Gobuster

From aldeid
Jump to navigation Jump to search

Description

Gobuster is a tool used to brute-force:

  • URIs (directories and files) in web sites.
  • DNS subdomains (with wildcard support).
  • Virtual Host names on target web servers.

Installation

$ sudo apt install gobuster

Usage

Syntax

gobuster [options]

Options

-P string
Password for Basic Auth (dir mode only)
-U string
Username for Basic Auth (dir mode only)
-a string
Set the User-Agent string (dir mode only)
-c string
Cookies to use for the requests (dir mode only)
-cn
Show CNAME records (dns mode only, cannot be used with '-i' option)
-e
Expanded mode, print full URLs
-f
Append a forward-slash to each directory request (dir mode only)
-fw
Force continued operation when wildcard found
-i
Show IP addresses (dns mode only)
-k
Skip SSL certificate verification
-l
Include the length of the body in the output (dir mode only)
-m string
Directory/File mode (dir) or DNS mode (dns) (default "dir")
-n
Don't print status codes
-np
Don't display progress
-o string
Output file to write results to (defaults to stdout)
-p string
Proxy to use for requests [http(s)://host:port] (dir mode only)
-q
Don't print the banner and other noise
-r
Follow redirects
-s string
Positive status codes (dir mode only) (default "200,204,301,302,307,403")
-t int
Number of concurrent threads (default 10)
-to duration
HTTP Timeout in seconds (dir mode only) (default 10s)
-u string
The target URL or Domain
-v
Verbose output (errors)
-w string
Path to the wordlist
-x string
File extension(s) to search for (dir mode only)

Example

$ gobuster -w /data/src/wordlists/apache.txt -u http://10.10.124.19/

=====================================================
Gobuster v2.0.1              OJ Reeves (@TheColonial)
=====================================================
[+] Mode         : dir
[+] Url/Domain   : http://10.10.124.19/
[+] Threads      : 10
[+] Wordlist     : /data/src/wordlists/apache.txt
[+] Status codes : 200,204,301,302,307,403
[+] Timeout      : 10s
=====================================================
2020/04/29 07:45:07 Starting gobuster
=====================================================
/.htpasswd (Status: 403)
/.htaccess (Status: 403)
/index.html (Status: 200)
/server-status (Status: 403)
=====================================================
2020/04/29 07:45:07 Finished
=====================================================

Comments

Keywords: gobuster directory reconnaissance bruteforce