FileBuster – Fast And Flexible Web Fuzzer

  • 155
  •  
  •  
  •  
  •  
  •  
  •  
  •  
    155
    Shares

FileBuster, a free tool to fuzz a website faster & flexible based on a dictionary using regex patterns. FileBuster was built based on one of the fastest HTTP classes in the world. Furl::HTTP. Also the thread modelling is a bit optimized to run as fast as possible. This tool is created using Perl language.

 

Features:

  • The already mentioned Regex patterns
  • Supports HTTP/HTTPS/SOCKS proxy
  • Allows for multiple wordlists using wildcards
  • Additional file extensions
  • Adjustable timeouts and retries
  • Adjustable delays / throttling
  • Hide results based on HTTP code, length or words in headers or body
  • Support for custom cookies
  • Support for custom headers
  • Supports multiple versions of the TLS protocol
  • Automatic TTY detection
  • Recursive scans
  • Integrated wordlists

 

Requirements:

  • Perl version 5.10 or higher is required
  • FileBuster software
  • Linux system.

Download and Install:

Download FileBuster and so no installation is necessary. But the best way to use FileBuster is by creating a soft link on a directory that is included in the path.

ln -s /path/to/filebuster.pl /usr/local/bin/filebuster

 

FileBuster can be run using the following command:

perl filebuster.pl -u http://yoursite.com/ -w /path/to/wordlist.txt

 

 

If you want to fuzz the final part of the URL, then you don’t need to using the tag {fuzz} to indicate where to inject. A more complex example:

perl filebuster.pl -u http://yoursite.com/{fuzz}.jsp -w /path/to/wordlist.txt -t 3 -x http://127.0.0.1:8080 --hs "Error"

 

Using wordlist you can start using FileBuster right away:

perl filebuster.pl -u http://yoursite.com/ -w wordlists/normal.txt

If you need more wordlists, you can click here.

 

Download FlieBuster

The following two tabs change content below.

William Fieldhouse

I currently work full time as a penetration tester and have been involved within the IT security industry for over a decade. I also love to pioneer any forms of new technology and ideologies for future advancements. Feel free to contact me at [email protected]

William Fieldhouse

I currently work full time as a penetration tester and have been involved within the IT security industry for over a decade. I also love to pioneer any forms of new technology and ideologies for future advancements. Feel free to contact me at [email protected]

Leave a Reply