noptrix/lulzbuster
GitHub: noptrix/lulzbuster
一款基于 libcurl 和 C 语言编写的多线程高速 HTTP(S) 目录与文件暴力破解工具,帮助安全测试人员快速枚举目标网站上的隐藏路径。
Stars: 141 | Forks: 21
# 描述
一个多线程、极速且智能的 HTTP(S) 目录与文件暴力破解工具,基于 libcurl 使用 C 语言编写。
给定一个目标 URL 和字典文件,它通过发起并发 HTTP 请求来枚举有效路径,并报告看起来像是真实命中的响应(即用户未排除的状态码)。
它专为渗透测试人员、漏洞赏金猎人和 CTF 选手设计,适合那些需要一个小巧、快速、可脚本化且能将一件事做到极致的工具的用户。
# 用法
```
$ lulzbuster -H
__ __ __ __
/ /_ __/ /___ / /_ __ _______/ /____ _____
/ / / / / /_ / / __ \/ / / / ___/ __/ _ \/ ___/
/ / /_/ / / / /_/ /_/ / /_/ (__ ) /_/ __/ /
/_/\__,_/_/ /___/_.___/\__,_/____/\__/\___/_/
--==[ by nullsecurity.net ] ==--
usage
lulzbuster -s [opts] |
target options
-s - start url to begin scan with
http options
-h - http request type (default: GET) - ? to list types
-x
- exclude http status codes (default: 400,404,500,501,502,503
multi codes separated by ',')
-f - follow http redirects. hint: better try appending a '/'
with '-A' option first instead of using '-f'
-F - num level to follow http redirects (default: -1 = unlimited)
-u - user-agent string (default: built-in windows edge)
-U - use random built-in user-agents
-c - pass custom header(s) (e.g. 'Cookie: foo=bar; lol=lulz')
-a - http auth credentials (format: :)
-r - turn on auto update referrer
-j - define http version (default: curl's default) - ? to list
tls options
-i - insecure mode (skips ssl/tls cert verification)
-E - client cert file (PEM) for mTLS
-y - client key file (PEM) for mTLS
-Y - passphrase for an encrypted client key
timeout options
-D - num seconds for delay between requests (default: 0)
-C - num seconds for connect timeout (default: 10)
-R - num seconds for request timeout (default: 30)
-T - num seconds to give up and exit lulzbuster completely
(default: none)
tuning options
-t - num threads for concurrent scanning (default: 35)
-g - per-thread connection cache size for curl (default: 35)
note: each worker thread keeps its own cache; 1 conn
per host suffices, higher only helps across many hosts
wordlist options
-w - wordlist file
(default: /usr/local/share/lulzbuster/lists/medium.txt)
-A - append any words separated by comma (e.g. '/,.php,~bak)
proxy options
-p - proxy address (format: ://:) - ? to
list supported schemes
-P - proxy auth credentials (format: :)
body filter options
-m - skip hits with body smaller than bytes.
suffix K/M/G accepted (e.g. 100, 10K, 5M)
-M - skip hits with body bigger than bytes.
suffix K/M/G accepted (e.g. 1M, 1G)
-b - keep only hits whose body matches the POSIX extended
regex (e.g. 'admin|login'). evaluated on first ~1MB
of body. complements -x (codes) and -m/-M (size)
-B - drop hits whose body matches the POSIX extended
regex (e.g. 'page not found'). useful against CMS
targets that return custom 200 'soft 404' pages
smart options
-S - smart mode aka: eliminate false-positives, show more
infos, etc. use this if speed is not your 1st priority!
-K - smart mode cluster threshold (default: 8). after N
hits with same (code, size_bucket) further matches
are suppressed as wildcard noise
recursion options
-d - max recursion depth (default: 0 = no recursion).
recurses into hits ending with '/' that returned
200/301/302/401/403
-e - paths to exclude from recursion (substring match)
multi separated by ',' (e.g. '/admin/,logout')
output options
-l - log hits to file. with single -O format the path
is used exact; with multiple formats the path is
a stem and '.' is appended per format. without
-O the format defaults to 'log' (text)
-O - opt in to logging and pick format(s): 'log', 'csv',
'jsonl', 'all' or comma-list (e.g. 'log,jsonl').
without -l each format gets an auto-derived name
(e.g. https-www-nullsecurity-net_foo.)
-N - disable colored output (also auto-disabled when not
on a TTY or when NO_COLOR env var is set)
other options
-n - nameservers (default: '1.1.1.1,8.8.8.8,208.67.222.222'
multi separated by ',')
-z - resume from a session file written on prev ctrl+c
(only level 0 saves are supported)
misc
-X - print built-in user-agents
-V - print version of lulzbuster and exit
-H - print this help and exit
```
# 作者
noptrix
# 备注
- 代码整洁;真实项目
- lulzbuster 已打包并可通过 [BlackArch
Linux](https://www.blackarch.org/) 获取
- 我的 master 分支始终是稳定的;dev 分支用于当前的开发
工作。
- 你找到的所有关于我的公开内容均通过
[nullsecurity.net](https://www.nullsecurity.net/) 官方宣布并发布。
# 许可证
请查阅 docs/LICENSE。
# 免责声明
我们在此强调,在
[nullsecurity.net](http://nullsecurity.net) 上发现的与黑客相关的内容仅供学习使用。
我们不对任何损害负责。你需对自己的
行为负责。 标签:C, libcurl, PoC, 大数据, 客户端加密, 暴力破解, 目录扫描