ZenBuster is a multi-threaded, multi-platform URL enumeration instrument written in Python by Zach Griffin (@0xTas).
I wrote this instrument as a method to deepen my familiarity with Python, and to assist enhance my understanding of Cybersecurity tooling generally. ZenBuster is probably not the quickest or most complete instrument of its variety. It’s nonetheless, easy to make use of, decently versatile, and in observe solely marginally slower than different “tried-and-true” instruments like Gobuster. Personally, I’ve been utilizing it to assist me remedy CTF challenges on platforms like TryHackMe, and have discovered my implementation to be satisfactorily dependable.
This software program is meant to be used in CTF challenges, or by safety professionals to collect info on their targets:
- It’s able to brute-force enumerating subdomains and likewise URI sources (directories/information).
- Each strategies of enumeration require use of an applicable wordlist or dictionary file.
- Options Embody:
- Hostname format helps commonplace, IPv4, and IPv6.
- Help for logging outcomes to a file with -O [filename].
- Specifying customized ports for nonstandard webservers with -p .
- Non-compulsory file extensions in listing mode with -x .
- Quiet mode for much less distracting output with -Q.
- Colour will be disabled for much less distracting output with -nc/-nl.
- Examined on Python variations 3.9 and three.10, with theoretical assist for variations >= 3.6
CAUTION/DISCLAIMER
ZenBuster is able to producing a probably unwelcome variety of HTTP requests in a brief period of time.
The builders and contributors are usually not liable or answerable for any harm brought on by misuse or abuse of this software program.
Please Enumerate Responsibly!
License
ZenBuster is licensed below the GNU GPLv3 License, see right here for extra info.
Credit
Yin-Yang ASCII artwork within the banners had been created by Joan G. Stark (jgs) and Hayley Jane Wakenshaw (hjw). Modifications had been made by me, when specified with: ‘zg‘.
Firstly, be sure that Python model >= 3.6 is put in, then clone the repository with:
git clone https://github.com/0xTas/zenbuster.git
Subsequent, cd zenbuster.
Dependencies
ZenBuster depends on 3 exterior libraries to operate, and it is suggested to put in these with:
pip set up -r necessities.txt
The modules that shall be put in and their functions are as follows:
-
- The spine of every enumeration request. With out this, the script won’t operate.
-
- Permits coloured terminal output. Non-critical, the script can nonetheless run with out coloration if this isn’t current.
-
colorama (Home windows solely)
- Primes the Home windows terminal to just accept ANSI coloration codes (from Termcolor). Non-critical.
These dependencies could also be put in manually, with pip utilizing necessities.txt, or through interplay with the script upon first run.
As soon as dependencies have been put in, you possibly can run this system within the following methods:
On Linux (+Mac?):
./zenbuster.py [options] or python3 zenbuster.py [options]
On Home windows:
python zenbuster.py [options]
[Options]
| Quick Flag | Lengthy Flag | Objective |
|---|---|---|
| -h | –help | Shows the assistance display and exits |
| -d | –dirs | Permits Listing Enumeration Mode |
| -s | -ssl | Forces utilization of HTTPS in requests |
| -v | –verbose | Prints verbose data to terminal/log |
| -q | –quiet | Minimal terminal output till remaining outcomes |
| -nc | –no-color | Disables coloured terminal output |
| -nl | –no-lolcat | Disables lolcat-printed banner (Linux solely) |
| -u <hostname> | –host | Host to focus on for the scan |
| -w <wordlist> | –wordlist | Path to wordlist/dictionary file |
| -x <exts> | –ext | Comma-separated checklist of file extensions (Dirs solely) |
| -p <port#> | –port | Customized port possibility for nonstandard webservers |
| -o [filename] | –out-file | Log outcomes to a file (accepts customized identify/path) |
Instance Utilization
./zenbuster.py -d -w /usr/share/wordlists/dirb/frequent.txt -u goal.thm -v
python3 zenbuster.py -w ../subdomains.txt --host goal.thm --ssl -O myResults.log
zenbuster -w subdomains.txt -u goal.thm --quiet (With .bashrc alias)
- Elevated ranges of elective verbosity.
- Permit elective throttling of job thread-count.
- Permit customers to change the checklist of ignored standing codes.
- Permit larger consumer management over varied request headers.
- Permit elective ignoring of responses primarily based on content-length.
- Increase subdomain enumeration to incorporate OSINT strategies as an alternative of simply brute-forcing.
- Discover a extra complete and source-readable resolution to fancy coloured output (probably utilizing wealthy).
- Enumerating lengthy endpoints could end in ugly terminal output attributable to line-wraping on smaller console home windows. Logging to a file is really useful, particularly on Home windows.
- If goal host is a vHost on a shared webserver, enumeration through IP could not operate as anticipated. Use area/hostname as an alternative.
