mirror of https://github.com/OJ/gobuster.git synced 2024-05-04 22:46:07 +02:00

Directory/File, DNS and VHost busting tool written in Go

Go to file

Christian Mehlmauer 6a2b40ff86 Cherry-picked the gomodules code from #117 This was cherry-picked from the gomod branch instead of being merged as a PR for two reasons: 1) The vhost plugin addition isn't yet ready for merging, as there's a lot of code duplication. 2) This code can technically be merged as is without the mods to the vhost plugin. When/If we're ready to merge the vhost plugin we'll fix that side up.		2019-01-09 11:17:46 +10:00
cli	Cherry-picked the gomodules code from #117	2019-01-09 11:17:46 +10:00
gobusterdir	Cherry-picked the gomodules code from #117	2019-01-09 11:17:46 +10:00
gobusterdns	Cherry-picked the gomodules code from #117	2019-01-09 11:17:46 +10:00
libgobuster	Update version numbers, README, spelling and user agent	2019-01-09 10:48:39 +10:00
.gitignore	Add simple build scripts	2018-08-28 09:46:11 +10:00
.travis.yml	Cherry-picked the gomodules code from #117	2019-01-09 11:17:46 +10:00
LICENSE	Initial commit	2014-11-14 23:18:35 +10:00
Makefile	Cherry-picked the gomodules code from #117	2019-01-09 11:17:46 +10:00
README.md	Update version numbers, README, spelling and user agent	2019-01-09 10:48:39 +10:00
THANKS	Updated README, THANKS and some error messaging stuff	2018-08-27 12:15:37 +10:00
TODO.md	use tabwriter for output	2018-12-11 20:58:23 +01:00
go.mod	Cherry-picked the gomodules code from #117	2019-01-09 11:17:46 +10:00
go.sum	Cherry-picked the gomodules code from #117	2019-01-09 11:17:46 +10:00
main.go	Cherry-picked the gomodules code from #117	2019-01-09 11:17:46 +10:00
make.bat	Cherry-picked the gomodules code from #117	2019-01-09 11:17:46 +10:00

README.md

Gobuster v3.0.0 (OJ Reeves @TheColonial)

Gobuster is a tool used to brute-force:

URIs (directories and files) in web sites.
DNS subdomains (with wildcard support).

Tags, Statuses, etc

Oh dear God.. WHY!?

Because I wanted:

... something that didn't have a fat Java GUI (console FTW).
... to build something that just worked on the command line.
... something that did not do recursive brute force.
... something that allowed me to brute force folders and multiple extensions at once.
... something that compiled to native on multiple platforms.
... something that was faster than an interpreted script (such as Python).
... something that didn't require a runtime.
... use something that was good with concurrency (hence Go).
... to build something in Go that wasn't totally useless.

But it's shit! And your implementation sucks!

Yes, you're probably correct. Feel free to:

Not use it.
Show me how to do it better.

Love this tool? Back it!

If you're backing us already, you rock. If you're not, that's cool too! Want to back us? Become a backer!

All funds that are donated to this project will be donated to charity. A full log of charity donations will be available in this repository as they are processed.

Available modes

dir         uses dir mode
dns         uses dns mode

Common Command line options

-h, --help              Help for gobuster
    --noprogress        Don't display progress
-o, --output string     Output file to write results to (defaults to stdout)
-q, --quiet             Don't print the banner and other noise
-t, --threads int       Number of concurrent threads (default 10)
-v, --verbose           Verbose output (errors)
-w, --wordlist string   Path to the wordlist

Command line options for `dns` mode

-d, --domain string      The target domain
-h, --help               Help for dns
-r, --resolver string    Use custom DNS server (format server.com or server.com:port)
-c, --showcname          Show CNAME records (cannot be used with '-i' option)
-i, --showips            Show IP addresses
    --timeout duration   DNS resolver timeout (default 1s)
    --wildcard           Force continued operation when wildcard found

Command line options for `dir` mode

-f, --addslash             Apped / to each request
-c, --cookies string       Cookies to use for the requests
-e, --expanded             Expanded mode, print full URLs
-x, --extensions string    File extension(s) to search for
-r, --followredirect       Follow redirects
-h, --help                 Help for dir
-l, --includelength        Include the length of the body in the output
-k, --insecuressl          Skip SSL certificate verification
-n, --nostatus             Don't print status codes
-P, --password string      Password for Basic Auth
-p, --proxy string         Proxy to use for requests [http(s)://host:port]
-s, --statuscodes string   Positive status codes (default "200,204,301,302,307,401,403")
    --timeout duration     HTTP Timeout (default 10s)
-u, --url string           The target URL
-a, --useragent string     Set the User-Agent string (default "gobuster/3.0.0")
-U, --username string      Username for Basic Auth
    --wildcard             Force continued operation when wildcard found

Building

Since this tool is written in Go you need install the Go language/compiler/etc. Full details of installation and set up can be found on the Go language website. Once installed you have two options.

Compiling

gobuster now has external dependencies, and so they need to be pulled in first:

go get && go build

This will create a gobuster binary for you. If you want to install it in the $GOPATH/bin folder you can run:

go install

If you have all the dependencies already, you can make use of the build scripts:

make - builds for the current Go configuration (ie. runs go build).
make windows - builds 32 and 64 bit binaries for windows, and writes them to the build subfolder.
make linux - builds 32 and 64 bit binaries for linux, and writes them to the build subfolder.
make darwin - builds 32 and 64 bit binaries for darwin, and writes them to the build subfolder.
make all - builds for all platforms and architectures, and writes the resulting binaries to the build subfolder.
make clean - clears out the build subfolder.
make test - runs the tests.

Running as a script

go run main.go <parameters>

Wordlists via STDIN

Wordlists can be piped into gobuster via stdin by providing a - to the -w option:

hashcat -a 3 --stdout ?l | gobuster dir -u https://mysite.com -w -

Note: If the -w option is specified at the same time as piping from STDIN, an error will be shown and the program will terminate.

Examples

`dir` mode

Command line might look like this:

gobuster dir -u https://mysite.com/path/to/folder -c 'session=123456' -t 50 -w common-files.txt -x .php,.html

Default options looks like this:

gobuster dir -u https://buffered.io -w ~/wordlists/shortlist.txt

=====================================================
Gobuster v3.0.0              OJ Reeves (@TheColonial)
=====================================================
[+] Mode         : dir
[+] Url/Domain   : https://buffered.io/
[+] Threads      : 10
[+] Wordlist     : /home/oj/wordlists/shortlist.txt
[+] Status codes : 200,204,301,302,307,401,403
[+] User Agent   : gobuster/3.0.1
[+] Timeout      : 10s
=====================================================
2018/08/27 11:49:43 Starting gobuster
=====================================================
/categories (Status: 301)
/contact (Status: 301)
/posts (Status: 301)
/index (Status: 200)
=====================================================
2018/08/27 11:49:44 Finished
=====================================================

Default options with status codes disabled looks like this:

gobuster dir -u https://buffered.io -w ~/wordlists/shortlist.txt -n

=====================================================
Gobuster v3.0.0              OJ Reeves (@TheColonial)
=====================================================
[+] Mode         : dir
[+] Url/Domain   : https://buffered.io/
[+] Threads      : 10
[+] Wordlist     : /home/oj/wordlists/shortlist.txt
[+] Status codes : 200,204,301,302,307,401,403
[+] User Agent   : gobuster/3.0.1
[+] No status    : true
[+] Timeout      : 10s
=====================================================
2018/08/27 11:50:18 Starting gobuster
=====================================================
/categories
/contact
/index
/posts
=====================================================
2018/08/27 11:50:18 Finished
=====================================================

Verbose output looks like this:

gobuster dir -u https://buffered.io -w ~/wordlists/shortlist.txt -v

=====================================================
Gobuster v3.0.0              OJ Reeves (@TheColonial)
=====================================================
[+] Mode         : dir
[+] Url/Domain   : https://buffered.io/
[+] Threads      : 10
[+] Wordlist     : /home/oj/wordlists/shortlist.txt
[+] Status codes : 200,204,301,302,307,401,403
[+] User Agent   : gobuster/3.0.1
[+] Verbose      : true
[+] Timeout      : 10s
=====================================================
2018/08/27 11:50:51 Starting gobuster
=====================================================
Missed: /alsodoesnotexist (Status: 404)
Found: /index (Status: 200)
Missed: /doesnotexist (Status: 404)
Found: /categories (Status: 301)
Found: /posts (Status: 301)
Found: /contact (Status: 301)
=====================================================
2018/08/27 11:50:51 Finished
=====================================================

Example showing content length:

gobuster dir -u https://buffered.io -w ~/wordlists/shortlist.txt -l

=====================================================
Gobuster v3.0.0              OJ Reeves (@TheColonial)
=====================================================
[+] Mode         : dir
[+] Url/Domain   : https://buffered.io/
[+] Threads      : 10
[+] Wordlist     : /home/oj/wordlists/shortlist.txt
[+] Status codes : 200,204,301,302,307,401,403
[+] User Agent   : gobuster/3.0.1
[+] Show length  : true
[+] Timeout      : 10s
=====================================================
2018/08/27 11:51:16 Starting gobuster
=====================================================
/categories (Status: 301) [Size: 178]
/posts (Status: 301) [Size: 178]
/contact (Status: 301) [Size: 178]
/index (Status: 200) [Size: 51759]
=====================================================
2018/08/27 11:51:17 Finished
=====================================================

Quiet output, with status disabled and expanded mode looks like this ("grep mode"):

gobuster dir -u https://buffered.io -w ~/wordlists/shortlist.txt -q -n -e
https://buffered.io/index
https://buffered.io/contact
https://buffered.io/posts
https://buffered.io/categories

`dns` mode

Command line might look like this:

gobuster dns -d mysite.com -t 50 -w common-names.txt

Normal sample run goes like this:

gobuster dns -d google.com -w ~/wordlists/subdomains.txt

=====================================================
Gobuster v3.0.0              OJ Reeves (@TheColonial)
=====================================================
[+] Mode         : dns
[+] Url/Domain   : google.com
[+] Threads      : 10
[+] Wordlist     : /home/oj/wordlists/subdomains.txt
=====================================================
2018/08/27 11:54:20 Starting gobuster
=====================================================
Found: chrome.google.com
Found: ns1.google.com
Found: admin.google.com
Found: www.google.com
Found: m.google.com
Found: support.google.com
Found: translate.google.com
Found: cse.google.com
Found: news.google.com
Found: music.google.com
Found: mail.google.com
Found: store.google.com
Found: mobile.google.com
Found: search.google.com
Found: wap.google.com
Found: directory.google.com
Found: local.google.com
Found: blog.google.com
=====================================================
2018/08/27 11:54:20 Finished
=====================================================

Show IP sample run goes like this:

gobuster dns -d google.com -w ~/wordlists/subdomains.txt -i

=====================================================
Gobuster v3.0.0              OJ Reeves (@TheColonial)
=====================================================
[+] Mode         : dns
[+] Url/Domain   : google.com
[+] Threads      : 10
[+] Wordlist     : /home/oj/wordlists/subdomains.txt
=====================================================
2018/08/27 11:54:54 Starting gobuster
=====================================================
Found: www.google.com [172.217.25.36, 2404:6800:4006:802::2004]
Found: admin.google.com [172.217.25.46, 2404:6800:4006:806::200e]
Found: store.google.com [172.217.167.78, 2404:6800:4006:802::200e]
Found: mobile.google.com [172.217.25.43, 2404:6800:4006:802::200b]
Found: ns1.google.com [216.239.32.10, 2001:4860:4802:32::a]
Found: m.google.com [172.217.25.43, 2404:6800:4006:802::200b]
Found: cse.google.com [172.217.25.46, 2404:6800:4006:80a::200e]
Found: chrome.google.com [172.217.25.46, 2404:6800:4006:802::200e]
Found: search.google.com [172.217.25.46, 2404:6800:4006:802::200e]
Found: local.google.com [172.217.25.46, 2404:6800:4006:80a::200e]
Found: news.google.com [172.217.25.46, 2404:6800:4006:802::200e]
Found: blog.google.com [216.58.199.73, 2404:6800:4006:806::2009]
Found: support.google.com [172.217.25.46, 2404:6800:4006:802::200e]
Found: wap.google.com [172.217.25.46, 2404:6800:4006:802::200e]
Found: directory.google.com [172.217.25.46, 2404:6800:4006:802::200e]
Found: translate.google.com [172.217.25.46, 2404:6800:4006:802::200e]
Found: music.google.com [172.217.25.46, 2404:6800:4006:802::200e]
Found: mail.google.com [172.217.25.37, 2404:6800:4006:802::2005]
=====================================================
2018/08/27 11:54:55 Finished
=====================================================

Base domain validation warning when the base domain fails to resolve. This is a warning rather than a failure in case the user fat-fingers while typing the domain.

gobuster dns -d yp.to -w ~/wordlists/subdomains.txt -i

=====================================================
Gobuster v3.0.0              OJ Reeves (@TheColonial)
=====================================================
[+] Mode         : dns
[+] Url/Domain   : yp.to
[+] Threads      : 10
[+] Wordlist     : /home/oj/wordlists/subdomains.txt
=====================================================
2018/08/27 11:56:43 Starting gobuster
=====================================================
2018/08/27 11:56:53 [-] Unable to validate base domain: yp.to
Found: cr.yp.to [131.193.32.108, 131.193.32.109]
=====================================================
2018/08/27 11:56:53 Finished
=====================================================

Wildcard DNS is also detected properly:

gobuster dns -d 0.0.1.xip.io -w ~/wordlists/subdomains.txt

=====================================================
Gobuster v3.0.0              OJ Reeves (@TheColonial)
=====================================================
[+] Mode         : dns
[+] Url/Domain   : 0.0.1.xip.io
[+] Threads      : 10
[+] Wordlist     : /home/oj/wordlists/subdomains.txt
=====================================================
2018/08/27 12:13:48 Starting gobuster
=====================================================
2018/08/27 12:13:48 [-] Wildcard DNS found. IP address(es): 1.0.0.0
2018/08/27 12:13:48 [!] To force processing of Wildcard DNS, specify the '--wildcard' switch.
=====================================================
2018/08/27 12:13:48 Finished
=====================================================

If the user wants to force processing of a domain that has wildcard entries, use --wildcard:

gobuster dns -d 0.0.1.xip.io -w ~/wordlists/subdomains.txt --wildcard

=====================================================
Gobuster v3.0.0              OJ Reeves (@TheColonial)
=====================================================
[+] Mode         : dns
[+] Url/Domain   : 0.0.1.xip.io
[+] Threads      : 10
[+] Wordlist     : /home/oj/wordlists/subdomains.txt
=====================================================
2018/08/27 12:13:51 Starting gobuster
=====================================================
2018/08/27 12:13:51 [-] Wildcard DNS found. IP address(es): 1.0.0.0
Found: 127.0.0.1.xip.io
Found: test.127.0.0.1.xip.io
=====================================================
2018/08/27 12:13:53 Finished
=====================================================

License

See the LICENSE file.

Thanks

See the THANKS file for people who helped out.