Skip to main content

gobuster: Notes

https://github.com/OJ/gobuster

# gobuster version
3.6
Usage:
  gobuster [command]

Available Commands:
  completion  Generate the autocompletion script for the specified shell
  dir         Uses directory/file enumeration mode
  dns         Uses DNS subdomain enumeration mode
  fuzz        Uses fuzzing mode. Replaces the keyword FUZZ in the URL, Headers and the request body
  gcs         Uses gcs bucket enumeration mode
  help        Help about any command
  s3          Uses aws bucket enumeration mode
  tftp        Uses TFTP enumeration mode
  version     shows the current version
  vhost       Uses VHOST enumeration mode (you most probably want to use the IP address as the URL parameter)

Flags:
      --debug                 Enable debug output
      --delay duration        Time each thread waits between requests (e.g. 1500ms)
  -h, --help                  help for gobuster
      --no-color              Disable color output
      --no-error              Don't display errors
  -z, --no-progress           Don't display progress
  -o, --output string         Output file to write results to (defaults to stdout)
  -p, --pattern string        File containing replacement patterns
  -q, --quiet                 Don't print the banner and other noise
  -t, --threads int           Number of concurrent threads (default 10)
  -v, --verbose               Verbose output (errors)
  -w, --wordlist string       Path to the wordlist. Set to - to use STDIN.
      --wordlist-offset int   Resume from a given position in the wordlist (defaults to 0)

Use "gobuster [command] --help" for more information about a command.

Example: Brute force file extensions php, txt, sh, xxa

root@X220:~# gobuster dir -u http://10.10.169.48/secret -w /usr/share/wordlists/dirb/common.txt -x php,txt,sh,xxa
===============================================================
Gobuster v3.0.1
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@_FireFart_)
===============================================================
[+] Url:            http://10.10.169.48/secret
[+] Threads:        10
[+] Wordlist:       /usr/share/wordlists/dirb/common.txt
[+] Status codes:   200,204,301,302,307,401,403
[+] User Agent:     gobuster/3.0.1
[+] Extensions:     xxa,php,txt,sh
[+] Timeout:        10s
===============================================================
2020/12/03 15:20:40 Starting gobuster
===============================================================
/secret.txt (Status: 200)
===============================================================
2020/12/03 15:24:28 Finished
===============================================================
root@X220:~#

Example: Brute force file extensions php, txt, html

gobuster dir -u http://10.10.196.97 -w /usr/share/seclists/Discovery/Web-Content/big.txt -x php,txt,html

Example: Brute force VHOST

gobuster vhost

Example dns subdomain

# gobuster dns -d team.thm -w /usr/share/wordlists/common.txt --wildcard
===============================================================
Gobuster v3.0.1
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@_FireFart_)
===============================================================
[+] Domain:            team.thm
[+] Threads:           10
[+] Wildcard forced:   true
[+] Timeout:           1s
[+] Wordlist:          /usr/share/wordlists/common.txt
===============================================================
2021/03/06 11:56:51 Starting gobuster
===============================================================
Found: dev.team.thm
===============================================================
2021/03/06 11:58:11 Finished
===============================================================
#

Referrences

Gobuster Tutorial – How to Find Hidden Directories, Sub-Domains, and S3 Buckets

Practice

Offensive Security Introduction

| Day 2

The Cod Caper | Task 3 - Web Enumeration

THM | Jeff

Labels

Labels:

Popular posts from this blog

Install Microsoft .NET Core SDK

.NET Core Software Development Kit (SDK) is a set of libraries and tools that allow developers to create .NET Core applications and libraries.
Read more

Powershell: Test-NetConnection

PS C:\Users\tuyen> get-help Test-NetConnection NAME     Test-NetConnection SYNTAX     Test-NetConnection [[-ComputerName] <string>] [-TraceRoute] [-Hops <int>] [-InformationLevel {Quiet |     Detailed}]  [<CommonParameters>]     Test-NetConnection [[-ComputerName] <string>] [-CommonTCPPort] {HTTP | RDP | SMB | WINRM}     [-InformationLevel {Quiet | Detailed}]  [<CommonParameters>]     Test-NetConnection [[-ComputerName] <string>] -Port <int> [-InformationLevel {Quiet | Detailed}]     [<CommonParameters>]     Test-NetConnection [[-ComputerName] <string>] -DiagnoseRouting [-ConstrainSourceAddress <string>]     [-ConstrainInterface <uint32>] [-InformationLevel {Quiet | Detailed}]  [<CommonParameters>] ALIASES     TNC REMARKS     Get-Help cannot find the Help files fo...
Read more

Linux command: lastlog

lastlog command reports the most recent login of all users or of a given user. NAME lastlog - reports the most recent login of all users or of a given user SYNOPSIS lastlog [options] DESCRIPTION lastlog formats and prints the contents of the last login log /var/log/lastlog file. The login-name, port, and last login time will be printed. The default (no flags) causes lastlog entries to be printed, sorted by their order in /etc/passwd. OPTIONS The options which apply to the lastlog command are: -b, --before DAYS Print only lastlog records older than DAYS. -h, --help Display help message and exit. -R, --root CHROOT_DIR Apply changes in the CHROOT_DIR directory and use the configuration files from the CHROOT_DIR directory. -t, --time DAYS Print the lastlog records more recent than DAYS. -u, --user LOGIN|RANGE Print the ...
Read more