noptrix/lulzbuster

GitHub: noptrix/lulzbuster

一款基于 libcurl 和 C 语言编写的多线程高速 HTTP(S) 目录与文件暴力破解工具,帮助安全测试人员快速枚举目标网站上的隐藏路径。

Stars: 141 | Forks: 21

# 描述 一个多线程、极速且智能的 HTTP(S) 目录与文件暴力破解工具,基于 libcurl 使用 C 语言编写。 给定一个目标 URL 和字典文件,它通过发起并发 HTTP 请求来枚举有效路径,并报告看起来像是真实命中的响应(即用户未排除的状态码)。 它专为渗透测试人员、漏洞赏金猎人和 CTF 选手设计,适合那些需要一个小巧、快速、可脚本化且能将一件事做到极致的工具的用户。 # 用法 ``` $ lulzbuster -H __ __ __ __ / /_ __/ /___ / /_ __ _______/ /____ _____ / / / / / /_ / / __ \/ / / / ___/ __/ _ \/ ___/ / / /_/ / / / /_/ /_/ / /_/ (__ ) /_/ __/ / /_/\__,_/_/ /___/_.___/\__,_/____/\__/\___/_/ --==[ by nullsecurity.net ] ==-- usage lulzbuster -s [opts] | target options -s - start url to begin scan with http options -h - http request type (default: GET) - ? to list types -x - exclude http status codes (default: 400,404,500,501,502,503 multi codes separated by ',') -f - follow http redirects. hint: better try appending a '/' with '-A' option first instead of using '-f' -F - num level to follow http redirects (default: -1 = unlimited) -u - user-agent string (default: built-in windows edge) -U - use random built-in user-agents -c - pass custom header(s) (e.g. 'Cookie: foo=bar; lol=lulz') -a - http auth credentials (format: :) -r - turn on auto update referrer -j - define http version (default: curl's default) - ? to list tls options -i - insecure mode (skips ssl/tls cert verification) -E - client cert file (PEM) for mTLS -y - client key file (PEM) for mTLS -Y - passphrase for an encrypted client key timeout options -D - num seconds for delay between requests (default: 0) -C - num seconds for connect timeout (default: 10) -R - num seconds for request timeout (default: 30) -T - num seconds to give up and exit lulzbuster completely (default: none) tuning options -t - num threads for concurrent scanning (default: 35) -g - per-thread connection cache size for curl (default: 35) note: each worker thread keeps its own cache; 1 conn per host suffices, higher only helps across many hosts wordlist options -w - wordlist file (default: /usr/local/share/lulzbuster/lists/medium.txt) -A - append any words separated by comma (e.g. '/,.php,~bak) proxy options -p - proxy address (format: ://:) - ? to list supported schemes -P - proxy auth credentials (format: :) body filter options -m - skip hits with body smaller than bytes. suffix K/M/G accepted (e.g. 100, 10K, 5M) -M - skip hits with body bigger than bytes. suffix K/M/G accepted (e.g. 1M, 1G) -b - keep only hits whose body matches the POSIX extended regex (e.g. 'admin|login'). evaluated on first ~1MB of body. complements -x (codes) and -m/-M (size) -B - drop hits whose body matches the POSIX extended regex (e.g. 'page not found'). useful against CMS targets that return custom 200 'soft 404' pages smart options -S - smart mode aka: eliminate false-positives, show more infos, etc. use this if speed is not your 1st priority! -K - smart mode cluster threshold (default: 8). after N hits with same (code, size_bucket) further matches are suppressed as wildcard noise recursion options -d - max recursion depth (default: 0 = no recursion). recurses into hits ending with '/' that returned 200/301/302/401/403 -e - paths to exclude from recursion (substring match) multi separated by ',' (e.g. '/admin/,logout') output options -l - log hits to file. with single -O format the path is used exact; with multiple formats the path is a stem and '.' is appended per format. without -O the format defaults to 'log' (text) -O - opt in to logging and pick format(s): 'log', 'csv', 'jsonl', 'all' or comma-list (e.g. 'log,jsonl'). without -l each format gets an auto-derived name (e.g. https-www-nullsecurity-net_foo.) -N - disable colored output (also auto-disabled when not on a TTY or when NO_COLOR env var is set) other options -n - nameservers (default: '1.1.1.1,8.8.8.8,208.67.222.222' multi separated by ',') -z - resume from a session file written on prev ctrl+c (only level 0 saves are supported) misc -X - print built-in user-agents -V - print version of lulzbuster and exit -H - print this help and exit ``` # 作者 noptrix # 备注 - 代码整洁;真实项目 - lulzbuster 已打包并可通过 [BlackArch Linux](https://www.blackarch.org/) 获取 - 我的 master 分支始终是稳定的;dev 分支用于当前的开发 工作。 - 你找到的所有关于我的公开内容均通过 [nullsecurity.net](https://www.nullsecurity.net/) 官方宣布并发布。 # 许可证 请查阅 docs/LICENSE。 # 免责声明 我们在此强调,在 [nullsecurity.net](http://nullsecurity.net) 上发现的与黑客相关的内容仅供学习使用。 我们不对任何损害负责。你需对自己的 行为负责。
标签:C, libcurl, PoC, 大数据, 客户端加密, 暴力破解, 目录扫描