___ __ ____ _ __ __
/ | __ __/ /_____ / __ \(_)____/ /_ __ _______/ /____ _____
/ /| |/ / / / __/ __ \/ / / / / ___/ __ \/ / / / ___/ __/ _ \/ ___/
/ ___ / /_/ / /_/ /_/ / /_/ / / / / /_/ / /_/ (__ ) /_/ __/ /
/_/ |_\__,_/\__/\____/_____/_/_/ /_.___/\__,_/____/\__/\___/_/
git clone https://github.com/NetSPI/AutoDirbuster.git
cd AutoDirbuster && pip3 install -r requirements.txt
python AutoDirbuster.py ip_port_list.txt -w my_wordlist.txt
Ffuf is a great directory buster but running it against multiple IPs and ports is a very manual process with a lot of downtime between scans. This script attempts to automate that process and eliminates downtime between scans.
If attacking multiple targets:
-
Run Nmap and find open ports
-
Review the Nmap results and create an IP:port list, one per line
-
Run AutoDirbuster against the open ports
-
AutoDirbuster will determine if the provided port is open and if the service is HTTP based
python AutoDirbuster.py ip_port_list.txt -w my_wordlist.txt
If attacking a single target:
python AutoDirbuster.py -u example.com:80 -w my_wordlist.txt
Useful options include:
Option | Purpose |
---|---|
--dns | Resolve IPs to hostnames |
--extensions | File extensions to use when scanning |
--rate | Rate of requests per second |
--timeout | Set a timeout value for each host in minutes |
--match-codes | Match provided HTTP status codes |
--custom-option | Specify ffuf option that AutoDirbuster doesn't support by default |
Specify the --help
flag for a full list of options.
The program can take two data sources:
- List of IP:port or hostname:port, one per line
python AutoDirbuster.py ip_port_list.txt -w my_wordlist.txt
- Single target
python AutoDirbuster.py -u example.com:80 -w my_wordlist.txt
- A list of targets is provided
- A TCP connect scan is done on the target port to test if it's open
- If the port open, HTTP and HTTPS requests are sent to determine if the service is HTTP-based and whether it requires TLS
- If the service is HTTP, a check is done to determine if a previous report file is in the same directory
- Report files follow the format:
ffuf-report-{proto}_{target}_{port}'
- Report files follow the format:
- ffuf is run using Python's
subprocess.Popen()
- The next IP:port goes through the same process (TCP connect, HTTP service query, dirbust)
Ensure the following:
- Are all the dependencies listed in
requirements.txt
installed? - Is
ffuf
installed and in your system path?- Try running
ffuf -V
- Installation instructions can be found on the ffuf GitHub repository page
- Try running
- You may need to use Python 3.11+
- Version information can be obtained by running
python -V
- Version information can be obtained by running
# python AutoDirbuster.py --help
usage:
___ __ ____ _ __ __
/ | __ __/ /_____ / __ \(_)____/ /_ __ _______/ /____ _____
/ /| |/ / / / __/ __ \/ / / / / ___/ __ \/ / / / ___/ __/ _ \/ ___/
/ ___ / /_/ / /_/ /_/ / /_/ / / / / /_/ / /_/ (__ ) /_/ __/ /
/_/ |_\__,_/\__/\____/_____/_/_/ /_.___/\__,_/____/\__/\___/_/
AutoDirbuster.py [options] {target file}
Automatically run and save ffuf scans for multiple IPs
options:
-h, --help show this help message and exit
AutoDirbuster options:
target Target file with IP:port, one per line
-u, --url Single target mode, positional argument is target in IP:port
format
-f, --force Force mode; don't check if report file exists, this will result in
previous reports being overwritten
--dns Automatically resolve IP address to hostname to use during dirbust
--debug Show debugging information
ffuf options:
-w WORDLIST, --wordlist WORDLIST
Wordlist to use for list based brute force
-X METHOD, --method METHOD
HTTP method to use; default=GET
-e EXTENSIONS, --extensions EXTENSIONS
File extension list (e.g.: "asp,aspx"); default is None
-t THREADS, --threads THREADS
Override the default number of ffuf threads
--rate RATE Rate of requests per second
-to TIMEOUT, --timeout TIMEOUT
Set a timeout value for each host in minutes; default is None
-fr, --follow-redirects
Follow redirects; default is False
-r, --recursive Recursive mode; default is False
-s STARTPOINT, --startpoint STARTPOINT
Start point of the scan; default=/
-of OUTPUT_FORMAT, --output-format OUTPUT_FORMAT
Output format to write results to; default=csv
-mc MATCH_CODES, --match-codes MATCH_CODES
Match HTTP status codes;
default=200,204,301,302,307,401,403,405,500
-nac, --no-auto-calibrate
Do not automatically calibrate filtering options
-H HEADER, --header HEADER
HTTP header "Name: Value", separated by colon
--custom-option CUSTOM_OPTION [CUSTOM_OPTION ...]
Specify ffuf option that AutoDirbuster doesn't support by default.
Argument should be a key/value pair separated by a comma with no
leading '-', example: --custom-option=ml,1. If the provided
argument is a boolean, provide an empty value: --custom-option=sa,
Examples:
python AutoDirbuster.py ip_port_list.txt -w my_wordlist.txt
python AutoDirbuster.py -st example.com:80 -w my_wordlist.txt -mc 200,500
python AutoDirbuster.py ip_port_list.txt -w my_wordlist.txt -r -e "php,html" --dns