██████╗ ██╗ ██╗███████╗████████╗██████╗ ██╗ ██╗███████╗████████╗
██╔══██╗██║ ██║██╔════╝╚══██╔══╝██╔══██╗██║ ██║██╔════╝╚══██╔══╝
██████╔╝██║ ██║███████╗ ██║ ██████╔╝██║ ██║███████╗ ██║
██╔══██╗██║ ██║╚════██║ ██║ ██╔══██╗██║ ██║╚════██║ ██║
██║ ██║╚██████╔╝███████║ ██║ ██████╔╝╚██████╔╝███████║ ██║
╚═╝ ╚═╝ ╚═════╝ ╚══════╝ ╚═╝ ╚═════╝ ╚═════╝ ╚══════╝ ╚═╝
sehr quick
A fast, async web reconnaissance tool written in Rust.
Directory brute-forcing and subdomain enumeration with built-in service fingerprinting and security analysis.
Features • Installation • Usage • Examples • License
- Directory Brute-forcing — discover hidden paths and files on web servers
- Subdomain Enumeration — find subdomains via DNS resolution with wildcard detection
- Service Fingerprinting — automatically identify 40+ services (Grafana, Jenkins, GitLab, Portainer, Prometheus, and more) from headers and response bodies
- Security Analysis — flag misconfigurations like missing HSTS, open admin panels, CORS wildcards, exposed setup wizards, and credential leaks
- Async & Fast — built on Tokio and Reqwest with configurable concurrency (default 200 concurrent tasks)
- Built-in Wordlists — ships with curated subdomain and directory wordlists, no external files needed
- JSON Export — output results to structured JSON for integration with other tools
Requires Rust 1.85+.
git clone https://github.com/PndaMan/rustbust.git
cd rustbust
cargo build --releaseThe binary will be at target/release/rustbust.
cp target/release/rustbust ~/.local/bin/rustbust <COMMAND>
Commands:
dir Brute-force directories on a target URL
sub Enumerate subdomains for a target domain
rustbust dir [OPTIONS] <TARGET>
Arguments:
<TARGET> Target URL (e.g. https://example.com)
Options:
-w, --wordlist <FILE> Path to custom wordlist file
-c, --concurrency <N> Concurrent tasks [default: 200]
-t, --timeout <MS> Request timeout in ms [default: 3000]
--status-codes <CODES> Status codes to include, comma-separated [default: 200,204,301,302,307,401,403]
--follow-redirects Follow HTTP redirects
-o, --output <FILE> Output results to JSON file
rustbust sub [OPTIONS] <TARGET>
Arguments:
<TARGET> Target domain (e.g. example.com)
Options:
-w, --wordlist <FILE> Path to custom wordlist file
-c, --concurrency <N> Concurrent tasks [default: 200]
-t, --timeout <MS> Request timeout in ms [default: 3000]
--no-fingerprint Disable service fingerprinting
--no-security Disable security checks
-o, --output <FILE> Output results to JSON file
rustbust dir https://target.comrustbust sub target.com -o results.jsonrustbust dir https://target.com -w /path/to/wordlist.txt --status-codes 200,403,500rustbust sub target.com -c 500 -t 2000rustbust sub target.com --no-fingerprint --no-securityRustbust can fingerprint and run security checks against these services:
| Category | Services |
|---|---|
| DevOps / CI | Jenkins, ArgoCD, GitLab, Gitea, Forgejo |
| Monitoring | Grafana, Prometheus, Alertmanager, Kibana, Zabbix, Nagios, Uptime Kuma, Sentry, Dozzle |
| Infrastructure | Proxmox VE, Kubernetes Dashboard, Rancher, Traefik, Caddy, MinIO |
| Auth / Identity | Keycloak, Authentik |
| Storage / Data | Nextcloud, phpMyAdmin, Adminer |
| Media | Jellyfin, Plex, Sonarr, Radarr, Prowlarr |
| CMS | WordPress, Joomla, Drupal, Confluence, Jira |
| Other | Pi-hole, AdGuard Home, Home Assistant, Vaultwarden, Portainer, Roundcube |
| Web Servers | nginx, Apache, lighttpd |
This tool is intended for authorized security testing and educational purposes only. Always obtain proper authorization before scanning targets you do not own. Unauthorized scanning may violate applicable laws.