gobuster/README.md

Gobuster v0.2 (OJ Reeves @TheColonial)
======================================

Alternative directory and file busting tool written in Go.

### Oh dear God.. WHY!?

Because I wanted:

1. ... something that didn't have a fat Java GUI (console FTW).
1. ... to build something that just worked on the command line.
1. ... something that did not do recursive brute force.
1. ... something that allowed me to brute force folders and multiple extensions at once.
1. ... something that compiled to native on multiple platforms.
1. ... something that was faster than an interpreted script (such as Python).
1. ... something that didn't require a runtime.
1. ... use something that was good with concurrency (hence Go).
1. ... to build something in Go that wasn't totally useless.

### But it's shit! And your implementation sucks!

Yes, you're probably correct. Feel free to :

* Not use it.
* Show me how to do it better.

### Command line options

* `-c=<http cookies>` - use this to specify any cookies that you might need (simulating auth).
* `-f=<true|false>` - set to `true` if you want to append `/` for directory brute forces.
* `-s=<status codes>` - comma-separated set of the list of status codes to be deemed a "positive" (default: `200,204,301,302,307`).
* `-t=<threads>` - number of threads to run (default: `10`).
* `-u=<url>` - full to the folder to brute force, including scheme.
* `-v=<true|false>` - verbose output.
* `-w=<wordlist>` - path to the wordlist used for brute forcing.
* `-x=<extensions>` - list of extensions to check for, if any.

### Examples
Command line might look like this:
```
$ ./gobuster -u=https://mysite.com/path/to/folder '-c=session=123456' -t=50 -w=common-files.txt -x=.php,.html
```
Sample run goes like this:
```
./gobuster -w=words.txt -u=http://buffered.io/ -x=.html -v=true                                                ◼
Gobuster v0.2 (OJ Reeves @TheColonial)
======================================
[+] Url          : http://buffered.io/
[+] Threads      : 10
[+] Wordlist     : words.txt
[+] Status codes : 301,302,307,200,204
[+] Extensions   : .html
[+] Dislpay all  : true
======================================
Found: /index (200)
Found: /index.html (200)
Result: /posts (404)
Found: /contact (200)
Result: /contact.html (404)
Result: /posts.html (404)
```

### License

See the LICENSE file.
Add readme 2015-02-01 12:51:58 +01:00			`Gobuster v0.2 (OJ Reeves @TheColonial)`
			`======================================`

			`Alternative directory and file busting tool written in Go.`

			`### Oh dear God.. WHY!?`

			`Because I wanted:`

			`1. ... something that didn't have a fat Java GUI (console FTW).`
			`1. ... to build something that just worked on the command line.`
			`1. ... something that did not do recursive brute force.`
fix typo 2015-02-04 21:56:16 +01:00			`1. ... something that allowed me to brute force folders and multiple extensions at once.`
Add readme 2015-02-01 12:51:58 +01:00			`1. ... something that compiled to native on multiple platforms.`
			`1. ... something that was faster than an interpreted script (such as Python).`
			`1. ... something that didn't require a runtime.`
			`1. ... use something that was good with concurrency (hence Go).`
			`1. ... to build something in Go that wasn't totally useless.`

			`### But it's shit! And your implementation sucks!`

			`Yes, you're probably correct. Feel free to :`

			`* Not use it.`
			`* Show me how to do it better.`

			`### Command line options`

			* `-c=<http cookies>` - use this to specify any cookies that you might need (simulating auth).
			* `-f=<true\|false>` - set to `true` if you want to append `/` for directory brute forces.
			* `-s=<status codes>` - comma-separated set of the list of status codes to be deemed a "positive" (default: `200,204,301,302,307`).
			* `-t=<threads>` - number of threads to run (default: `10`).
			* `-u=<url>` - full to the folder to brute force, including scheme.
			* `-v=<true\|false>` - verbose output.
			* `-w=<wordlist>` - path to the wordlist used for brute forcing.
			* `-x=<extensions>` - list of extensions to check for, if any.

			`### Examples`
updated readme 2015-02-01 12:54:15 +01:00			`Command line might look like this:`
Add readme 2015-02-01 12:51:58 +01:00			```
			`$ ./gobuster -u=https://mysite.com/path/to/folder '-c=session=123456' -t=50 -w=common-files.txt -x=.php,.html`
			```
updated readme 2015-02-01 12:54:15 +01:00			`Sample run goes like this:`
			```
			`./gobuster -w=words.txt -u=http://buffered.io/ -x=.html -v=true ◼`
			`Gobuster v0.2 (OJ Reeves @TheColonial)`
			`======================================`
			`[+] Url : http://buffered.io/`
			`[+] Threads : 10`
			`[+] Wordlist : words.txt`
			`[+] Status codes : 301,302,307,200,204`
			`[+] Extensions : .html`
			`[+] Dislpay all : true`
			`======================================`
			`Found: /index (200)`
			`Found: /index.html (200)`
			`Result: /posts (404)`
			`Found: /contact (200)`
			`Result: /contact.html (404)`
			`Result: /posts.html (404)`
			```
Add readme 2015-02-01 12:51:58 +01:00
			`### License`

			`See the LICENSE file.`