C编写的高速智能Web目录和文件枚举工具：Lulzbuster

发表于 2020年05月01日
安全工具

目录表

Lulzbuster

Lulzbuster是用C编写的高速智能的Web目录和文件枚举工具。

下载与使用

git clone https://github.com/noptrix/lulzbuster.git

1	git clone https://github.com/noptrix/lulzbuster.git

使用

$ lulzbuster -H
    __      __      __               __
   / /_  __/ /___  / /_  __  _______/ /____  _____
  / / / / / /_  / / __ \/ / / / ___/ __/ _ \/ ___/
 / / /_/ / / / /_/ /_/ / /_/ (__  ) /_/  __/ /
/_/\__,_/_/ /___/_.___/\__,_/____/\__/\___/_/

        --==[ by nullsecurity.net ] ==--

usage

  lulzbuster -s <arg> [opts] | <misc>

target options

  -s <url>       - start url to begin scan with

http options

  -h <type>      - http request type (default: GET) - ? to list types
  -x <code>      - exclude http status codes (default: 400,404,500,501,502,503
                   multi codes separated by ',')
  -f             - follow http redirects. hint: better try appending a '/'
                   with '-A' option first instead of using '-f'
  -F <num>       - num level to follow http redirects (default: 0)
  -u <str>       - user-agent string (default: built-in windows firefox)
  -U             - use random built-in user-agents
  -c <str>       - pass custom header(s) (e.g. 'Cookie: foo=bar; lol=lulz')
  -a <creds>     - http auth credentials (format: <user>:<pass>)
  -r             - turn on auto update referrer
  -j <num>       - define http version (default: curl's default) - ? to list

timeout options

  -D <num>       - num seconds for delay between requests (default: 0)
  -C <num>       - num seconds for connect timeout (default: 10)
  -R <num>       - num seconds for request timeout (default: 30)
  -T <num>       - num seconds to give up and exit lulzbuster completely
                   (default: none)

tuning options

  -t <num>       - num threads for concurrent scanning (default: 30)
  -g <num>       - num connection cache size for curl (default: 30)
                   note: this value should always equal to -t's value

other options

  -w <file>      - wordlist file
                   (default: /usr/local/share/lulzbuster/lists/medium.txt)
  -A <str>       - append any words separated by comma (e.g. '/,.php,~bak)
  -p <addr>      - proxy address (format: <scheme>://<host>:<port>) - ? to
                   list supported schemes
  -P <creds>     - proxy auth credentials (format: <user>:<pass>)
  -i             - insecure mode (skips ssl/tls cert verification)
  -S             - smart mode aka eliminate false-positives, more infos,
                   etc. (use this if speed is not your 1st priority!)
  -n <str>       - nameservers (default: '1.1.1.1,8.8.8.8,208.67.222.222'
                   multi separated by '.')
  -l <file>      - log found paths and valid urls to file

misc

  -X             - print built-in user-agents
  -V             - print version of lulzbuster and exit
  -H             - print this help and exit

$ lulzbuster -H

__ __ __ __

/ /_ __/ /___ / /_ __ _______/ /____ _____

/ / / / / /_ / / __ \/ / / / ___/ __/ _ \/ ___/

/ / /_/ / / / /_/ /_/ / /_/ (__ ) /_/ __/ /

/_/\__,_/_/ /___/_.___/\__,_/____/\__/\___/_/

--==[ by nullsecurity.net ] ==--

usage

lulzbuster -s <arg> [opts] | <misc>

target options

-s <url> - start url to begin scan with

http options

-h <type> - http request type (default: GET) - ? to list types

-x <code> - exclude http status codes (default: 400,404,500,501,502,503

multi codes separated by ',')

-f - follow http redirects. hint: better try appending a '/'

with '-A' option first instead of using '-f'

-F <num> - num level to follow http redirects (default: 0)

-u <str> - user-agent string (default: built-in windows firefox)

-U - use random built-in user-agents

-c <str> - pass custom header(s) (e.g. 'Cookie: foo=bar; lol=lulz')

-a <creds> - http auth credentials (format: <user>:<pass>)

-r - turn on auto update referrer

-j <num> - define http version (default: curl's default) - ? to list

timeout options

-D <num> - num seconds for delay between requests (default: 0)

-C <num> - num seconds for connect timeout (default: 10)

-R <num> - num seconds for request timeout (default: 30)

-T <num> - num seconds to give up and exit lulzbuster completely

(default: none)

tuning options

-t <num> - num threads for concurrent scanning (default: 30)

-g <num> - num connection cache size for curl (default: 30)

note: this value should always equal to -t's value

other options

-w <file> - wordlist file

(default: /usr/local/share/lulzbuster/lists/medium.txt)

-A <str> - append any words separated by comma (e.g. '/,.php,~bak)

-p <addr> - proxy address (format: <scheme>://<host>:<port>) - ? to

list supported schemes

-P <creds> - proxy auth credentials (format: <user>:<pass>)

-i - insecure mode (skips ssl/tls cert verification)

-S - smart mode aka eliminate false-positives, more infos,

etc. (use this if speed is not your 1st priority!)

-n <str> - nameservers (default: '1.1.1.1,8.8.8.8,208.67.222.222'

multi separated by '.')

-l <file> - log found paths and valid urls to file

misc

-X - print built-in user-agents

-V - print version of lulzbuster and exit

-H - print this help and exit

标签：扫描 , 枚举 , 目录扫描原文连接：C编写的高速智能Web目录和文件枚举工具：Lulzbuster 所有媒体，可在保留署名、原文连接的情况下转载，若非则不得使用我方内容。

DLNA 投屏相关简析适用于Linux/Windows/MacOSX的免费十六进制编辑器：wxHexEditor