recursebuster
recursebuster copied to clipboard
C-Sto
rapid content discovery tool for recursively querying webservers, handy in pentesting and web application assessments
Hi, I think you should add url.Parse for url parse from html before send it to channel because something like this can happen. ``` GOOD: GET Found https://xxx.io/www.xxx.com -->
`recursebuster -u 'https://cunnnnnntttttt' -vhost 'cunnnnnntttttt' -proxy http://127.0.0.1:8080 -ua 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3754.0 Safari/537.36' -sitemap -nohead -badheader 'Content-Length: 503' -k -t 5 -w...
When you encounter a panic with the fancy UI up, the error details are swallowed by the terminal resetting. It also totally breaks the terminal afterwards, which is really cool....
as per title, would be nice to be able to provide a case sensitive wordlist that intelligently removes duplicates based on previous responses (or maybe a test upfront on the...
input list is kind of out of order apparently, either add the ability to enforce ordering and take a performance hit, or just explicitly say 'lol this will be out...
like it says in title, don't do recursion/dir bruting on dotted paths. Probably an opt-out or in option I guess... (suggested by @l0ss)
Currently it works best if you `sort -u busted.txt > sorted.txt` to view the rough sitemap discovered. Ideally I'd like to write it sorted to avoid this step....
As per #15 - Would be good to store 'good' for errors in the cases where malformed responses are received
Found a server that responds with a strange header, seems to cause Golang's net/http lib to be unhappy. Sample response header: ``` HTTP/1.1 500 Internal Server Error Content-Length: 42 Content-Type:...