From dfa4a2a11b2214d2a7d6d5be0bb45ec5d6ed891d Mon Sep 17 00:00:00 2001 From: phra Date: Thu, 13 Jun 2019 02:09:30 +0200 Subject: [PATCH] docs: update usage and download link --- README.md | 38 +++++++++++++++++++++++++------------- 1 file changed, 25 insertions(+), 13 deletions(-) diff --git a/README.md b/README.md index aaf6074..7faf2da 100644 --- a/README.md +++ b/README.md @@ -4,18 +4,11 @@ DirBuster for Rust [![asciicast](https://asciinema.org/a/ymyCFj4NBRukQIEcjjzK9JYEU.svg)](https://asciinema.org/a/ymyCFj4NBRukQIEcjjzK9JYEU) -## Usage - -There are three modules currently implemented: - -1. Dirbuster (default) -`rustbuster -m dir -u http://localhost:3000/ -w examples/wordlist -e php` +## Download -1. Dnsbuster -`rustbuster -m dns -u google.com -w examples/wordlist` +You can download prebuilt binaries from [here](https://github.com/phra/rustbuster/releases). -1. Vhostbuster -`rustbuster -m vhost -u http://localhost:3000/ -w examples/wordlist -d test.local -x "Hello"` +## Usage ```shell @@ -34,7 +27,7 @@ There are three modules currently implemented: ~ rustbuster v. 1.2.0 ~ by phra & ps1dr3x ~ USAGE: - rustbuster [FLAGS] [OPTIONS] --url --wordlist + rustbuster [FLAGS] [OPTIONS] --url --wordlist ... FLAGS: -f, --append-slash Tries to also append / to the base request @@ -47,19 +40,38 @@ FLAGS: -v, --verbose Sets the level of verbosity OPTIONS: + --csrf-header ... Adds the specified headers to CSRF GET request + --csrf-regex Grabs the CSRF token applying the specified RegEx + --csrf-url Grabs the CSRF token via GET to csrf-url -d, --domain Uses the specified domain -e, --extensions Sets the extensions [default: ] -b, --http-body Uses the specified HTTP method [default: ] -H, --http-header ... Appends the specified HTTP header -X, --http-method Uses the specified HTTP method [default: GET] -S, --ignore-status-codes Sets the list of status codes to ignore [default: 404] - -x, --ignore-string ... Ignores results with specified string in vhost mode + -x, --ignore-string ... Ignores results with specified string in the HTTP Body -s, --include-status-codes Sets the list of status codes to include [default: ] + -i, --include-string ... Includes results with specified string in the HTTP body -m, --mode Sets the mode of operation (dir, dns, fuzz) [default: dir] -o, --output Saves the results in the specified file [default: ] -t, --threads Sets the amount of concurrent requests [default: 10] -u, --url Sets the target URL -a, --user-agent Uses the specified User-Agent [default: rustbuster] - -w, --wordlist Sets the wordlist + -w, --wordlist ... Sets the wordlist + +EXAMPLES: + 1. Dir mode: + rustbuster -m dir -u http://localhost:3000/ -w examples/wordlist -e php + 2. Dns mode: + rustbuster -m dns -u google.com -w examples/wordlist + 3. Vhost mode: + rustbuster -m vhost -u http://localhost:3000/ -w examples/wordlist -d test.local -x "Hello" + 4. Fuzz mode: + rustbuster -m fuzz -m fuzz -u http://localhost:3000/login -X POST \ + -H "Content-Type: application/json" \ + -b '{"user":"FUZZ","password":"FUZZ","csrf":"CSRFCSRF"}' \ + -w examples/wordlist \ + -w /usr/share/seclists/Passwords/Common-Credentials/10-million-password-list-top-10000.txt \ + -s 200 ```