{"id":11329,"date":"2020-08-26T15:05:56","date_gmt":"2020-08-26T09:35:56","guid":{"rendered":"http:\/\/kalilinuxtutorials.com\/?p=11329"},"modified":"2020-08-26T15:05:56","modified_gmt":"2020-08-26T09:35:56","slug":"urlbuster","status":"publish","type":"post","link":"https:\/\/kalilinuxtutorials.com\/urlbuster\/","title":{"rendered":"URLBuster : Powerful Mutable Web Directory Fuzzer To Bruteforce"},"content":{"rendered":"\n<p><strong>URLBuster<\/strong> is a powerful web directory fuzzer to locate existing and\/or hidden files or directories. Similar to <a href=\"http:\/\/dirb.sourceforge.net\/\">dirb<\/a> or <a href=\"https:\/\/github.com\/OJ\/gobuster\">gobuster<\/a>, but with a lot of mutation options.<\/p>\n\n\n\n<p class=\"has-text-align-center has-vivid-green-cyan-background-color has-background\"><strong>Installation<\/strong><\/p>\n\n\n\n<p class=\"has-vivid-green-cyan-color has-black-background-color has-text-color has-background\"><strong>pip install urlbuster<\/strong><\/p>\n\n\n\n<p class=\"has-text-align-center has-vivid-green-cyan-background-color has-background\"><strong>Features<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Proxy support<\/li><li>Cookie support<\/li><li>Basic Auth<\/li><li>Digest Auth<\/li><li>Retries (for slow servers)<\/li><li>Persistent and non-persistent HTTP connection<\/li><li>Request methods: GET, POST, PUT, DELETE, PATCH, HEAD, OPTIONS<\/li><li>Custom HTTP header<\/li><li>Mutate POST, PUT and PATCH payloads<\/li><li>Mutate with different request methods<\/li><li>Mutate with different HTTP headers<\/li><li>Mutate with different file extensions<\/li><li>Mutate with and without trailing slashes<\/li><li>Enumerate GET parameter values<\/li><\/ul>\n\n\n\n<p class=\"has-text-align-center has-vivid-green-cyan-background-color has-background\"><strong>Usage<\/strong><\/p>\n\n\n\n<p class=\"has-vivid-green-cyan-color has-black-background-color has-text-color has-background\"><strong>Usage:<\/strong> urlbuster [options] -w \/-W BASE_URL<br>urlbuster -V, &#8211;help<br>urlbuster -h, &#8211;version<br>URL bruteforcer to locate existing and\/or hidden files or directories.<br>Similar to dirb or gobuster, but also allows to iterate over multiple HTTP request methods,<br>multiple useragents and multiple host header values.<br><br><strong>Positional Arguments:<\/strong><br>BASE_URL The base URL to scan.<br><br><strong>Required Arguments:<\/strong><br>-w str, &#8211;word str Word to use.<br>-W f, &#8211;wordlist f Path to wordlist to use.<br><br><strong>Optional Global Arguments:<\/strong><br>-n, &#8211;new Use a new connection for every request.<br>If not specified persistent http connection will be used for all requests.<br>Note, using a new connection will decrease performance,<br>but ensure to have a clean state on every request.<br>A persistent connection on the other hand will use any additional cookie values<br>it has received from a previous request.<br>-f, &#8211;follow Follow redirects.<br>-k, &#8211;insecure Do not verify TLS certificates.<br>-v, &#8211;verbose Show also missed URLs.<br>&#8211;code str [str \u2026] HTTP status code to treat as success.<br>You can use a &#8216;.&#8217; (dot) as a wildcard.<br>Default: 2.. 3.. 403 407 411 426 429 500 505 511<br>&#8211;payload p [p \u2026] POST, PUT and PATCH payloads for all requests.<br>Note, multiple values are allowed for multiple payloads.<br>Note, if duplicates are specified, the last one will overwrite.<br>See &#8211;mpayload for mutations.<br>Format: = [=]<br>&#8211;header h [h \u2026] Custom http header string to add to all requests.<br>Note, multiple values are allowed for multiple headers.<br>Note, if duplicates are specified, the last one will overwrite.<br>See &#8211;mheaders for mutations.<br>Format: : [:]<br>&#8211;cookie c [c \u2026] Cookie string to add to all requests.<br>Format: = [=]<br>&#8211;proxy str Use a proxy for all requests.<br>Format: http:\/\/:<br>Format: http:\/\/:@:<br>Format: https:\/\/:<br>Format: https:\/\/:@:<br>Format: socks5:\/\/:<br>Format: socks5:\/\/:@:<br>&#8211;auth-basic str Use basic authentication for all requests.<br>Format: :<br>&#8211;auth-digest str Use digest authentication for all requests.<br>Format: :<br>&#8211;timeout sec Connection timeout in seconds for each request.<br>Default: 5.0<br>&#8211;retry num Connection retries per request.<br>Default: 3<br>&#8211;delay sec Delay between requests to not flood the server.<br>&#8211;output file Output file to write results to.<br><br><strong>Optional Mutating Arguments:<\/strong><br>The following arguments will increase the total number of requests to be made by<br>applying various mutations and testing each mutation on a separate request.<br><br>&#8211;method m [m \u2026] List of HTTP methods to test each request against.<br>Note, each supplied method will double the number of requests.<br>Supported methods: GET POST PUT DELETE PATCH HEAD OPTIONS<br>Default: GET<br>&#8211;mpayload p [p \u2026] POST, PUT and PATCH payloads to mutate all requests..<br>Note, multiple values are allowed for multiple payloads.<br>Format: = [=]<br>&#8211;mheader h [h \u2026] Custom http header string to add to mutate all requests.<br>Note, multiple values are allowed for multiple headers.<br>Format: : [:]<br>&#8211;ext ext [ext \u2026] List of file extensions to to add to words for testing.<br>Note, each supplied extension will double the number of requests.<br>Format: .zip [.pem]<br>&#8211;slash str Append or omit a trailing slash to URLs to test.<br>Note, a slash will be added after the extensions if they are specified as well.<br>Note, using &#8216;both&#8217; will double the number of requests.<br>Options: both, yes, no<br>Default: no<br><br><strong>Misc Arguments:<\/strong><br>-h, &#8211;help Show this help message and exit<br>-V, &#8211;version Show version information<br><br><strong>Examples<\/strong><br>urlbuster -W \/path\/to\/words http:\/\/example.com\/<br>urlbuster -W \/path\/to\/words http:\/\/example.com:8000\/<br>urlbuster -k -W \/path\/to\/words https:\/\/example.com:10000\/<\/p>\n\n\n\n<p class=\"has-text-align-center has-vivid-green-cyan-background-color has-background\"><strong>Mutation Example<\/strong><\/p>\n\n\n\n<p>Some websites behave differently for the same path depending on the specified user agent.<\/p>\n\n\n\n<p class=\"has-vivid-green-cyan-color has-black-background-color has-text-color has-background\">$ urlbuster \\<br>-W \/usr\/share\/dirb\/wordlists\/common.txt \\<br>&#8211;mheader &#8216;User-Agent:Googlebot\/2.1 (+http:\/\/www.googlebot.com\/bot.html)&#8217; \\<br>&#8211;method &#8216;POST,GET,DELETE,PUT,PATCH&#8217; \\<br>http:\/\/www.domain.tld\/<\/p>\n\n\n\n<p class=\"has-text-align-center has-vivid-green-cyan-background-color has-background\"><strong>Examples<\/strong><\/p>\n\n\n\n<p class=\"has-black-color has-light-green-cyan-background-color has-text-color has-background\"><strong>Default Usage<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Basic<\/strong><\/li><\/ul>\n\n\n\n<pre class=\"wp-block-preformatted\">$ urlbuster \\\n  -W \/path\/to\/wordlist.txt \\\n  http:\/\/www.domain.tld\/<\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Proxy through Burpsuite<\/strong><\/li><\/ul>\n\n\n\n<pre class=\"wp-block-preformatted\">$ urlbuster \\\n  -W \/path\/to\/wordlist.txt \\\n  --proxy 'http:\/\/localhost:8080' \\\n  http:\/\/www.domain.tld\/<\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Save results to file<\/strong><\/li><\/ul>\n\n\n\n<pre class=\"wp-block-preformatted\">$ urlbuster \\\n  -W \/path\/to\/wordlist.txt \\\n  --output out.txt \\\n  http:\/\/www.domain.tld\/<\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Scan behind Basic Auth<\/strong><\/li><\/ul>\n\n\n\n<pre class=\"wp-block-preformatted\">$ urlbuster \\\n  -W \/path\/to\/wordlist.txt \\\n  --auth-basic 'user:pass' \\\n  http:\/\/www.domain.tld\/<\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Use session cookie<\/strong><\/li><\/ul>\n\n\n\n<pre class=\"wp-block-preformatted\">$ urlbuster \\\n  -W \/path\/to\/wordlist.txt \\\n  --cookie 'PHPSESSID=a79b00e7-035a-2bb4-352a-439d855feabf' \\\n  http:\/\/www.domain.tld\/<\/pre>\n\n\n\n<p class=\"has-black-color has-light-green-cyan-background-color has-text-color has-background\"><strong>Find files<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Find files in root directory<\/strong><\/li><\/ul>\n\n\n\n<pre class=\"wp-block-preformatted\">$ urlbuster \\\n  -W \/path\/to\/wordlist.txt \\\n  --code 200 301 302 \\\n  --ext .zip .tar .tar.gz .gz .rar \\\n  http:\/\/www.domain.tld\/<\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Find files in sub directory<\/strong><\/li><\/ul>\n\n\n\n<pre class=\"wp-block-preformatted\">$ urlbuster \\\n  -W \/path\/to\/wordlist.txt \\\n  --code 200 301 302 \\\n  --ext .zip .tar .tar.gz .gz .rar \\\n  http:\/\/www.domain.tld\/wp-content\/<\/pre>\n\n\n\n<p class=\"has-light-green-cyan-background-color has-background\"><strong>Advanced usage<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Bruteforce query parameter<\/strong><\/li><\/ul>\n\n\n\n<pre class=\"wp-block-preformatted\">$ urlbuster \\\n  -W \/path\/to\/wordlist.txt \\\n  --method GET \\\n  --code 200 301 302 \\\n  http:\/\/www.domain.tld\/search?q=<\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Bruteforce POST requests<\/strong><\/li><\/ul>\n\n\n\n<pre class=\"wp-block-preformatted\">$ urlbuster \\\n  -W \/path\/to\/wordlist.txt \\\n  --code 200 301 302 \\\n  --method POST \\\n  --payload \\\n    'user=somename' \\\n    'pass=somepass' \\\n    'mail=some@mail.tld' \\\n    'submit=yes' \\\n  http:\/\/www.domain.tld\/<\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Bruteforce mutated POST requests<\/strong><\/li><\/ul>\n\n\n\n<pre class=\"wp-block-preformatted\">$ urlbuster \\\n  -w index.php \\\n  --code 200 301 302 \\\n  --method POST \\\n  --mpayload \\\n    'user=somename1' \\\n    'user=somename2' \\\n    'user=somename3' \\\n    'pass=somepass1' \\\n    'pass=somepass2' \\\n    'pass=somepass3' \\\n    'mail=some@mail1.tld' \\\n    'mail=some@mail2.tld' \\\n    'mail=some@mail3.tld' \\\n    'submit=yes' \\\n  http:\/\/www.domain.tld\/wp-admin\/<\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Useragent SQL injections<\/strong><\/li><\/ul>\n\n\n\n<pre class=\"wp-block-preformatted\">$ urlbuster \\\n  -W \/path\/to\/wordlist.txt \\\n  --code 5.. \\\n  --method GET POST \\\n  --mheader \\\n    \"User-Agent: ;\" \\\n    \"User-Agent: ' or \\\"\" \\\n    \"User-Agent: -- or #\" \\\n    \"User-Agent: ' OR '1\" \\\n    \"User-Agent: ' OR 1 -- -\" \\\n    \"User-Agent: \\\" OR 1 = 1 -- -\" \\\n    \"User-Agent: '='\" \\\n    \"User-Agent: 'LIKE'\" \\\n    \"User-Agent: '=0--+\" \\\n    \"User-Agent:  OR 1=1\" \\\n    \"User-Agent: ' OR 'x'='x\" \\\n    \"User-Agent: ' AND id IS NULL; --\" \\\n  http:\/\/www.domain.tld\/<\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Find potential vhosts<\/strong><\/li><\/ul>\n\n\n\n<pre class=\"wp-block-preformatted\">$ urlbuster \\\n  -w \/ \\\n  --method GET POST \\\n  --mheader \\\n    \"Host: internal1.lan\" \\\n    \"Host: internal2.lan\" \\\n    \"Host: internal3.lan\" \\\n    \"Host: internal4.lan\" \\\n    \"Host: internal5.lan\" \\\n    \"Host: internal6.lan\" \\\n  http:\/\/10.0.0.1<\/pre>\n\n\n\n<p class=\"has-text-align-center has-vivid-green-cyan-background-color has-background\"><strong><a href=\"https:\/\/github.com\/cytopia\" target=\"_blank\" rel=\"noreferrer noopener\">Cytopiy <\/a>Sec Tools<\/strong><\/p>\n\n\n\n<p>Below is a list of sec tools and docs I am maintaining.<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table><thead><tr><th>Name<\/th><th>Category<\/th><th>Language<\/th><th>Description<\/th><\/tr><\/thead><tbody><tr><td><strong><a href=\"https:\/\/github.com\/cytopia\/offsec\">offsec<\/a><\/strong><\/td><td>Documentation<\/td><td>Markdown<\/td><td>Offsec checklist, tools and examples<\/td><\/tr><tr><td><strong><a href=\"https:\/\/github.com\/cytopia\/header-fuzz\">header-fuzz<\/a><\/strong><\/td><td>Enumeration<\/td><td>Bash<\/td><td>Fuzz HTTP headers<\/td><\/tr><tr><td><strong><a href=\"https:\/\/github.com\/cytopia\/smtp-user-enum\">smtp-user-enum<\/a><\/strong><\/td><td>Enumeration<\/td><td>Python 2+3<\/td><td>SMTP users enumerator<\/td><\/tr><tr><td><strong><a href=\"https:\/\/github.com\/cytopia\/urlbuster\">urlbuster<\/a><\/strong><\/td><td>Enumeration<\/td><td>Python 2+3<\/td><td>Mutable web directory fuzzer<\/td><\/tr><tr><td><strong><a href=\"https:\/\/github.com\/cytopia\/netcat\">netcat<\/a><\/strong><\/td><td>Pivoting<\/td><td>Python 2+3<\/td><td>Cross-platform netcat<\/td><\/tr><tr><td><strong><a href=\"https:\/\/github.com\/cytopia\/badchars\">badchars<\/a><\/strong><\/td><td>Reverse Engineering<\/td><td>Python 2+3<\/td><td>Badchar generator<\/td><\/tr><tr><td><strong><a href=\"https:\/\/github.com\/cytopia\/fuzza\">fuzza<\/a><\/strong><\/td><td>Reverse Engineering<\/td><td>Python 2+3<\/td><td>TCP fuzzing tool<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<div class=\"wp-block-buttons aligncenter is-layout-flex wp-block-buttons-is-layout-flex\">\n<div class=\"wp-block-button is-style-outline is-style-outline--1\"><a class=\"wp-block-button__link has-vivid-cyan-blue-background-color has-background\" href=\"https:\/\/github.com\/cytopia\/urlbuster\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Download<\/strong><\/a><\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>URLBuster is a powerful web directory fuzzer to locate existing and\/or hidden files or directories. Similar to dirb or gobuster, but with a lot of mutation options. Installation pip install urlbuster Features Proxy support Cookie support Basic Auth Digest Auth Retries (for slow servers) Persistent and non-persistent HTTP connection Request methods: GET, POST, PUT, DELETE, [&hellip;]<\/p>\n","protected":false},"author":4,"featured_media":16483,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/1.bp.blogspot.com\/-AiZxGyx2LU8\/X0Uu7DOg0LI\/AAAAAAAAHa8\/nTELfcJdjsoOxAIoYVk4Z43jPAMVF1HwwCLcBGAsYHQ\/s728\/urlbuster%25281%2529.png","fifu_image_alt":"URLBuster : Powerful Mutable Web Directory Fuzzer To Bruteforce","_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[28],"tags":[465,1278,2155,3485],"class_list":["post-11329","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-kali","tag-bruteforce","tag-fuzzer","tag-mutable","tag-urlbuster"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>URLBuster : Powerful Mutable Web Directory Fuzzer To Bruteforce<\/title>\n<meta name=\"description\" content=\"URLBuster is a powerful web directory fuzzer to locate existing and\/or hidden files or directories. Similar to dirb or gobuster\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/kalilinuxtutorials.com\/urlbuster\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"URLBuster : Powerful Mutable Web Directory Fuzzer To Bruteforce\" \/>\n<meta property=\"og:description\" content=\"URLBuster is a powerful web directory fuzzer to locate existing and\/or hidden files or directories. Similar to dirb or gobuster\" \/>\n<meta property=\"og:url\" content=\"https:\/\/kalilinuxtutorials.com\/urlbuster\/\" \/>\n<meta property=\"og:site_name\" content=\"Kali Linux Tutorials\" \/>\n<meta property=\"article:published_time\" content=\"2020-08-26T09:35:56+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/1.bp.blogspot.com\/-AiZxGyx2LU8\/X0Uu7DOg0LI\/AAAAAAAAHa8\/nTELfcJdjsoOxAIoYVk4Z43jPAMVF1HwwCLcBGAsYHQ\/s728\/urlbuster%25281%2529.png\" \/>\n<meta name=\"author\" content=\"R K\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/1.bp.blogspot.com\/-AiZxGyx2LU8\/X0Uu7DOg0LI\/AAAAAAAAHa8\/nTELfcJdjsoOxAIoYVk4Z43jPAMVF1HwwCLcBGAsYHQ\/s728\/urlbuster%25281%2529.png\" \/>\n<meta name=\"twitter:creator\" content=\"@CyberEdition\" \/>\n<meta name=\"twitter:site\" content=\"@CyberEdition\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"R K\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/urlbuster\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/urlbuster\/\"},\"author\":{\"name\":\"R K\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad\"},\"headline\":\"URLBuster : Powerful Mutable Web Directory Fuzzer To Bruteforce\",\"datePublished\":\"2020-08-26T09:35:56+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/urlbuster\/\"},\"wordCount\":787,\"publisher\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/urlbuster\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/1.bp.blogspot.com\/-AiZxGyx2LU8\/X0Uu7DOg0LI\/AAAAAAAAHa8\/nTELfcJdjsoOxAIoYVk4Z43jPAMVF1HwwCLcBGAsYHQ\/s728\/urlbuster%25281%2529.png\",\"keywords\":[\"bruteforce\",\"Fuzzer\",\"Mutable\",\"URLBuster\"],\"articleSection\":[\"Kali Linux\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/urlbuster\/\",\"url\":\"https:\/\/kalilinuxtutorials.com\/urlbuster\/\",\"name\":\"URLBuster : Powerful Mutable Web Directory Fuzzer To Bruteforce\",\"isPartOf\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/urlbuster\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/urlbuster\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/1.bp.blogspot.com\/-AiZxGyx2LU8\/X0Uu7DOg0LI\/AAAAAAAAHa8\/nTELfcJdjsoOxAIoYVk4Z43jPAMVF1HwwCLcBGAsYHQ\/s728\/urlbuster%25281%2529.png\",\"datePublished\":\"2020-08-26T09:35:56+00:00\",\"description\":\"URLBuster is a powerful web directory fuzzer to locate existing and\/or hidden files or directories. Similar to dirb or gobuster\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/kalilinuxtutorials.com\/urlbuster\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/urlbuster\/#primaryimage\",\"url\":\"https:\/\/1.bp.blogspot.com\/-AiZxGyx2LU8\/X0Uu7DOg0LI\/AAAAAAAAHa8\/nTELfcJdjsoOxAIoYVk4Z43jPAMVF1HwwCLcBGAsYHQ\/s728\/urlbuster%25281%2529.png\",\"contentUrl\":\"https:\/\/1.bp.blogspot.com\/-AiZxGyx2LU8\/X0Uu7DOg0LI\/AAAAAAAAHa8\/nTELfcJdjsoOxAIoYVk4Z43jPAMVF1HwwCLcBGAsYHQ\/s728\/urlbuster%25281%2529.png\"},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#website\",\"url\":\"https:\/\/kalilinuxtutorials.com\/\",\"name\":\"Kali Linux Tutorials\",\"description\":\"Kali Linux Tutorials\",\"publisher\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/kalilinuxtutorials.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\",\"name\":\"Kali Linux Tutorials\",\"url\":\"https:\/\/kalilinuxtutorials.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png\",\"contentUrl\":\"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png\",\"width\":272,\"height\":90,\"caption\":\"Kali Linux Tutorials\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/CyberEdition\",\"https:\/\/www.threads.com\/@cybersecurityedition\",\"https:\/\/www.linkedin.com\/company\/cyberedition\",\"https:\/\/www.instagram.com\/cybersecurityedition\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad\",\"name\":\"R K\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g\",\"caption\":\"R K\"},\"url\":\"https:\/\/kalilinuxtutorials.com\/author\/ranjith\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"URLBuster : Powerful Mutable Web Directory Fuzzer To Bruteforce","description":"URLBuster is a powerful web directory fuzzer to locate existing and\/or hidden files or directories. Similar to dirb or gobuster","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/kalilinuxtutorials.com\/urlbuster\/","og_locale":"en_US","og_type":"article","og_title":"URLBuster : Powerful Mutable Web Directory Fuzzer To Bruteforce","og_description":"URLBuster is a powerful web directory fuzzer to locate existing and\/or hidden files or directories. Similar to dirb or gobuster","og_url":"https:\/\/kalilinuxtutorials.com\/urlbuster\/","og_site_name":"Kali Linux Tutorials","article_published_time":"2020-08-26T09:35:56+00:00","og_image":[{"url":"https:\/\/1.bp.blogspot.com\/-AiZxGyx2LU8\/X0Uu7DOg0LI\/AAAAAAAAHa8\/nTELfcJdjsoOxAIoYVk4Z43jPAMVF1HwwCLcBGAsYHQ\/s728\/urlbuster%25281%2529.png","type":"","width":"","height":""}],"author":"R K","twitter_card":"summary_large_image","twitter_image":"https:\/\/1.bp.blogspot.com\/-AiZxGyx2LU8\/X0Uu7DOg0LI\/AAAAAAAAHa8\/nTELfcJdjsoOxAIoYVk4Z43jPAMVF1HwwCLcBGAsYHQ\/s728\/urlbuster%25281%2529.png","twitter_creator":"@CyberEdition","twitter_site":"@CyberEdition","twitter_misc":{"Written by":"R K","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/kalilinuxtutorials.com\/urlbuster\/#article","isPartOf":{"@id":"https:\/\/kalilinuxtutorials.com\/urlbuster\/"},"author":{"name":"R K","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad"},"headline":"URLBuster : Powerful Mutable Web Directory Fuzzer To Bruteforce","datePublished":"2020-08-26T09:35:56+00:00","mainEntityOfPage":{"@id":"https:\/\/kalilinuxtutorials.com\/urlbuster\/"},"wordCount":787,"publisher":{"@id":"https:\/\/kalilinuxtutorials.com\/#organization"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/urlbuster\/#primaryimage"},"thumbnailUrl":"https:\/\/1.bp.blogspot.com\/-AiZxGyx2LU8\/X0Uu7DOg0LI\/AAAAAAAAHa8\/nTELfcJdjsoOxAIoYVk4Z43jPAMVF1HwwCLcBGAsYHQ\/s728\/urlbuster%25281%2529.png","keywords":["bruteforce","Fuzzer","Mutable","URLBuster"],"articleSection":["Kali Linux"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/kalilinuxtutorials.com\/urlbuster\/","url":"https:\/\/kalilinuxtutorials.com\/urlbuster\/","name":"URLBuster : Powerful Mutable Web Directory Fuzzer To Bruteforce","isPartOf":{"@id":"https:\/\/kalilinuxtutorials.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/kalilinuxtutorials.com\/urlbuster\/#primaryimage"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/urlbuster\/#primaryimage"},"thumbnailUrl":"https:\/\/1.bp.blogspot.com\/-AiZxGyx2LU8\/X0Uu7DOg0LI\/AAAAAAAAHa8\/nTELfcJdjsoOxAIoYVk4Z43jPAMVF1HwwCLcBGAsYHQ\/s728\/urlbuster%25281%2529.png","datePublished":"2020-08-26T09:35:56+00:00","description":"URLBuster is a powerful web directory fuzzer to locate existing and\/or hidden files or directories. Similar to dirb or gobuster","inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/kalilinuxtutorials.com\/urlbuster\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/urlbuster\/#primaryimage","url":"https:\/\/1.bp.blogspot.com\/-AiZxGyx2LU8\/X0Uu7DOg0LI\/AAAAAAAAHa8\/nTELfcJdjsoOxAIoYVk4Z43jPAMVF1HwwCLcBGAsYHQ\/s728\/urlbuster%25281%2529.png","contentUrl":"https:\/\/1.bp.blogspot.com\/-AiZxGyx2LU8\/X0Uu7DOg0LI\/AAAAAAAAHa8\/nTELfcJdjsoOxAIoYVk4Z43jPAMVF1HwwCLcBGAsYHQ\/s728\/urlbuster%25281%2529.png"},{"@type":"WebSite","@id":"https:\/\/kalilinuxtutorials.com\/#website","url":"https:\/\/kalilinuxtutorials.com\/","name":"Kali Linux Tutorials","description":"Kali Linux Tutorials","publisher":{"@id":"https:\/\/kalilinuxtutorials.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/kalilinuxtutorials.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/kalilinuxtutorials.com\/#organization","name":"Kali Linux Tutorials","url":"https:\/\/kalilinuxtutorials.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/","url":"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png","contentUrl":"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png","width":272,"height":90,"caption":"Kali Linux Tutorials"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/CyberEdition","https:\/\/www.threads.com\/@cybersecurityedition","https:\/\/www.linkedin.com\/company\/cyberedition","https:\/\/www.instagram.com\/cybersecurityedition\/"]},{"@type":"Person","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad","name":"R K","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g","caption":"R K"},"url":"https:\/\/kalilinuxtutorials.com\/author\/ranjith\/"}]}},"jetpack_featured_media_url":"https:\/\/1.bp.blogspot.com\/-AiZxGyx2LU8\/X0Uu7DOg0LI\/AAAAAAAAHa8\/nTELfcJdjsoOxAIoYVk4Z43jPAMVF1HwwCLcBGAsYHQ\/s728\/urlbuster%25281%2529.png","jetpack_sharing_enabled":true,"jetpack-related-posts":[{"id":22638,"url":"https:\/\/kalilinuxtutorials.com\/t-reqs-http-fuzzer\/","url_meta":{"origin":11329,"position":0},"title":"T-Reqs-HTTP-Fuzzer : A Grammar-Based HTTP Fuzzer","author":"R K","date":"March 10, 2022","format":false,"excerpt":"T-Reqs-HTTP-Fuzzer (Two\u00a0Requests) is a grammar-based HTTP Fuzzer written as a part of the\u00a0paper\u00a0titled \"T-Reqs: HTTP Request Smuggling with Differential Fuzzing\" which was presented at\u00a0ACM CCS 2021. T-Reqs is for fuzzing HTTP servers by sending mutated HTTP requests with versions 1.1 and earlier. It has three main components: 1) generating inputs,\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEiVLpSM2qeqgA-yx0yJIhYZ7IkkXfQRX8aeHu3kfPOlD-5mVL5T8xV3voiKVFz4uLkXcXR26GsAfDG9l4nvhn4JCBc1i3NdvSQWGlKWc8pvx-Aqu2X6HEtGw4m3PbdvIHaPc75x8r-g6z73g63R8NxqDgQywRGVWsCpQkfewHU0ZUT8tx3lgOZGeZu6=s728","width":350,"height":200,"srcset":"https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEiVLpSM2qeqgA-yx0yJIhYZ7IkkXfQRX8aeHu3kfPOlD-5mVL5T8xV3voiKVFz4uLkXcXR26GsAfDG9l4nvhn4JCBc1i3NdvSQWGlKWc8pvx-Aqu2X6HEtGw4m3PbdvIHaPc75x8r-g6z73g63R8NxqDgQywRGVWsCpQkfewHU0ZUT8tx3lgOZGeZu6=s728 1x, https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEiVLpSM2qeqgA-yx0yJIhYZ7IkkXfQRX8aeHu3kfPOlD-5mVL5T8xV3voiKVFz4uLkXcXR26GsAfDG9l4nvhn4JCBc1i3NdvSQWGlKWc8pvx-Aqu2X6HEtGw4m3PbdvIHaPc75x8r-g6z73g63R8NxqDgQywRGVWsCpQkfewHU0ZUT8tx3lgOZGeZu6=s728 1.5x, https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEiVLpSM2qeqgA-yx0yJIhYZ7IkkXfQRX8aeHu3kfPOlD-5mVL5T8xV3voiKVFz4uLkXcXR26GsAfDG9l4nvhn4JCBc1i3NdvSQWGlKWc8pvx-Aqu2X6HEtGw4m3PbdvIHaPc75x8r-g6z73g63R8NxqDgQywRGVWsCpQkfewHU0ZUT8tx3lgOZGeZu6=s728 2x"},"classes":[]},{"id":30329,"url":"https:\/\/kalilinuxtutorials.com\/cakefuzzer\/","url_meta":{"origin":11329,"position":1},"title":"CakeFuzzer &#8211; Vulnerability Detection for CakePHP","author":"Varshini","date":"September 18, 2023","format":false,"excerpt":"Cake Fuzzer is a project that is meant to help automatically and continuously discover vulnerabilities in web applications created based on specific frameworks with very limited false positives. Currently it is implemented to support the Cake PHP framework. If you would like to learn more about the research process check\u2026","rel":"","context":"In &quot;Hacking Tools&quot;","block_context":{"text":"Hacking Tools","link":"https:\/\/kalilinuxtutorials.com\/category\/hacking-tools\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEihw9AHkFPIufHyJDzdnt9Gu0hdDQ054CaREMukpp0Cgj7XwwaeXEgPq2DlLyXhKF4kRrHeNHO3MmC6YLhkG5m35LxgtxV8F11OuC7y_SEqc2l4KvPTINiVhJGxX6jKPzhBJnmGXVlK3RaTWPJF6gqVa20GgL-q9K_yLHVxBcZV6nlDnYqgLkju8QQT6A\/s16000\/CakeFuzzer%20Vulnerability%20Detection%20for%20CakePHP.webp?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEihw9AHkFPIufHyJDzdnt9Gu0hdDQ054CaREMukpp0Cgj7XwwaeXEgPq2DlLyXhKF4kRrHeNHO3MmC6YLhkG5m35LxgtxV8F11OuC7y_SEqc2l4KvPTINiVhJGxX6jKPzhBJnmGXVlK3RaTWPJF6gqVa20GgL-q9K_yLHVxBcZV6nlDnYqgLkju8QQT6A\/s16000\/CakeFuzzer%20Vulnerability%20Detection%20for%20CakePHP.webp?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEihw9AHkFPIufHyJDzdnt9Gu0hdDQ054CaREMukpp0Cgj7XwwaeXEgPq2DlLyXhKF4kRrHeNHO3MmC6YLhkG5m35LxgtxV8F11OuC7y_SEqc2l4KvPTINiVhJGxX6jKPzhBJnmGXVlK3RaTWPJF6gqVa20GgL-q9K_yLHVxBcZV6nlDnYqgLkju8QQT6A\/s16000\/CakeFuzzer%20Vulnerability%20Detection%20for%20CakePHP.webp?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEihw9AHkFPIufHyJDzdnt9Gu0hdDQ054CaREMukpp0Cgj7XwwaeXEgPq2DlLyXhKF4kRrHeNHO3MmC6YLhkG5m35LxgtxV8F11OuC7y_SEqc2l4KvPTINiVhJGxX6jKPzhBJnmGXVlK3RaTWPJF6gqVa20GgL-q9K_yLHVxBcZV6nlDnYqgLkju8QQT6A\/s16000\/CakeFuzzer%20Vulnerability%20Detection%20for%20CakePHP.webp?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":3915,"url":"https:\/\/kalilinuxtutorials.com\/ssrfmap-ssrf-fuzzer-exploitation\/","url_meta":{"origin":11329,"position":2},"title":"SSRFmap : Automatic SSRF Fuzzer And Exploitation Tool","author":"R K","date":"February 17, 2019","format":false,"excerpt":"SSRF are often used to leverage actions on other services, this framework aims to find and exploit these services easily. SSRFmap takes a Burp request file as input and a parameter to fuzz. Note : Server Side Request Forgery or SSRF is a vulnerability in which an attacker forces a\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":4436,"url":"https:\/\/kalilinuxtutorials.com\/mutiny-fuzzer\/","url_meta":{"origin":11329,"position":3},"title":"Mutiny Fuzzer : Network Fuzzer Replaying PCAPs Through a Mutational Fuzzer","author":"R K","date":"March 31, 2019","format":false,"excerpt":"The Mutiny Fuzzer Framework is a network fuzzer that operates by replaying PCAPs through a mutational fuzzer. The goal is to begin network fuzzing as quickly as possible, at the expense of being thorough. The general workflow for Mutiny is to take a sample of legitimate traffic, such as a\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":10158,"url":"https:\/\/kalilinuxtutorials.com\/frida-fuzzer\/","url_meta":{"origin":11329,"position":4},"title":"Frida-Fuzzer : Experimental Fuzzer Used For API In-Memory Fuzzing","author":"R K","date":"April 8, 2020","format":false,"excerpt":"Frida-Fuzzer is a experimental fuzzer is meant to be used for API in-memory fuzzing. The design is highly inspired and based on AFL\/AFL++. ATM the mutator is quite simple, just the AFL's havoc and splice stages. I tested only the examples under tests\/, this is a WIP project but is\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":2910,"url":"https:\/\/kalilinuxtutorials.com\/kemon-macos-kernel-monitoring\/","url_meta":{"origin":11329,"position":5},"title":"Kemon &#8211; An Open-Source Pre &#038; Post Callback-Based Framework For macOS Kernel Monitoring","author":"R K","date":"October 5, 2018","format":false,"excerpt":"Kemon is an open-source Pre and Post callback-based framework for macOS kernel monitoring. With the power of it, we can easily implement LPC communication monitoring, MAC policy filtering, kernel driver firewall, etc. In general, from an attacker's perspective, this framework can help achieve more powerful Rootkit. From the perspective of\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2018\/04\/button_download.png?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]}],"_links":{"self":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts\/11329","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/comments?post=11329"}],"version-history":[{"count":0,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts\/11329\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/media\/16483"}],"wp:attachment":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/media?parent=11329"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/categories?post=11329"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/tags?post=11329"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}