Home

Awesome

NodeBuster

Description

NodeBuster, or yet another DirBuster clone, is a Node.js application to bruteforce directories and files on HTTP(S) servers.

asciicast

Prerequisites

Install

npx @phra/nodebuster -h
npm i -g @phra/nodebuster # install it globally (onetime and updates)
nodebuster -h

Example

npx @phra/nodebuster dir --extensions php,txt,old --cookies "asd=lol","lol=asd" --user-agent "nodebuster" http://localhost:8000/
nodebuster dir --extensions php,txt,old --cookies "asd=lol","lol=asd" --user-agent "nodebuster" http://localhost:8000/

Wappalyzer

Wappalyzer was integrated to automagically guess the extensions to bruteforce based on the detected technologies. In order to use it the --extensions (-e) parameters must be omitted.

nodebuster dir http://localhost:8000/

Synopsis

   nodebuster.js 1.3.0 

   USAGE

     nodebuster.js dir <url>

   ARGUMENTS

     <url>      <url> to attack      required      

   OPTIONS

     -w, --workers <workers>            Use n <workers>                     optional      default: 10                                                            
     -W, --wordlist <wordlist>          <wordlist> to use                   optional      default: "/usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt"
     -U, --user-agent <user-agent>      <user-agent> to use                 optional      default: "nodebuster"                                                  
     -e, --extensions <extensions>      <extensions> to use                 optional      default: []                                                            
     -C, --cookies <cookies>            Set <cookies>                       optional      default: []                                                            
     -H, --headers <headers>            <headers> to use                    optional      default: []                                                            
     -f, --consecutive-fails            Stop after <consecutive-fails>      optional      default: 15                                                            

   GLOBAL OPTIONS

     -h, --help         Display help                                      
     -V, --version      Display version                                   
     --no-color         Disable colors                                    
     --quiet            Quiet mode - only displays warn and error messages
     -v, --verbose      Verbose mode - will also output debug messages