@pown/buster
v2.7.2
Published
Pownage guaranteed
Downloads
3
Readme
Pown Buster
Pown Buster is a multi-service bruteforce discovery tool.
Credits
This tool is part of secapps.com open-source initiative.
___ ___ ___ _ ___ ___ ___
/ __| __/ __| /_\ | _ \ _ \/ __|
\__ \ _| (__ / _ \| _/ _/\__ \
|___/___\___/_/ \_\_| |_| |___/
https://secapps.com
Quickstart
This tool is meant to be used as part of Pown.js but it can be invoked separately as an independent tool.
Install Pown first as usual:
$ npm install -g pown@latest
Invoke directly from Pown:
$ pown buster
Library Use
install this module locally from the root of your project:
$ npm install @pown/buster --save
Once done, invoke pown cli:
$ ./node_modules/.bin/pown-cli buster
You can also use the global pown to invoke the tool locally:
$ POWN_ROOT=. pown buster
Usage
WARNING: This pown command is currently under development and as a result will be subject to breaking changes.
pown buster <command>
Multi-service bruteforce discovery tool
Commands:
pown bust web [options] <url> Web file and directory bruteforcer (a.k.a dirbuster)
pown bust email [options] <domain> Email bruteforce discovery tool (via smtp) [aliases: emails]
Options:
--version Show version number [boolean]
--help Show help [boolean]
pown bust web
pown bust web [options] <url>
Web file and directory bruteforcer (a.k.a dirbuster)
Options:
--version Show version number [boolean]
--help Show help [boolean]
--write, -w Write to file [string]
--request-method, -X Request method [string] [default: "GET"]
--name-dictionary, -n Name dictionary file [string]
--extension-dictionary, -e Extension dictionary file [string]
--name-prefix Name prefix [string] [default: "/"]
--name-suffix Name suffix [string] [default: ""]
--extension-prefix Extension prefix [string] [default: "."]
--extension-suffix Extension suffix [string] [default: ""]
--request-concurrency, -r The number of request to run concurrently [string] [default: Infinity]
--load-concurrency, -l The number of assync operations to run concurrently [string] [default: Infinity]
--header, -H Set header [array] [default: []]
--timeout, -t Request timeout in milliseconds [number] [default: 30000]
--all, -a Display all results [boolean] [default: false]
--yes, -y Answer yes to all questions [boolean] [default: false]
--blessed, -b Start with blessed ui [boolean] [default: false]
Examples:
pown buster -X HEAD -n words.txt http://target Send requests using the HEAD HTTP method
pown buster -H 'Authorization: Basic YWxhZGRpbjpvcGVuc2VzYW1l' -n words.txt http://target Send basic authentication headers
pown buster -b --all -n words.txt http://target Start buster but also open the results in nice text user interface
pown bust emails
pown bust email [options] <domain>
Email bruteforce discovery tool (via smtp)
Options:
--version Show version number [boolean]
--help Show help [boolean]
--write, -w Write to file [string]
--dictionary, -d Dictionary file [string]
--servers, -s Servers to use [array] [default: []]
--scale, -e Scale servers times [number] [default: 10]
--all, -a Display all results [boolean] [default: false]
--yes, -y Answer yes to all questions [boolean] [default: false]
Performance
Notes from the author:
@pdp: Pown Buster is written such as that none of the requests and internal scheduling mechanisms are blocking. Although I was initially skeptical that this is going to lead to significant performance improvements, it turns out that it does. I compared the performance to other tools written in more concurrent languages such as Go. It appears that Pown Buster is at least 6 times faster in default configuration when compared to these tools.
That being said, speed is not always a good thing. In my own tests, many servers will start throwing 5xx errors if you are sending too fast. You can control the concurrency of the tool using
--request-concurrency
and--load-concurrency
options. The former caps how many concurrent request you would like to send to the server as the name suggests. The later is slightly trickier. This option indicates how many concurrent operations can be pre-loaded in advance. The higher the number the more Promises will be instantiated in advance increasing the performance but at the same time increasing the memory profile. The lower the number the less memory will be used but more operations have to be fetch at some intermediary point. If you are dealing with huge-dictionaries this option helps control the tool behaviour without making your hardware sweat. In normal circumstances you may want to leave this option alone and use--request-concurrency
intead.
Blessed
Pown Buster comes with an optional text interface which comes handy when investigating all results in detail. Use either -b
or --blessed
options to activate it. Using this feature will not result in performance degradation.
Suggestions and Improvements
The following list of improvements are just around the corner:
- Loading full requests instead of just uris
- Curses mode - preview in nice curses table
- Export - ability to serialise request and responses
- Support for HTTP/2 - should be available soon
- Split the blessed UI in a separate thread
- Support for request pipelining and other paralel options - see @pown/request