Console utility to find web application paths.
Still in alpha version.
Multiple URLs bruteforcing:
$ cat urls.txt
https://target.a.com
https://target.b.com
https://target.c.com
$ barrido urls.txt wordlists/quickhits.txt -se | tee curious_paths.txt
https://target.c.com/manager/ 401
https://target.a.com/.git 200
https://target.b.com/phpinfo 200
Single URL bruteforcing with scraper:
$ barrido https://scrapabble.com wordlists/raft-small-directories-lowercase.txt --scraper
/index
/help
/customers/faqs
/webmaster/login
/api/js/retrieve_session_token
``` $ ./target/release/barrido -h barrido 0.1 Discover them all!
USAGE:
barrido [FLAGS] [OPTIONS]
FLAGS: -l, --body-length Show the discovered paths with the response code -e, --expand-path Return paths with the complete url --follow-redirects Follow HTTP redirections -h, --help Prints help information -k, --insecure Allow insecure connections when using SSL -p, --progress Show the progress of requests --scraper Scrap for new paths in responses -s, --status Show the discovered paths with the response code -V, --version Prints version information -v Verbosity
OPTIONS:
-H, --header
ARGS:
From crates.io:
cargo install barrido
barrido -h
From source:
git clone https://gitlab.com/Zer1t0/barrido.git
cd ./barrido
cargo build --release
./target/release/barrido -h