Installation • Usage • Examples • Contributing • License • Join Discord
Install rust
bash
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
Install pathbuster
bash
cargo add pathbuster
bash
pathbuster -h
👉 pathbuster help menu 👈
```
USAGE:
pathbuster [OPTIONS] --url
OPTIONS:
-c, --concurrency
--deviation <deviation>
The distance between the responses [default: 3]
-h, --help
Print help information
--match-status <match-status>
[default: 200]
-o, --out <out>
The output file
-p, --payloads <payloads>
the file containing the traversal payloads [default: ]
--paths <paths>
The list of routes (crawl the host to collect routes) [default: .paths.tmp]
-r, --rate <rate>
Maximum in-flight requests per second [default: 1000]
--stop-at-first-match <stop-at-first-match>
stops execution flow on the first match [default: false]
-u, --url <url>
the url you would like to test
-V, --version
Print version information
-w, --workers <workers>
The amount of workers [default: 1]
--wordlist <wordlist>
the file containing the technology paths [default: .wordlist.tmp]
```
Fingerprinting the proxy
rust
$ pathbuster -u "https://example.com/{paths}/{payloads}" --payloads traversals.txt --paths paths.txt --match-status 400 --deviation 2 -o output.txt
Discovery Process
rust
$ pathbuster -u "https://example.com/{paths}/{payloads}/{words}" --payloads traversals.txt --paths paths.txt --wordlist raft-medium-directories.txt --match-status 200 --deviation 2 -o output.txt
Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.
Please make sure to update tests as appropriate.
Pathbuster is distributed under MIT License