ZenBuster – Multi-Threaded, Multi-Platform URL Enumeration Tool Written In Python

zenbuster

This software is intended for use in CTF challenges, or by security professionals to gather information on their targets:

  • It is capable of brute-force enumerating subdomains and also URI resources (directories/files).
  • Both methods of enumeration require the use of an appropriate wordlist or dictionary file.
  • Features Include:
    1. Hostname format supports standard, IPv4, and IPv6.
    2. Support for logging results to a file with -O [filename].
    3. Specifying custom ports for nonstandard webservers with -p .
    4. Optional file extensions in directory mode with -x .
    5. Quiet mode for less distracting output with -Q.
    6. Color can be disabled for less distracting output with -nc/-nl.
    7. Tested on Python versions 3.9 and 3.10, with theoretical support for versions >= 3.6

Installation

Firstly, ensure that Python version >= 3.6 is installed, then clone the repository with:

git clone https://github.com/0xTas/zenbuster.git

Next, cd zenbuster.

Dependencies

ZenBuster relies on 3 external libraries to function, and it is recommended to install these with:

pip install -r requirements.txt

The modules that will be installed and their purposes are as follows:

  1. Python requests
    • The backbone of each enumeration request. Without this, the script will not function.
  2. termcolor
    • Enables colored terminal output. Non-critical, the script can still run without color if this is not present.
  3. colorama (Windows only)
    • Primes the Windows terminal to accept ANSI color codes (from Termcolor). Non-critical.

These dependencies may be installed manually, with pip using requirements.txt, or via interaction with the script upon the first run.


Usage

Once dependencies have been installed, you can run the program in the following ways:

On Linux (+Mac?):

./zenbuster.py [options] or python3 zenbuster.py [options]

On Windows:

python zenbuster.py [options]

[Options]

Short FlagLong FlagPurpose
-h–helpDisplays the help screen and exits
-d–dirsEnables Directory Enumeration Mode
-s-sslForces usage of HTTPS in requests
-v–verbosePrints verbose info to terminal/log
-q–quietMinimal terminal output until final results
-nc–no-colorDisables colored terminal output
-nl–no-lolcatDisables lolcat-printed banner (Linux only)
-u <hostname>–hostHost to target for the scan
-w <wordlist>–wordlistPath to wordlist/dictionary file
-x <exts>–extComma-separated list of file extensions (Dirs only)
-p <port#>–portCustom port option for nonstandard webservers
-o [filename]–out-fileLog results to a file (accepts custom name/path)

Example Usage

./zenbuster.py -d -w /usr/share/wordlists/dirb/common.txt -u target.thm -v

python3 zenbuster.py -w ../subdomains.txt --host target.thm --ssl -O myResults.log

zenbuster -w subdomains.txt -u target.thm --quiet (With .bashrc alias)


Planned Features/Improvements

  • Increased levels of optional verbosity.
  • Allow optional throttling of task thread-count.
  • Allow users to modify the list of ignored status codes.
  • Allow greater user control over various request headers.
  • Allow optional ignoring of responses based on content-length.
  • Expand subdomain enumeration to include OSINT methods instead of just brute-forcing.
  • Explore a more comprehensive and source-readable solution to fancy colored output (possibly using rich).

Known Issues/Limitations

  • Enumerating long endpoints may result in ugly terminal output due to line-wrapping on smaller console windows. Logging to a file is recommended, especially on Windows.
  • If the target host is a vHost on a shared web server, enumeration via IP may not function as expected. Use domain/hostname instead.

Download: https://github.com/0xTas/zenbuster

Please follow and like us:

Leave a Reply

Your email address will not be published. Required fields are marked *