Skip to main content

gobuster: Notes

https://github.com/OJ/gobuster

# gobuster version
3.6
Usage:
  gobuster [command]

Available Commands:
  completion  Generate the autocompletion script for the specified shell
  dir         Uses directory/file enumeration mode
  dns         Uses DNS subdomain enumeration mode
  fuzz        Uses fuzzing mode. Replaces the keyword FUZZ in the URL, Headers and the request body
  gcs         Uses gcs bucket enumeration mode
  help        Help about any command
  s3          Uses aws bucket enumeration mode
  tftp        Uses TFTP enumeration mode
  version     shows the current version
  vhost       Uses VHOST enumeration mode (you most probably want to use the IP address as the URL parameter)

Flags:
      --debug                 Enable debug output
      --delay duration        Time each thread waits between requests (e.g. 1500ms)
  -h, --help                  help for gobuster
      --no-color              Disable color output
      --no-error              Don't display errors
  -z, --no-progress           Don't display progress
  -o, --output string         Output file to write results to (defaults to stdout)
  -p, --pattern string        File containing replacement patterns
  -q, --quiet                 Don't print the banner and other noise
  -t, --threads int           Number of concurrent threads (default 10)
  -v, --verbose               Verbose output (errors)
  -w, --wordlist string       Path to the wordlist. Set to - to use STDIN.
      --wordlist-offset int   Resume from a given position in the wordlist (defaults to 0)

Use "gobuster [command] --help" for more information about a command.

Example: Brute force file extensions php, txt, sh, xxa

root@X220:~# gobuster dir -u http://10.10.169.48/secret -w /usr/share/wordlists/dirb/common.txt -x php,txt,sh,xxa
===============================================================
Gobuster v3.0.1
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@_FireFart_)
===============================================================
[+] Url:            http://10.10.169.48/secret
[+] Threads:        10
[+] Wordlist:       /usr/share/wordlists/dirb/common.txt
[+] Status codes:   200,204,301,302,307,401,403
[+] User Agent:     gobuster/3.0.1
[+] Extensions:     xxa,php,txt,sh
[+] Timeout:        10s
===============================================================
2020/12/03 15:20:40 Starting gobuster
===============================================================
/secret.txt (Status: 200)
===============================================================
2020/12/03 15:24:28 Finished
===============================================================
root@X220:~#

Example: Brute force file extensions php, txt, html

gobuster dir -u http://10.10.196.97 -w /usr/share/seclists/Discovery/Web-Content/big.txt -x php,txt,html

Example: Brute force VHOST

gobuster vhost

Example dns subdomain

# gobuster dns -d team.thm -w /usr/share/wordlists/common.txt --wildcard
===============================================================
Gobuster v3.0.1
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@_FireFart_)
===============================================================
[+] Domain:            team.thm
[+] Threads:           10
[+] Wildcard forced:   true
[+] Timeout:           1s
[+] Wordlist:          /usr/share/wordlists/common.txt
===============================================================
2021/03/06 11:56:51 Starting gobuster
===============================================================
Found: dev.team.thm
===============================================================
2021/03/06 11:58:11 Finished
===============================================================
#

Referrences

Gobuster Tutorial – How to Find Hidden Directories, Sub-Domains, and S3 Buckets

Practice

Offensive Security Introduction

| Day 2

The Cod Caper | Task 3 - Web Enumeration

THM | Jeff

dirb

ffuf

Labels:

Popular posts from this blog

Qubes OS: Fedora 30

Create a new Standalone VM based on fedora-29 VM template Extend root partition: run command on dom0 tuyen@dom0:~ $ qvm-volume extend fedora-30:root 12288MB Set qrexec_timeout to 600 seconds tuyen@dom0:~ $ qvm-pref --set fedora-30 qrexec_timeout 600 $ sudo dnf upgrade --refresh $ sudo dnf install dnf-plugin-sytem-upgrade $ sudo dnf system-upgrade download --release=30 Install fedora-30 template Run the following command on dom0 terminal $ sudo qubes-dom0-update qubes-template-fedora-30 Install Adobe Flash Player Adobe Flash Player will not go away soon. So, let's grab the latest version of Adobe Flash Player , then install using yum or dnf command. Verify if Adobe Flash Player is installed and works by visiting https://helpx.adobe.com/flash-player.html [user@fedora-30 ~]$ sudo dnf install Downloads/flash-player-npapi-32.0.0.238-release.x86_64.rpm Last metadata expiration check: 0:37:03 ago on Fri Aug 30 09:18:10 2019. Dependencies resolved. =========...
Read more

How to charge your device from USB Port

First of all, check BIOS Settings of your laptop or desktop Dell Look for USB PowerShare BIOS Settings: USB PowerShare Lenovo Look for Always On USB Charge in Off Mode BIOS Settings: Enable Always On USB Charge in Off Mode
Read more

Python: Free Online Courses

Ever thinking about which programming language to learn first? You can learn Python for free with these online courses.
Read more