Skip to content

PndaMan/rustbust

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
 
 
 
 
 
 
 
 
 
 

Repository files navigation

    ██████╗ ██╗   ██╗███████╗████████╗██████╗ ██╗   ██╗███████╗████████╗
    ██╔══██╗██║   ██║██╔════╝╚══██╔══╝██╔══██╗██║   ██║██╔════╝╚══██╔══╝
    ██████╔╝██║   ██║███████╗   ██║   ██████╔╝██║   ██║███████╗   ██║
    ██╔══██╗██║   ██║╚════██║   ██║   ██╔══██╗██║   ██║╚════██║   ██║
    ██║  ██║╚██████╔╝███████║   ██║   ██████╔╝╚██████╔╝███████║   ██║
    ╚═╝  ╚═╝ ╚═════╝ ╚══════╝   ╚═╝   ╚═════╝  ╚═════╝ ╚══════╝   ╚═╝
  
sehr quick

A fast, async web reconnaissance tool written in Rust.
Directory brute-forcing and subdomain enumeration with built-in service fingerprinting and security analysis.

FeaturesInstallationUsageExamplesLicense


Features

  • Directory Brute-forcing — discover hidden paths and files on web servers
  • Subdomain Enumeration — find subdomains via DNS resolution with wildcard detection
  • Service Fingerprinting — automatically identify 40+ services (Grafana, Jenkins, GitLab, Portainer, Prometheus, and more) from headers and response bodies
  • Security Analysis — flag misconfigurations like missing HSTS, open admin panels, CORS wildcards, exposed setup wizards, and credential leaks
  • Async & Fast — built on Tokio and Reqwest with configurable concurrency (default 200 concurrent tasks)
  • Built-in Wordlists — ships with curated subdomain and directory wordlists, no external files needed
  • JSON Export — output results to structured JSON for integration with other tools

Installation

From source

Requires Rust 1.85+.

git clone https://github.com/PndaMan/rustbust.git
cd rustbust
cargo build --release

The binary will be at target/release/rustbust.

Add to PATH (optional)

cp target/release/rustbust ~/.local/bin/

Usage

rustbust <COMMAND>

Commands:
  dir   Brute-force directories on a target URL
  sub   Enumerate subdomains for a target domain

Directory Mode

rustbust dir [OPTIONS] <TARGET>

Arguments:
  <TARGET>                Target URL (e.g. https://example.com)

Options:
  -w, --wordlist <FILE>              Path to custom wordlist file
  -c, --concurrency <N>              Concurrent tasks [default: 200]
  -t, --timeout <MS>                 Request timeout in ms [default: 3000]
      --status-codes <CODES>         Status codes to include, comma-separated [default: 200,204,301,302,307,401,403]
      --follow-redirects             Follow HTTP redirects
  -o, --output <FILE>                Output results to JSON file

Subdomain Mode

rustbust sub [OPTIONS] <TARGET>

Arguments:
  <TARGET>                Target domain (e.g. example.com)

Options:
  -w, --wordlist <FILE>              Path to custom wordlist file
  -c, --concurrency <N>              Concurrent tasks [default: 200]
  -t, --timeout <MS>                 Request timeout in ms [default: 3000]
      --no-fingerprint               Disable service fingerprinting
      --no-security                  Disable security checks
  -o, --output <FILE>                Output results to JSON file

Examples

Basic directory scan

rustbust dir https://target.com

Subdomain enumeration with JSON output

rustbust sub target.com -o results.json

Directory scan with custom wordlist and status codes

rustbust dir https://target.com -w /path/to/wordlist.txt --status-codes 200,403,500

Fast subdomain scan with high concurrency

rustbust sub target.com -c 500 -t 2000

Subdomain scan without security checks

rustbust sub target.com --no-fingerprint --no-security

Supported Services

Rustbust can fingerprint and run security checks against these services:

Category Services
DevOps / CI Jenkins, ArgoCD, GitLab, Gitea, Forgejo
Monitoring Grafana, Prometheus, Alertmanager, Kibana, Zabbix, Nagios, Uptime Kuma, Sentry, Dozzle
Infrastructure Proxmox VE, Kubernetes Dashboard, Rancher, Traefik, Caddy, MinIO
Auth / Identity Keycloak, Authentik
Storage / Data Nextcloud, phpMyAdmin, Adminer
Media Jellyfin, Plex, Sonarr, Radarr, Prowlarr
CMS WordPress, Joomla, Drupal, Confluence, Jira
Other Pi-hole, AdGuard Home, Home Assistant, Vaultwarden, Portainer, Roundcube
Web Servers nginx, Apache, lighttpd

Disclaimer

This tool is intended for authorized security testing and educational purposes only. Always obtain proper authorization before scanning targets you do not own. Unauthorized scanning may violate applicable laws.

License

MIT

About

A fast, async web reconnaissance tool written in Rust. sehr quick.

Resources

License

Stars

1 star

Watchers

0 watching

Forks

Packages

 
 
 

Contributors

Languages