Releases: ethicalhackingplayground/pathbuster
v0.5.6
Release v0.5.6
Thanks for checking out the latest Pathbuster release! This update focuses on cleaner scan control, better filtering, and more flexible bruteforce workflows.
Highlights
- Stage‑aware filtering with V/F prefixes for cleaner signal.
- Smarter scan control with split validate vs fingerprint status handling.
- New DirSearch‑style extensions support for wordlists with
%EXT%.
What’s New
--extensionsto append file extensions during bruteforce.--dirsearchcompatibility mode to replace%EXT%in wordlists.--drop-after-failto stop noisy targets after repeat failures.--proxysupport for Burp and other interceptors.--skip-bruteto bypass bruteforce/discovery.--skip-validationto jump straight to discovery on protected endpoints.--headerand--methodsfor custom HTTP behavior.--pathfor single‑path scanning without a wordlist.--wordlist-manipulationfor inline transforms.--traversal-strategy(greedy/quick) for speed vs coverage.--wordlist-status,--brute-queue-concurrency, and--acfor tighter bruteforce tuning.
Notes
- CLI short flags now prioritize
-Dfor--dirsearchand-efor--extensions. Use long flags for--max-depthand--tech.
Quick Examples
- Extensions brute:
pathbuster -u https://target/ -w ./wordlists/wordlist.txt -e php,asp
- DirSearch‑style wordlist:
pathbuster -u https://target/ -w ./wordlists/dirsearch.txt -e php,asp -D
Links
What's Changed
New Contributors
Full Changelog: v0.5.5...v0.5.6
Contributors
Assets 3
v0.5.5
What's New?
- Added in a --skip-validation argument which is used to bypass known protected endpoints using traversals.
- Added in a --header argument which is used to add in additonal headers into each request.
Note: you may need to change the ulimit using the command
ulimit -n -n 70000To improve the speed of the tool, accuracy may drop a little.
Todo:
- Test the tool on lower to higher-end computers to see if it hogs the resources.
- Implement some more arguments to give the end user more control over the tool.
- Get feedback from the community.
If you find any cool bugs, it would be nice if I have some sorta appreciation such as shouting me out on your Twitter, buying me a coffee or donating to my Paypal.
I hope you enjoy
Full Changelog: v0.5.3...v0.5.5
v0.5.3
Bug fixes?
- Minor bug fixes
- Added in a --skip-brute argument, so you have the choice to perform a directory brute force or not.
- Replaced --match-status with --pub-status and --int-status so we have more control over the detection stage.
Note: you may need to change the ulimit using the command
ulimit -n -n 70000To improve the speed of the tool, accuracy may drop a little.
Todo:
- Test the tool on lower to higher-end computers to see if it hogs the resources.
- Implement some more arguments to give the end user more control over the tool.
- Get feedback from the community.
If you find any cool bugs, it would be nice if I have some sorta appreciation such as shouting me out on your Twitter, buying me a coffee or donating to my Paypal.
I hope you enjoy
Full Changelog: v0.5.2...v0.5.3
v0.5.1
Bug fixes?
- Fixed a bug with the ETA, it would not produce the correct results.
- Fixed a bug with the --proxy argument as well as some other small bugs.
Note: you may need to change the ulimit using the command
ulimit -n -n 70000To improve the speed of the tool, accuracy may drop a little.
Todo:
- Test the tool on lower to higher-end computers to see if it hogs the resources.
- Implement some more arguments to give the end user more control over the tool.
- Get feedback from the community.
If you find any cool bugs, it would be nice if I have some sorta appreciation such as shouting me out on your Twitter, buying me a coffee or donating to my Paypal.
I hope you enjoy
Full Changelog: v0.4.9...v0.5.1
v0.4.5
What's Changed
- Pathbuster will now give you an eta on when the tool will finish processing all jobs.
Note: you may need to change the ulimit using the command
ulimit -n -n 70000To improve the speed of the tool, accuracy may drop a little.
Todo:
- Test the tool on lower to higher-end computers to see if it hogs the resources.
- Implement some more arguments to give the end user more control over the tool.
- Get feedback from the community.
If you find any cool bugs, it would be nice if I have some sorta appreciation such as shouting me out on your Twitter, buying me a coffee or donating to my Paypal.
I hope you enjoy
Full Changelog: v0.4.4...v0.4.5
v0.4.4
What's Changed
- Refactored the code to make it module based.
- Added in a --proxy argument, so you can now perform proxy-related tasks such as sending everything to burp.
Note: you may need to change the ulimit using the command
ulimit -n -n 70000To improve the speed of the tool, accuracy may drop a little.
Todo:
- Test the tool on lower to higher-end computers to see if it hogs the resources.
- Implement some more arguments to give the end user more control over the tool.
- Get feedback from the community.
If you find any cool bugs, it would be nice if I have some sorta appreciation such as shouting me out on your Twitter, buying me a coffee or donating to my Paypal.
I hope you enjoy
Full Changelog: v0.4.3...v0.4.4
v0.4.1
What's Changed
- Removed redundant --filter-status which filtered the status codes but also missed a ton of valid findings.
- Implement --filter-body-size which filtered the response sizes but also missed a ton of valid findings.
- Implement --drop-after-fail which will ignore requests with the same response code multiple times in a row.
- Fixed a ton of performance issues and included directory bruteforcing at the end.
- Massive performance and accuracy increases using itertools instead of double for loops reducing O(n^2) time complexity.
Note: you may need to change the ulimit using the command
ulimit -n -n 70000To improve the speed of the tool, accuracy may drop a little.
Todo:
- Test the tool on lower to higher-end computers to see if it hogs the resources.
- Implement some more arguments to give the end user more control over the tool.
If you find any cool bugs, it would be nice if I have some sorta appreciation such as shouting me out on your Twitter, buying me a coffee or donating to my Paypal.
I hope you enjoy
Full Changelog: v0.4.0...v0.4.1
v0.4.0
What's Changed
- Changed the detection algorithm from Levenshtein to sift3 to improve speed and accuracy.
- Pathbuster can now display the changes that are within a certain threshold.
- Directory brute-forcing is now much faster.
Note: you may need to change the ulimit using the command
ulimit -n -n 70000To improve the speed of the tool, accuracy may drop a little.
Todo:
- Test the tool on lower to higher-end computers to see if it hogs the resources.
- Implement some more arguments to give the end user more control over the tool.
If you find any cool bugs, it would be nice if I have some sorta appreciation such as shouting me out on your Twitter, buying me a coffee or donating to my Paypal.
I hope you enjoy
Full Changelog: v0.3.9...v0.4.0
v0.3.9
What's Changed
- Added back in the --wordlist flag with more efficient directory bruteforcing.
- Improved CLI view.
- Saves results into 2 files, one containing the traversals and the other with the internal route discovered.
- Massive performance fixes and directory brute force is at the end.
Note: you may need to use change the ulimit using the command
ulimit -n -n 70000
Full Changelog: v0.3.8...v0.3.9
v0.3.4
What's Changed
- Added the --timeout flag to have more control over the requests being sent.
Note: you may need to use change the ulimit using the command
ulimit -n -n 70000
Full Changelog: v0.3.0...v0.3.1