A threaded, recursive, web directory brute-force scanner over HTTP/2.
-wc
). This way, if a server replies with codes different than 404 for resources that are not found (for example with a redirection), those can be detected as well.-m
). Valid values are HEAD (default) and GET.-l
). This overrides the request method to GET.-rb
).-vr
) to verify TLS certificates (otherwise they are not checked).-rb
):
/a/b/c
will result in checking /a
in the first iteration. If /a
is found, /a/b
will be searched in the next recursive iteration. Repeat this process for /a/b/c
.enable_push
parameter for a call to the underlying hyper library - some versions don't seem to accept it.-b
) by providing a list of codes separated by a vertical bar (|
). Default is 404.-c
) to 4. This seems to yield a performance improvement in most cases.--help
text to be tidier../h2buster.py
).-hd
with the format -hd 'header->value[|header->value|header->value...]'
. For example: -hd 'user-agent->Mozilla/5.0|accept-encoding->gzip, deflate, br'
.|
) for consistency (e.g. -x '.php|.js|blank|/'
).server
header of the first response is now displayed at the beginning of the scan (if there is one).-x
. For example, -x '.php;.js;blank;/'
will check for .php, .js, blank and / file endings. Note that the blank
keyword is used to signify no file ending.-u
).-t
) from 15 to 20.