6a2b40ff86
This was cherry-picked from the gomod branch instead of being merged as a PR for two reasons: 1) The vhost plugin addition isn't yet ready for merging, as there's a lot of code duplication. 2) This code can technically be merged as is without the mods to the vhost plugin. When/If we're ready to merge the vhost plugin we'll fix that side up. |
||
---|---|---|
cli | ||
gobusterdir | ||
gobusterdns | ||
libgobuster | ||
.gitignore | ||
.travis.yml | ||
LICENSE | ||
Makefile | ||
README.md | ||
THANKS | ||
TODO.md | ||
go.mod | ||
go.sum | ||
main.go | ||
make.bat |
Gobuster v3.0.0 (OJ Reeves @TheColonial)
Gobuster is a tool used to brute-force:
- URIs (directories and files) in web sites.
- DNS subdomains (with wildcard support).
Tags, Statuses, etc
Oh dear God.. WHY!?
Because I wanted:
- ... something that didn't have a fat Java GUI (console FTW).
- ... to build something that just worked on the command line.
- ... something that did not do recursive brute force.
- ... something that allowed me to brute force folders and multiple extensions at once.
- ... something that compiled to native on multiple platforms.
- ... something that was faster than an interpreted script (such as Python).
- ... something that didn't require a runtime.
- ... use something that was good with concurrency (hence Go).
- ... to build something in Go that wasn't totally useless.
But it's shit! And your implementation sucks!
Yes, you're probably correct. Feel free to:
- Not use it.
- Show me how to do it better.
Love this tool? Back it!
If you're backing us already, you rock. If you're not, that's cool too! Want to back us? Become a backer!
All funds that are donated to this project will be donated to charity. A full log of charity donations will be available in this repository as they are processed.
Available modes
dir uses dir mode
dns uses dns mode
Common Command line options
-h, --help Help for gobuster
--noprogress Don't display progress
-o, --output string Output file to write results to (defaults to stdout)
-q, --quiet Don't print the banner and other noise
-t, --threads int Number of concurrent threads (default 10)
-v, --verbose Verbose output (errors)
-w, --wordlist string Path to the wordlist
Command line options for dns
mode
-d, --domain string The target domain
-h, --help Help for dns
-r, --resolver string Use custom DNS server (format server.com or server.com:port)
-c, --showcname Show CNAME records (cannot be used with '-i' option)
-i, --showips Show IP addresses
--timeout duration DNS resolver timeout (default 1s)
--wildcard Force continued operation when wildcard found
Command line options for dir
mode
-f, --addslash Apped / to each request
-c, --cookies string Cookies to use for the requests
-e, --expanded Expanded mode, print full URLs
-x, --extensions string File extension(s) to search for
-r, --followredirect Follow redirects
-h, --help Help for dir
-l, --includelength Include the length of the body in the output
-k, --insecuressl Skip SSL certificate verification
-n, --nostatus Don't print status codes
-P, --password string Password for Basic Auth
-p, --proxy string Proxy to use for requests [http(s)://host:port]
-s, --statuscodes string Positive status codes (default "200,204,301,302,307,401,403")
--timeout duration HTTP Timeout (default 10s)
-u, --url string The target URL
-a, --useragent string Set the User-Agent string (default "gobuster/3.0.0")
-U, --username string Username for Basic Auth
--wildcard Force continued operation when wildcard found
Building
Since this tool is written in Go you need install the Go language/compiler/etc. Full details of installation and set up can be found on the Go language website. Once installed you have two options.
Compiling
gobuster
now has external dependencies, and so they need to be pulled in first:
go get && go build
This will create a gobuster
binary for you. If you want to install it in the $GOPATH/bin
folder you can run:
go install
If you have all the dependencies already, you can make use of the build scripts:
make
- builds for the current Go configuration (ie. runsgo build
).make windows
- builds 32 and 64 bit binaries for windows, and writes them to thebuild
subfolder.make linux
- builds 32 and 64 bit binaries for linux, and writes them to thebuild
subfolder.make darwin
- builds 32 and 64 bit binaries for darwin, and writes them to thebuild
subfolder.make all
- builds for all platforms and architectures, and writes the resulting binaries to thebuild
subfolder.make clean
- clears out thebuild
subfolder.make test
- runs the tests.
Running as a script
go run main.go <parameters>
Wordlists via STDIN
Wordlists can be piped into gobuster
via stdin by providing a -
to the -w
option:
hashcat -a 3 --stdout ?l | gobuster dir -u https://mysite.com -w -
Note: If the -w
option is specified at the same time as piping from STDIN, an error will be shown and the program will terminate.
Examples
dir
mode
Command line might look like this:
gobuster dir -u https://mysite.com/path/to/folder -c 'session=123456' -t 50 -w common-files.txt -x .php,.html
Default options looks like this:
gobuster dir -u https://buffered.io -w ~/wordlists/shortlist.txt
=====================================================
Gobuster v3.0.0 OJ Reeves (@TheColonial)
=====================================================
[+] Mode : dir
[+] Url/Domain : https://buffered.io/
[+] Threads : 10
[+] Wordlist : /home/oj/wordlists/shortlist.txt
[+] Status codes : 200,204,301,302,307,401,403
[+] User Agent : gobuster/3.0.1
[+] Timeout : 10s
=====================================================
2018/08/27 11:49:43 Starting gobuster
=====================================================
/categories (Status: 301)
/contact (Status: 301)
/posts (Status: 301)
/index (Status: 200)
=====================================================
2018/08/27 11:49:44 Finished
=====================================================
Default options with status codes disabled looks like this:
gobuster dir -u https://buffered.io -w ~/wordlists/shortlist.txt -n
=====================================================
Gobuster v3.0.0 OJ Reeves (@TheColonial)
=====================================================
[+] Mode : dir
[+] Url/Domain : https://buffered.io/
[+] Threads : 10
[+] Wordlist : /home/oj/wordlists/shortlist.txt
[+] Status codes : 200,204,301,302,307,401,403
[+] User Agent : gobuster/3.0.1
[+] No status : true
[+] Timeout : 10s
=====================================================
2018/08/27 11:50:18 Starting gobuster
=====================================================
/categories
/contact
/index
/posts
=====================================================
2018/08/27 11:50:18 Finished
=====================================================
Verbose output looks like this:
gobuster dir -u https://buffered.io -w ~/wordlists/shortlist.txt -v
=====================================================
Gobuster v3.0.0 OJ Reeves (@TheColonial)
=====================================================
[+] Mode : dir
[+] Url/Domain : https://buffered.io/
[+] Threads : 10
[+] Wordlist : /home/oj/wordlists/shortlist.txt
[+] Status codes : 200,204,301,302,307,401,403
[+] User Agent : gobuster/3.0.1
[+] Verbose : true
[+] Timeout : 10s
=====================================================
2018/08/27 11:50:51 Starting gobuster
=====================================================
Missed: /alsodoesnotexist (Status: 404)
Found: /index (Status: 200)
Missed: /doesnotexist (Status: 404)
Found: /categories (Status: 301)
Found: /posts (Status: 301)
Found: /contact (Status: 301)
=====================================================
2018/08/27 11:50:51 Finished
=====================================================
Example showing content length:
gobuster dir -u https://buffered.io -w ~/wordlists/shortlist.txt -l
=====================================================
Gobuster v3.0.0 OJ Reeves (@TheColonial)
=====================================================
[+] Mode : dir
[+] Url/Domain : https://buffered.io/
[+] Threads : 10
[+] Wordlist : /home/oj/wordlists/shortlist.txt
[+] Status codes : 200,204,301,302,307,401,403
[+] User Agent : gobuster/3.0.1
[+] Show length : true
[+] Timeout : 10s
=====================================================
2018/08/27 11:51:16 Starting gobuster
=====================================================
/categories (Status: 301) [Size: 178]
/posts (Status: 301) [Size: 178]
/contact (Status: 301) [Size: 178]
/index (Status: 200) [Size: 51759]
=====================================================
2018/08/27 11:51:17 Finished
=====================================================
Quiet output, with status disabled and expanded mode looks like this ("grep mode"):
gobuster dir -u https://buffered.io -w ~/wordlists/shortlist.txt -q -n -e
https://buffered.io/index
https://buffered.io/contact
https://buffered.io/posts
https://buffered.io/categories
dns
mode
Command line might look like this:
gobuster dns -d mysite.com -t 50 -w common-names.txt
Normal sample run goes like this:
gobuster dns -d google.com -w ~/wordlists/subdomains.txt
=====================================================
Gobuster v3.0.0 OJ Reeves (@TheColonial)
=====================================================
[+] Mode : dns
[+] Url/Domain : google.com
[+] Threads : 10
[+] Wordlist : /home/oj/wordlists/subdomains.txt
=====================================================
2018/08/27 11:54:20 Starting gobuster
=====================================================
Found: chrome.google.com
Found: ns1.google.com
Found: admin.google.com
Found: www.google.com
Found: m.google.com
Found: support.google.com
Found: translate.google.com
Found: cse.google.com
Found: news.google.com
Found: music.google.com
Found: mail.google.com
Found: store.google.com
Found: mobile.google.com
Found: search.google.com
Found: wap.google.com
Found: directory.google.com
Found: local.google.com
Found: blog.google.com
=====================================================
2018/08/27 11:54:20 Finished
=====================================================
Show IP sample run goes like this:
gobuster dns -d google.com -w ~/wordlists/subdomains.txt -i
=====================================================
Gobuster v3.0.0 OJ Reeves (@TheColonial)
=====================================================
[+] Mode : dns
[+] Url/Domain : google.com
[+] Threads : 10
[+] Wordlist : /home/oj/wordlists/subdomains.txt
=====================================================
2018/08/27 11:54:54 Starting gobuster
=====================================================
Found: www.google.com [172.217.25.36, 2404:6800:4006:802::2004]
Found: admin.google.com [172.217.25.46, 2404:6800:4006:806::200e]
Found: store.google.com [172.217.167.78, 2404:6800:4006:802::200e]
Found: mobile.google.com [172.217.25.43, 2404:6800:4006:802::200b]
Found: ns1.google.com [216.239.32.10, 2001:4860:4802:32::a]
Found: m.google.com [172.217.25.43, 2404:6800:4006:802::200b]
Found: cse.google.com [172.217.25.46, 2404:6800:4006:80a::200e]
Found: chrome.google.com [172.217.25.46, 2404:6800:4006:802::200e]
Found: search.google.com [172.217.25.46, 2404:6800:4006:802::200e]
Found: local.google.com [172.217.25.46, 2404:6800:4006:80a::200e]
Found: news.google.com [172.217.25.46, 2404:6800:4006:802::200e]
Found: blog.google.com [216.58.199.73, 2404:6800:4006:806::2009]
Found: support.google.com [172.217.25.46, 2404:6800:4006:802::200e]
Found: wap.google.com [172.217.25.46, 2404:6800:4006:802::200e]
Found: directory.google.com [172.217.25.46, 2404:6800:4006:802::200e]
Found: translate.google.com [172.217.25.46, 2404:6800:4006:802::200e]
Found: music.google.com [172.217.25.46, 2404:6800:4006:802::200e]
Found: mail.google.com [172.217.25.37, 2404:6800:4006:802::2005]
=====================================================
2018/08/27 11:54:55 Finished
=====================================================
Base domain validation warning when the base domain fails to resolve. This is a warning rather than a failure in case the user fat-fingers while typing the domain.
gobuster dns -d yp.to -w ~/wordlists/subdomains.txt -i
=====================================================
Gobuster v3.0.0 OJ Reeves (@TheColonial)
=====================================================
[+] Mode : dns
[+] Url/Domain : yp.to
[+] Threads : 10
[+] Wordlist : /home/oj/wordlists/subdomains.txt
=====================================================
2018/08/27 11:56:43 Starting gobuster
=====================================================
2018/08/27 11:56:53 [-] Unable to validate base domain: yp.to
Found: cr.yp.to [131.193.32.108, 131.193.32.109]
=====================================================
2018/08/27 11:56:53 Finished
=====================================================
Wildcard DNS is also detected properly:
gobuster dns -d 0.0.1.xip.io -w ~/wordlists/subdomains.txt
=====================================================
Gobuster v3.0.0 OJ Reeves (@TheColonial)
=====================================================
[+] Mode : dns
[+] Url/Domain : 0.0.1.xip.io
[+] Threads : 10
[+] Wordlist : /home/oj/wordlists/subdomains.txt
=====================================================
2018/08/27 12:13:48 Starting gobuster
=====================================================
2018/08/27 12:13:48 [-] Wildcard DNS found. IP address(es): 1.0.0.0
2018/08/27 12:13:48 [!] To force processing of Wildcard DNS, specify the '--wildcard' switch.
=====================================================
2018/08/27 12:13:48 Finished
=====================================================
If the user wants to force processing of a domain that has wildcard entries, use --wildcard
:
gobuster dns -d 0.0.1.xip.io -w ~/wordlists/subdomains.txt --wildcard
=====================================================
Gobuster v3.0.0 OJ Reeves (@TheColonial)
=====================================================
[+] Mode : dns
[+] Url/Domain : 0.0.1.xip.io
[+] Threads : 10
[+] Wordlist : /home/oj/wordlists/subdomains.txt
=====================================================
2018/08/27 12:13:51 Starting gobuster
=====================================================
2018/08/27 12:13:51 [-] Wildcard DNS found. IP address(es): 1.0.0.0
Found: 127.0.0.1.xip.io
Found: test.127.0.0.1.xip.io
=====================================================
2018/08/27 12:13:53 Finished
=====================================================
License
See the LICENSE file.
Thanks
See the THANKS file for people who helped out.