🔒 Pentesting Made Easy
A powerful directory and subdomain enumeration tool built with Flutter
AndroBuster is an open-source security tool inspired by GoBuster, providing a modern, cross-platform interface for directory and subdomain enumeration. Built with Flutter, it offers a clean, intuitive user experience while maintaining the power and flexibility expected from professional security tools.
- 🚀 Cross-Platform: Works on Android, iOS, and Desktop
- 🔒 Security-Focused: Built specifically for penetration testers
- 💻 Modern UI: Beautiful Flutter-based interface
- ⚡ High Performance: Efficient threading and memory management
- 📱 Mobile-First: Optimized for mobile security testing
- Target URL Input: Clean URL handling with automatic trailing slash removal
- Negative Status Codes: Filter out unwanted HTTP status codes (default: 404)
- Negative Page Sizes: Exclude responses based on content length
- Wordlist Support: Large text input with file import capability
- Threading Control: Configurable thread count for optimal performance
- Timeout Settings: Customizable request timeout in milliseconds
- Domain Input: Clean domain handling (no http/https required)
- Subdomain Wordlists: Dedicated wordlist management for subdomain discovery
- Protocol Testing: Automatic HTTPS/HTTP fallback testing
- Subdomain Validation: RFC 1123 compliant subdomain name validation
- Dedicated Filters: Separate negative status codes and page sizes for subdomains
- Threading & Timeout: Independent configuration from directory mode
- Unified Results Tab: View both directory and subdomain scan results
- Result Formatting: Clear display of path, status code, size, and URL
- Copy to Clipboard: Export results for external analysis
- Clear Results: Easy cleanup between scans
- Result Counts: Separate tracking for directory and subdomain results
- Wordlist Import: Support for .txt files up to 50MB
- Smart Preview: File size-aware content display
- Large File Handling: Efficient processing of massive wordlists
- Format Support: Handles comments (#) and empty lines automatically
- Background Execution: App continues running during background scans
- Memory Optimization: Efficient handling of large wordlists
- Error Handling: Graceful fallback and recovery mechanisms
- Cross-Platform: Built with Flutter for Android and iOS
Currently, only Android APK releases are available. Download the latest APK from the releases page.
The source code is now public and available for everyone to use, modify, and contribute to.
- Navigate to the "Dir" tab
- Enter your target URL
- Configure negative status codes and page sizes
- Paste or import your wordlist
- Set thread count and timeout
- Start the scan and monitor progress
- Navigate to the "Subdomain" tab
- Enter the target domain (without http/https)
- Configure subdomain-specific filters
- Import or paste subdomain wordlist
- Adjust threading and timeout settings
- Begin subdomain discovery
- View all results in the "Results" tab
- Copy results to clipboard for external analysis
- Clear results between different scans
- Monitor scan progress and completion
- Recommended: 10-20 threads for most scenarios
- High Thread Warning: Alerts when exceeding 20 threads
- Considerations: Higher threads may trigger rate limiting
- Default: 5000ms (5 seconds)
- Adjustment: Increase for slower networks, decrease for faster responses
- Range: 1000ms to 30000ms supported
- Status Codes: Comma-separated list (e.g., 404,403,500)
- Page Sizes: Comma-separated list (e.g., 0,1234,5678)
- Purpose: Exclude unwanted responses from results
This project is open source and welcomes contributions! The source code is now public and available for everyone.
- ⭐ Star the repository (optional but appreciated!)
- 🍴 Fork the repository
- 🌿 Create a feature branch
- 📤 Submit a pull request
- 🎯 Inspired by: GoBuster - The original directory enumeration tool
- 🛠️ Built with: Flutter - Google's UI toolkit for building natively compiled applications
- 🔒 Security Focus: Designed for penetration testers and security researchers
- 🌍 Community: Thanks to all contributors and supporters
This project is open source and available under the MIT License.
This tool is designed for authorized security testing and penetration testing purposes only. Users are responsible for ensuring they have proper authorization before testing any systems. The developers are not responsible for any misuse of this tool.