Skip to content

Schousboe/PyBuster

BranchesTags

Repository files navigation

PyBuster

PyBuster logo

Fast, lightweight and secure directory brute-forcer written in Python

PyBuster-stats

version license issues

FeaturesInstallUsageFlagsLicense

Love the project? Please consider leaving a star 🌟


PyBuster is a high-performance, lightweight, and secure directory brute-forcing tool written in Python — designed for authorized penetration testing, bug bounty hunting, and web reconnaissance. It aims to provide a minimal yet powerful CLI interface similar to Gobuster, with smart options for scanning, output and extensions while still keeping core functionality.

Important notices!

Important

Please leave an issue if you have a feature suggestion or a bug appears!

Important

If you have a suggestion for a new feature, please contribute. There is more information about how to contribute in our contributing guidelines

Caution

Use only against targets you have explicit permission to test. Misuse may be illegal.

Features

  • Probes HTTP/HTTPS (auto-fallback when no scheme is provided)

  • Try raw directories and optional file extensions

  • Output formats: raw, JSON, CSV

  • Resume mode (skip already-recorded URLs)

  • Append mode (preserve previous results)

  • Subs-only mode to only try directory paths like /admin, /login etc.

  • Scan many different domains in one with -mT

  • Scan specific ports with -p

Install

  1. Install the project
git clone github.com/Schousboe/PyBuster.git

  1. Install requirements
pip install -r requirements.txt

  1. Run a simple script and boom!
python3 PyBuster.py -f wordlists/common.txt example.com

Usage

Basic scan

python3 PyBuster.py -f path/to/wordlist.txt website.com

This returns the raw data in a file called directories.txt

Searching for path's with the extensions .php, .html and outputting the answer as JSON data

python3 PyBuster.py -f path/to/wordlist.txt -x .php,.html 
-oF json -o results.json example.com

This returns all php and html files in JSON format to a file called results.json

Searching for directories, from multiple sub-domains, with the extension .log, outputting as CSV to a file already containing data.

python3 PyBuster.py -f path/to/wordlist.txt -x .log -oF csv -o /path/to/output.csv --resume -d -mT path/to/targets.txt

Flags

  • -f, --file - path to wordlist (required)

  • -o, --output - output file (default: directories.txt)

  • -x, --ext - comma separated extensions (e.g. php, html)

  • -d, --dirs-only- only try directory paths (no extensions)

  • -r, --resume - skip URLs already present in output

  • -a, --append - append to output file instead of overwrite

  • -oF, --output-format - raw / json / csv

  • -mT, --multiple-targets - file with multiple domains (one per line)

  • -p, --ports - comma-separated ports to scan (e.g. 80,443,8080)

Contributing

Contributions are welcome but please see our contributing guidelines first, before opening a pull request

License

This project is distributed under the CC0 1.0 Universal license. This means you are free to copy, modify and use PyBuster for any purpose, without restriction


Built with ❤️ by Schousboe — For ethical hacking & secure web testing

About

Python tool to find hidden subdomain's and directories

Topics

web python3 pentesting ethical-hacking python-tools pentestingtools

Resources

Readme

License

CC0-1.0 license

Contributing

Contributing
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 1

v2.0.0 Latest
Nov 3, 2025

Contributors 2

  •  
  •  

Languages