Keep alive connections
Support for multiple extensions (-e|–extensions asp,php)
Reporting (plain text, JSON)
Heuristically detects invalid web pages
Recursive brute forcing
HTTP proxy support
User agent randomization
Dictionaries must be text files. Each line will be processed as such, except that the special word %EXT% is used, which will generate one entry for each extension (-e | –extension) passed as an argument.
Passing the extensions “asp” and “aspx” will generate the following dictionary:
You can also use -f | –force-extensions switch to append extensions to every word in the wordlists (like DirBuster).Changelog
0.3.7 – 2016.08.22 Force extensions switch added.
0.3.6 – 2016.02.14 Bugfixes
0.3.5 – 2016.01.29 Improved heuristic, replaced urllib3 for requests, error logs, batch reports, user agent randomization, bugfixes
0.3.0 – 2015.02.05 Fixed issue3, fixed timeout exception, ported to Python3, other bugfixes
0.2.7 – 2014.11.21 Added Url List feature (-L). Changed output. Minor Fixes
0.2.6 – 2014.9.12 Fixed bug when dictionary size is greater than threads count. Fixed URL encoding bug (issue2).
0.2.5 – 2014.9.2 Shows Content-Length in output and reports, added default.conf file (for setting defaults) and report auto save feature added.
0.2.4 – 2014.7.17 Added Windows support, –scan-subdir|–scan-subdirs argument added, –exclude-subdir|–exclude-subdirs added, –header argument added, dirbuster dictionaries added, fixed some concurrency bugs, MVC refactoring
0.2.3 – 2014.7.7 Fixed some bugs, minor refactorings, exclude status switch, “pause/next directory” feature, changed help structure, expaded default dictionary
0.2.2 – 2014.7.2 Fixed some bugs, showing percentage of tested paths and added report generation feature
0.2.1 – 2014.5.1 Fixed some bugs and added recursive option
0.2.0 – 2014.1.31 Initial public release