Skip to main content

gobuster: Notes

https://github.com/OJ/gobuster

# gobuster
Usage:
  gobuster [command]

Available Commands:
  dir         Uses directory/file brutceforcing mode
  dns         Uses DNS subdomain bruteforcing mode
  help        Help about any command
  vhost       Uses VHOST bruteforcing mode

Flags:
  -h, --help              help for gobuster
  -z, --noprogress        Don't display progress
  -o, --output string     Output file to write results to (defaults to stdout)
  -q, --quiet             Don't print the banner and other noise
  -t, --threads int       Number of concurrent threads (default 10)
  -v, --verbose           Verbose output (errors)
  -w, --wordlist string   Path to the wordlist

Use "gobuster [command] --help" for more information about a command.

Example: Brute force file extensions php, txt, sh, xxa

root@X220:~# gobuster dir -u http://10.10.169.48/secret -w /usr/share/wordlists/dirb/common.txt -x php,txt,sh,xxa
===============================================================
Gobuster v3.0.1
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@_FireFart_)
===============================================================
[+] Url:            http://10.10.169.48/secret
[+] Threads:        10
[+] Wordlist:       /usr/share/wordlists/dirb/common.txt
[+] Status codes:   200,204,301,302,307,401,403
[+] User Agent:     gobuster/3.0.1
[+] Extensions:     xxa,php,txt,sh
[+] Timeout:        10s
===============================================================
2020/12/03 15:20:40 Starting gobuster
===============================================================
/secret.txt (Status: 200)
===============================================================
2020/12/03 15:24:28 Finished
===============================================================
root@X220:~#

Example: Brute force file extensions php, txt, html

gobuster dir -u http://10.10.196.97 -w /usr/share/seclists/Discovery/Web-Content/big.txt -x php,txt,html

Example: Brute force VHOST

gobuster vhost

Example dns subdomain

# gobuster dns -d team.thm -w /usr/share/wordlists/common.txt --wildcard
===============================================================
Gobuster v3.0.1
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@_FireFart_)
===============================================================
[+] Domain:            team.thm
[+] Threads:           10
[+] Wildcard forced:   true
[+] Timeout:           1s
[+] Wordlist:          /usr/share/wordlists/common.txt
===============================================================
2021/03/06 11:56:51 Starting gobuster
===============================================================
Found: dev.team.thm
===============================================================
2021/03/06 11:58:11 Finished
===============================================================
#

Practice

| Day 2

The Cod Caper | Task 3 - Web Enumeration

THM | Jeff

Labels:

Popular posts from this blog

Microsoft Windows Server 2012 R2 Standard Evaluation Product Key

Microsoft Windows Server 2012 R2 Standard Evaluation D2N9P-3P6X9-2R39C-7RTCD-MDVJX DBGBW-NPF86-BJVTX-K3WKJ-MTB6V
Read more

ManageEngine ServiceDesk Plus - Reset password

Let's reset the default administrator's password to 'admin'
Read more

hmailserver: Notes from the field

hmailserver is one of free open source mail servers running on Microsoft Windows operating system.
Read more