FileBuster, a free tool to fuzz a website faster & flexible based on a dictionary using regex patterns. FileBuster was built based on one of the fastest HTTP classes in the world. Furl::HTTP. Also the thread modelling is a bit optimized to run as fast as possible. This tool is created using Perl language.
Features:
- The already mentioned Regex patterns
- Supports HTTP/HTTPS/SOCKS proxy
- Allows for multiple wordlists using wildcards
- Additional file extensions
- Adjustable timeouts and retries
- Adjustable delays / throttling
- Hide results based on HTTP code, length or words in headers or body
- Support for custom cookies
- Support for custom headers
- Supports multiple versions of the TLS protocol
- Automatic TTY detection
- Recursive scans
- Integrated wordlists
Requirements:
- Perl version 5.10 or higher is required
- FileBuster software
- Linux system.
Download and Install:
Download FileBuster and so no installation is necessary. But the best way to use FileBuster is by creating a soft link on a directory that is included in the path.
ln -s /path/to/filebuster.pl /usr/local/bin/filebuster
FileBuster can be run using the following command:
perl filebuster.pl -u http://yoursite.com/ -w /path/to/wordlist.txt
If you want to fuzz the final part of the URL, then you don’t need to using the tag {fuzz} to indicate where to inject. A more complex example:
perl filebuster.pl -u http://yoursite.com/{fuzz}.jsp -w /path/to/wordlist.txt -t 3 -x http://127.0.0.1:8080 --hs "Error"
Using wordlist you can start using FileBuster right away:
perl filebuster.pl -u http://yoursite.com/ -w wordlists/normal.txt
If you need more wordlists, you can click here.