banner
lca

lca

真正的不自由,是在自己的心中设下牢笼。
HomeArchives图文

Basic Usage of gobuster

#工具2340
AI Translation
This post is translated from Chinese into English through AI.View Original
AI-generated summary
Gobuster is a tool used for directory scanning, DNS and vhost brute-forcing. It supports various modes such as dir, dns, vhost, fuzz, s3, gcs, and tftp. Gobuster is written in Go language and can be installed by setting up the Go environment and running the installation command. The tool can be used to scan websites, subdomains, and virtual hosts, and has options for specifying cookies, file extensions, HTTP methods, and more. It also supports wildcard scanning and skipping TLS certificate verification. Gobuster can be used for various purposes such as login scanning, parameter enumeration, and enumerating open S3 and Google Cloud buckets.

Overview#

I mainly use the tool gobuster for directory scanning, although I use it less frequently. I use ffuf more often, and I will also summarize the ffuf tool later.

Gobuster is a directory scanning, DNS, and vhost brute-forcing tool written in Go. Gobuster supports multiple modes, and you can choose different modes based on your purpose before using it. The scanning modes can be set to various types, such as dir, dns, s3, gcs, vhost, fuzz, tftp, etc.

The modes are as follows:

ModeDescription
dirWebsite directory/file brute-forcing
dnsDNS subdomain brute-forcing
vhostVirtual host brute-forcing
fuzzBrute-forcing specified FUZZ keywords
s3Enumerate open s3 buckets
gcsEnumerate google cloud buckets
tftpEnumerate tftp files
  • Project address
  • Installation

If you have set up the go environment, you can install it directly.

go install github.com/OJ/gobuster/v3@latest

If you want to view the help documentation, you can specify different modes on the command line to view different documents.

gobuster dir -h

image

gobuster dns -h

image

dir mode#

  • Basic usage
gobuster dir -u "http://example.com/" -w /Users/lca/pentesting/web-basic/p12-字典收集/fuzz1.txt

image

Some commonly used options for dir mode:

-c: Specify cookie scanning, scan authentication background
-x: Specify scanning file extensions, such as php, jsp, asp
-m: Specify HTTP request method
-b: Specify unwanted status codes, default is to filter out 404 status codes
-s: Only accept specific HTTP status codes
-u: Specify target URL
-w: Specify dictionary file
-q: Silent mode
-t: Specify scan threads, default is 10 threads
-f: Force trailing slash on each URL
--wildcard: Force scanning when wildcard is found. This parameter tells gobuster how to handle wildcards or incomplete responses in the response, such as whether to continue scanning when encountering 404 pages, etc. When enabled, if these 404, 403 status codes are encountered, it will force scanning to ensure completeness and accuracy of the scan.
-exclude-length ints: Exclude specified content lengths
-r: Follow redirects
-e: Extension mode, print complete URL
-k: Skip TLS certificate verification

For example:

  • Scan the target website mysite.com, specify cookie for login scanning, URL suffix is php, html, 50 threads, and the dictionary file is common-files.txt.
gobuster dir -u https://mysite.com/ -c 'session=123456' -t 50 -w common-files.txt -x .php,.html
  • Use the --wildcard parameter to force scanning, filter out 301, 401, 403, 404, 500, and use 20 threads.
gobuster dir -u https://mysite.com/ -w common-files.txt --wildcard -b 301,401,403,404,500 -t 20

gobuster dir -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -u http://mysite.com/ -f -t 200

dns mode#

The dns mode is used to enumerate target subdomains.

  • Basic usage
gobuster dns -d mysite.com -w ~/wordlists/subdomains.txt
  • Common options

-d: Specify the domain name
-i: Display IP addresses
--wildcard: Similar to dir mode, force scanning when wildcard is found
-t: Specify scan speed

vhost mode#

The vhost mode is used to simulate virtual host attacks. It can help us enumerate the virtual hosts that exist on the target website without knowing all possible virtual hosts of the web application.

I encounter this mode more often when playing htb.

gobuster vhost -w /usr/share/wordlists/subnames.txt -u http://shoppy.htb

image

At the same time, in this mode, specifying dir can perform directory scanning.

gobuster vhost dir -u shoppy.htb -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt -t 150

fuzz mode#

The fuzz mode can be used to scan parameters of some URLs. For example, if there is a URL like this: http://example.com/about.php?id=1, and you need to enumerate the id parameter, you can use the fuzz mode to enumerate the parameters by replacing id with FUZZ.

gobuster fuzz -u http://example.com/about.php?FUZZ=1 -w parameter-names.txt

image

Other modes#

These are less commonly used, so I will simply list their usage.

  • s3
gobuster s3 -w bucket-names.txt
  • gcs
gobuster gcs -w bucket-names.txt
  • tftp
gobuster tftp -s tftp.example.com -w common-filenames.txt

There is a mind map about gobuster on @hacking articles.

image

References#

Images from: https://wallhaven.cc/

Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.