Skip to content

aniruddhha/dirust

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

7 Commits
src
src
Β 
Β 
.gitignore
.gitignore
Β 
Β 
Cargo.lock
Cargo.lock
Β 
Β 
Cargo.toml
Cargo.toml
Β 
Β 
LICENCE.md
LICENCE.md
Β 
Β 
README.md
README.md
Β 
Β 

Repository files navigation

Dirust β€” Fast, Async Directory Brute-Forcer in Rust

Dirust is a high-performance web content discovery tool (a.k.a. β€œdirectory buster”) written in Rust. It targets hidden files and directories by probing endpoints from a wordlist with optional extensions, using efficient async I/O and clean, explicit code.

Use cases: web directory brute forcing, content discovery, red team/pentest recon, CI-friendly site checks, and rapid HTTP enumeration.

Highlights

  • Async & fast β€” Tokio runtime + Reqwest client; bounded concurrency for stable throughput.
  • HEAD with safe fallback β€” Tries HEAD first for speed, falls back to GET on 405.
  • Extensions fan-out β€” --exts php,html,txt turns admin into admin.php, admin.html, admin.txt, etc.
  • Actionable output β€” Prints status code, content length (if available), and redirect Location targets.
  • Cross-platform β€” Linux (incl. Kali), macOS, Windows, and Raspberry Pi (aarch64/armv7).
  • No root needed β€” Pure user-space HTTP(S).
  • Readable codebase β€” Clear modules, explicit error handling (no anyhow), easy to extend.

Quick Start

# 1) Build
cargo build --release

# 2) Run against a target
./target/release/dirust https://example.com/ -w /path/to/wordlist.txt

# Add extensions and increase concurrency
./target/release/dirust https://example.com/app/ -w words.txt --exts php,html,txt -c 100

# Force GET (some servers block or alter HEAD)
./target/release/dirust https://example.com/ -w words.txt --get

# Set a custom timeout (seconds)
./target/release/dirust https://example.com/ -w words.txt --timeout 20

Show help any time:

./target/release/dirust --help

Local Demo (localhost)

Spin up a tiny site locally and point Dirust at it:

# Create a few files
mkdir -p /tmp/dirust-site/{admin,secret,api}
printf "admin home"  > /tmp/dirust-site/admin/index.html
printf "top secret"  > /tmp/dirust-site/secret/flag.txt
printf "ok"          > /tmp/dirust-site/api/status
printf "read me"     > /tmp/dirust-site/readme.txt

# Start a simple HTTP server (port 8000)
python3 -m http.server 8000 --directory /tmp/dirust-site

# Minimal wordlist
cat > /tmp/words.txt <<'EOF'
admin
admin/
secret
secret/
api
api/
status
readme
readme.txt
flag.txt
EOF

# Run Dirust
./target/release/dirust http://127.0.0.1:8000/ -w /tmp/words.txt --exts html,txt -c 50

Features in Detail

  • Directory & file discovery: Reads a wordlist and probes each path relative to the base URL.
  • Extensions expansion: Applies a comma-separated list of extensions to each word (normalized to .ext).
  • Concurrency control: A semaphore ensures at most --concurrency N requests are in flight.
  • Robust HTTP logic:
    • Method: HEAD by default; automatic GET retry on 405 Method Not Allowed, or always GET with --get.
    • Redirect awareness: Prints β†’ Location when present (e.g., 301/302).
    • Interesting status filter: Prints common β€œexists/protected” signals (200/301/302/401/403).
  • Clear output format: 
    [<unix_ts>] <status> len=<content_length_or_->_>  <url> [-> <location_if_any>]

Installation

Requirements: recent Rust toolchain (rustup update recommended).

git clone <your-repo-url> dirust
cd dirust
cargo build --release

Binary output:

  • Linux/macOS: ./target/release/dirust
  • Windows: . arget elease\dirust.exe

Raspberry Pi:

  • Build on the Pi directly (recommended), or cross-compile using the appropriate target (aarch64-unknown-linux-gnu or armv7-unknown-linux-gnueabihf) and system linker.

CLI Summary

Usage: dirust [OPTIONS] <BASE>

Arguments:
  <BASE>  Base URL (e.g., https://example.com/ or https://example.com/app/)

Options:
  -w, --wordlist <WORDLIST>         Path to wordlist file (required)
  -c, --concurrency <N>             Requests in flight [default: 50]
      --get                         Use GET instead of HEAD
      --timeout <SECS>              Per-request timeout [default: 10]
      --exts <E1,E2,...>            Extra extensions (e.g., php,html,txt)
  -h, --help                        Print help
  -V, --version                     Print version

Architecture

The project is organized into small, focused modules for clarity and maintainability:

src/
  main.rs         # entry point: parse args, build client, run scan
  args.rs         # clap-based CLI definition and helpers
  error.rs        # explicit DirustError enum and conversions
  url.rs          # base URL validation/normalization
  scanner/
    mod.rs        # orchestration: concurrency, task spawning, printing
    wordlist.rs   # file I/O: load and filter wordlist
    targets.rs    # build full URLs from base + words + extensions
    http.rs       # single-request probe; summarize status/headers
    util.rs       # timestamp and status filter helpers

Design choices:

  • Explicit error handling: DirustError (no anyhow), clear Result returns, and full match statements for readability.
  • No auto-redirect: we want to see redirect responses and their Location targets.
  • Stable concurrency: acquire semaphore permits before spawning tasks to hard-cap active work.
  • Separation of concerns: wordlist reading, target generation, HTTP probe, and printing are isolated modules.

Performance Tips

  • Tune --concurrency based on network conditions and target behavior. Watch for server rate-limits and adjust.
  • HEAD is usually faster; if a server misbehaves on HEAD, use --get.
  • Increase --timeout when probing slow or distant hosts; decrease it for aggressive scans on fast LANs.
  • Reuse a single process and a single HTTP client (Dirust does this by design) to benefit from connection pooling.

Roadmap

Planned enhancements (kept intentionally focused and practical):

  • --delay-ms and retries with jitter (gentler on fragile hosts)
  • --output <file> (text/JSON) and consistent structured logs
  • --proxy, --header, --user-agent, --cookie
  • Smart 404 detection (baseline + size tolerance) as an optional module
  • Depth-limited recursion (--max-depth) for directory trees
  • VHost mode (brute Host header) as a sibling tool

Compatibility

  • OS: Linux (incl. Kali), macOS, Windows, Raspberry Pi
  • Network: HTTP/HTTPS, no root privileges required
  • TLS: Uses rustls; for custom corporate CAs, consider building with native roots (rustls-tls-native-roots feature in Reqwest)

Security & Legal

Only scan systems you own or have explicit permission to test. Unauthorized scanning can be illegal and unethical. Use Dirust responsibly and comply with local laws and the target’s terms of service.

Contributing

Contributions are welcome. Please keep changes:

  • Explicit and easy to read (prefer full match over terse shortcuts)
  • Modular (one concern per file/module)
  • Well-explained in commit messages

Open a PR with a clear description and example commands. Bug reports with repro steps are great.

License

MIT License β€” See LICENSE

Keywords

web discovery, directory brute force, dirb alternative, gobuster alternative, pentest, red team, content discovery, http enumeration, rust, async, tokio, reqwest

About

πŸ¦€ Rust-powered directory buster for hacking & pentesting: ⚑️ fast async scans, πŸ” extension combos, 🎯 precise status/redirect reporting. 🌐 Cross-platform & dev-friendly.

Topics

rust hacking rust-lang penetration-testing pentesting pentest hacking-tool ethical-hacking dirbuster pentest-tool dirb ethicalhacking dirbrute ethical-hacking-tools dirbuster-download

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages