Security Slice

gobuster

gobuster

Description

Gobuster is a tool used to brute-force:

  • URIs (directories and files) in web sites.
  • DNS subdomains (with wildcard support).
  • Virtual Host names on target web servers.
  • Open Amazon S3 buckets
PlatformLinux
AuthorOJ
LicenseFree
URLhttps://github.com/OJ/gobuster

Usage

Usage:
  gobuster [command]
 
Available Commands:
  dir         Uses directory/file enumeration mode
  dns         Uses DNS subdomain enumeration mode
  fuzz        Uses fuzzing mode
  help        Help about any command
  s3          Uses aws bucket enumeration mode
  version     shows the current version
  vhost       Uses VHOST enumeration mode
 
Flags:
      --delay duration    Time each thread waits between requests (e.g. 1500ms)
  -h, --help              help for gobuster
      --no-error          Don't display errors
  -z, --no-progress       Don't display progress
  -o, --output string     Output file to write results to (defaults to stdout)
  -p, --pattern string    File containing replacement patterns
  -q, --quiet             Don't print the banner and other noise
  -t, --threads int       Number of concurrent threads (default 10)
  -v, --verbose           Verbose output (errors)
  -w, --wordlist string   Path to the wordlist

Examples

gobuster dir -u x.x.x.x -w /usr/share/dirb/wordlists/common.txt -x .php

This is how you brute force enumerate a website using a wordlist and specific file extensions to search for.

└──╼ [★]$ gobuster dir -u 10.129.152.242 -w /usr/share/dirb/wordlists/common.txt -x .php
===============================================================
Gobuster v3.1.0
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@firefart)
===============================================================
[+] Url:                     http://10.129.152.242
[+] Method:                  GET
[+] Threads:                 10
[+] Wordlist:                /usr/share/dirb/wordlists/common.txt
[+] Negative Status codes:   404
[+] User Agent:              gobuster/3.1.0
[+] Extensions:              php
[+] Timeout:                 10s
===============================================================
2022/03/20 21:03:35 Starting gobuster in directory enumeration mode
===============================================================
/.hta.php             (Status: 403) [Size: 279]
/.hta                 (Status: 403) [Size: 279]
/.htaccess            (Status: 403) [Size: 279]
/.htpasswd            (Status: 403) [Size: 279]
/.htaccess.php        (Status: 403) [Size: 279]
/.htpasswd.php        (Status: 403) [Size: 279]
/assets               (Status: 301) [Size: 317] [--> http://10.129.152.242/assets/]
/config.php           (Status: 200) [Size: 0]                                     
/css                  (Status: 301) [Size: 314] [--> http://10.129.152.242/css/]  
/dashboard            (Status: 301) [Size: 320] [--> http://10.129.152.242/dashboard/]
/fonts                (Status: 301) [Size: 316] [--> http://10.129.152.242/fonts/]   
/index.html           (Status: 200) [Size: 58565]                                    
/js                   (Status: 301) [Size: 313] [--> http://10.129.152.242/js/]      
/login.php            (Status: 200) [Size: 1577]                                     
/logout.php           (Status: 302) [Size: 0] [--> login.php]                        
/server-status        (Status: 403) [Size: 279]                                      
                                                                                       
===============================================================
2022/03/20 21:03:38 Finished
===============================================================

Blog Posts