See-- mheaders for mutations. Format:: [:]-- cookie c [c...] Cookie string to add to all requests. Format: = [=]-proxy str Use a proxy for all requests. Format: http://: Format: http://:@: Format: https://: Format: https://:@: Format: socks5://: Format: socks5://:@:-- auth-basic str Use basic authentication for all requests. Format:-- auth-digest str Use digest authentication for all requests. Format:-- timeout sec Connection timeout in seconds for each request. Default: 5. 0-retry num Connection retries per request. Default: 3-- delay sec Delay between requests to not flood the server. -- output file Output file to write results to. Optional mutating arguments: The following arguments will increase the total number of requests to be made by applying various mutations and testing each mutation ona separate request. -- method m [m...] List of HTTP methods to test each request against. Note, each supplied method will double the number of requests. Supported methods: GET POST PUT DELETE PATCH HEAD OPTIONS Default: GET-- mpayload p [p...] POST, PUT and PATCH payloads to mutate all requests.. Note, multiple values are allowed for multiple payloads. Format: = [=]-- mheader h [h...] Custom http header string to add to mutate all requests. Note, multiple values are allowed for multiple headers. Format:: [:]-- ext ext [ext...] List of file extensions to to add to words for testing. Note, each supplied extension will double the number of requests. Format: .zip [.pem]-- slash str Append or omit a trailing slash to URLs to test. Note, a slash will be added after the extensions if they are specified as well. Note, using 'both' will double the number of requests. Options: both, yes, no Default: no misc arguments:-h,-- help Show this help message and exit-V,-- version Show version information examples urlbuster-W / path/to/words http://example.com/ urlbuster-W / path/to/words http://example.com:8000/ urlbuster-k-W / path/to/words https://example.com:10000/ variation sample

For some sites, the Web application reacts and behaves differently even if the same path is called when some special user agents are used.

$urlbuster\-W / usr/share/dirb/wordlists/common.txt\-- mheader 'User-Agent:Googlebot/2.1 (+ http://www.googlebot.com/bot.html)'\-- method' POST,GET,DELETE,PUT,PATCH'\ http://www.domain.tld/

The tool uses the sample by default

Basic:

$urlbuster\-W / path/to/wordlist.txt\ http://www.domain.tld/

Burpsuite Agent:

$urlbuster\-W / path/to/wordlist.txt\-- proxy 'http://localhost:8080'\ http://www.domain.tld/

Save the results to a file:

$urlbuster\-W / path/to/wordlist.txt\-- output out.txt\ http://www.domain.tld/

Basic Certification scan:

$urlbuster\-W / path/to/wordlist.txt\-- auth-basic 'user:pass'\ http://www.domain.tld/

Use session Cookie:

$urlbuster\-W / path/to/wordlist.txt\-- cookie 'PHPSESSID=a79b00e7-035a-2bb4-352aMur439d855feabf'\ http://www.domain.tld/ search file

Find the files in the root directory of the site:

$urlbuster\-W / path/to/wordlist.txt\-- code 200301 302\-- ext .zip .tar .tar.gz .rar\ http://www.domain.tld/

Find the files in the site subdirectory:

$urlbuster\-W / path/to/wordlist.txt\-- code 200301 302\-- ext .zip .tar .tar.gz .rar\ http://www.domain.tld/wp-content/ Advanced use

Blasting query parameters:

$urlbuster\-W / path/to/wordlist.txt\-- method GET\-- code 200301 302\ http://www.domain.tld/search?q=

Blasting POST request:

$urlbuster\-W / path/to/wordlist.txt\-- code 200301 302\-- method POST\-- payload\ 'user=somename'\' pass=somepass'\ 'mail=some@mail.tld'\' submit=yes'\ http://www.domain.tld/

Blasting mutation POST request:

$urlbuster\-w index.php\-- code 200 301 302\-- method POST\-- mpayload\ 'user=somename1'\' user=somename2'\ 'user=somename3'\' pass=somepass1'\ 'pass=somepass2'\' pass=somepass3'\ 'mail=some@mail1.tld'\' mail=some@mail2.tld'\ 'mail=some@mail3.tld'\' submit=yes'\ http://www.domain.tld/wp-admin/

User agent SQL injection:

$urlbuster\-W / path/to/wordlist.txt\-- code 5.. \-method GET POST\-mheader\ "User-Agent: "\" User-Agent:'or\ "\" User-Agent:-- or # "\" User-Agent:'OR'1 "\" User-Agent:'OR 1-- "\" User-Agent:\ "OR 1 = 1--"\ "User-Agent:'= 'User-Agent:' LIKE'"\ "User- Agent:'= 0Murray + "\" User-Agent: OR 1mm 1 "\" User-Agent:'OR'x copyright copyright "\" User-Agent: 'AND id IS NULL -- "\ http://www.domain.tld/

Find potential vhost:

$urlbuster\-w /\-- method GET POST\-- mheader\ "Host: internal1.lan"\ "Host: internal2.lan"\ "Host: internal3.lan"\ "Host: internal4.lan"\ "Host: internal5.lan"\ "Host: internal6.lan"\ http://10.0.0.1 above are all the contents of the article "what is Urlbuster?" Thank you for reading! I believe we all have a certain understanding, hope to share the content to help you, if you want to learn more knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.