In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-04-10 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >
Share
Shulou(Shulou.com)05/31 Report--
Editor to share with you what kind of tool Gobuster is. I hope you will get something after reading this article. Let's discuss it together.
Tool introduction
Gobuster is a tool developed based on the Go programming language, which can be used by researchers to carry out brute force attacks on directories, files, DNS and VHost objects. The tool has just released the latest version of Gobuster v3.0.1.
Objects that can be blasted by Gobuster include:
1. URI (directory or file) in the destination site
2. DNS subdomain name (wildcards are supported)
3. Virtual hostname (VHost) of the target Web server
Tool advantage
1. Instead of using bloated Java GUI, the tool is implemented on the FTW console.
2. It can be executed directly in the command line tool
3. Recursive blasting will not be performed.
4. Allow testers to blow up target folders and multiple extensions at the same time
5. Cross-platform support
6. The running speed is faster than that of the interpreted script.
7. No runtime environment is required
8. Concurrency support
What's New in Gobuster v3.0.1
1. New command line options have been introduced
2. Performance optimization and more stable network connection
3. Add VHost name blasting support
4. Custom HTTP headers can be provided.
Tool optional mode
Dir: traditional catalogue blasting mode
Dns: burst mode of DNS subdomain
Vhost: virtual host burst mode
Built-in help menu
Gobuster help: output complete help information
Gobuster help: outputs help information for the specified module
Dns mode help
Usage:
Gobuster dns [flags]
Flags:
D,-- domain string The target domain
H,-- help help for dns
R,-resolver string Use custom DNS server (format server.com or server.com:port)
C,-- showcname Show CNAME records (cannot be used with'- i' option)
I,-- showips Show IP addresses
-- timeout duration DNS resolver timeout (default 1s)
-- wildcard Force continued operation when wildcard found
Global Flags:
Z,-- noprogress Don't display progress
O,-- output string Output file to write results to (defaults to stdout)
Q,-- quiet Don't print the banner and other noise
T,-- threads int Number of concurrent threads (default 10)
-- delay duration Time each thread waits between requests (e.g. 1500ms)
V,-verbose Verbose output (errors)
W,-- wordlist string Path to the wordlist
Dir mode option
Usage:
Gobuster dir [flags]
Flags:
F,-- addslash Append / to each request
C,-- cookies string Cookies to use for the requests
E,-- expanded Expanded mode, print full URLs
X,-- extensions string File extension (s) to search for
R,-- followredirect Follow redirects
H,-- headers stringArray Specify HTTP headers,-H 'Header1: val1'-H' Header2: val2'
H,-- help help for dir
L,-- includelength Include the length of the body in the output
K,-- insecuressl Skip SSL certificate verification
N,-- nostatus Don't print status codes
P,-- password string Password for Basic Auth
P,-- proxy string Proxy to use for requests [http (s): / / host:port]
S,-- statuscodes string Positive statuscodes (will be overwritten with statuscodesblacklist if set) (default "200204301302307401403")
B,-- statuscodesblacklist string Negative statuscodes (will override statuscodes if set)
-- timeout duration HTTP Timeout (default 10s)
U,-- url string The target URL
A,-useragent string Set the User-Agent string (default "gobuster/3.0.1")
U,-- username string Username for Basic Auth
-- wildcard Force continued operation when wildcard found
Global Flags:
Z,-- noprogress Don't display progress
O,-- output string Output file to write results to (defaults to stdout)
Q,-- quiet Don't print the banner and other noise
T,-- threads int Number of concurrent threads (default 10)
-- delay duration Time each thread waits between requests (e.g. 1500ms)
V,-verbose Verbose output (errors)
W,-- wordlist string Path to the wordlist
Vhost mode option
Usage:
Gobuster vhost [flags]
Flags:
C,-- cookies string Cookies to use for the requests
R,-- followredirect Follow redirects
H,-- headers stringArray Specify HTTP headers,-H 'Header1: val1'-H' Header2: val2'
H,-- help help for vhost
K,-- insecuressl Skip SSL certificate verification
P,-- password string Password for Basic Auth
P,-- proxy string Proxy to use for requests [http (s): / / host:port]
-- timeout duration HTTP Timeout (default 10s)
U,-- url string The target URL
A,-useragent string Set the User-Agent string (default "gobuster/3.0.1")
U,-- username string Username for Basic Auth
Global Flags:
Z,-- noprogress Don't display progress
O,-- output string Output file to write results to (defaults to stdout)
Q,-- quiet Don't print the banner and other noise
T,-- threads int Number of concurrent threads (default 10)
-- delay duration Time each thread waits between requests (e.g. 1500ms)
V,-verbose Verbose output (errors)
W,-- wordlist string Path to the wordlist
Tool installation code release
We have released the source code of the project to the GitHub home page of Gobuster, and there is no need for users to build the project code on their own.
Use "go get"
If you have set up the Go environment, you can download and install Gobuster directly using the following command:
Go get github.com/OJ/gobuster source code construction
Because the tool is developed in the GE language, users first need to install the GE language environment, compiler and so on. For specific configuration information about the Go environment, please refer to the [official website] of the Go language.
Compile
Gobuster now introduces external dependent components, so we need to configure dependent components first:
Go get & & go build
This command will create a gobuster code that can be installed in the $GOPATH/bin directory by running the following command:
Go install
Once all the dependent components are configured, we can use the code to build the script:
Make-use the current Go configuration to build tools, such as "go build"
Make windows-build a 32-bit or 64-bit Windows program and write it to the build subdirectory
Make linux-build a 32-bit or 64-bit Linux program and write it to the build subdirectory
Make darwin-build a 32-bit or 64-bit Darwin program and write it to the build subdirectory
Make all-build a cross-platform program and write it to the build subdirectory
Make clean-clean up the build subdirectory
Make test-run the test
Dictionary and STDIN
Dictionary files can be embedded directly into gobuster through stdin:
Hashcat-a 3-- stdout? l | gobuster dir-u https://mysite.com-w-use the sample dir mode
Run on the command line:
Gobuster dir-u https://mysite.com/path/to/folder-c 'session=123456'-t 50-w common-files.txt-x.php, .html
The default options are as follows:
Gobuster dir-u https://buffered.io-w / wordlists/shortlist.txt===Gobuster v3.0.1by OJ Reeves (@ TheColonial) & Christian Mehlmauer (@ _ FireFart_) = = [+] Mode: dir [+] Url/Domain: https://buffered.io/[+] Threads: 10 [+] Wordlist: / home/oj/wordlists/shortlist.txt [+] Status codes: 200204301302307401403 [+] User Agent: gobuster/3.0.1 [+] Timeout : 10s===2019/06/21 11:49:43 Starting gobuster===/categories (Status: 301) / contact (Status: 301) / posts (Status: 301) / index (Status: 200) = = 11:49:44 Finished=== on 2019-06-21
Disable the default option for status codes:
Gobuster dir-u https://buffered.io-w / wordlists/shortlist.txt-n===Gobuster v3.0.1by OJ Reeves (@ TheColonial) & Christian Mehlmauer (@ _ FireFart_) = = [+] Mode: dir [+] Url/Domain: https://buffered.io/[+] Threads: 10 [+] Wordlist: / home/oj/wordlists/shortlist.txt [+] Status codes: 200204301302307401403 [+] User Agent: gobuster/3.0.1 [+ ] No status: true [+] Timeout: 10s===2019/06/21 11:50:18 Starting gobuster===/categories/contact/index/posts===2019/06/21 11:50:18 Finished===
Verbose output:
Gobuster dir-u https://buffered.io-w / wordlists/shortlist.txt-v===Gobuster v3.0.1by OJ Reeves (@ TheColonial) & Christian Mehlmauer (@ _ FireFart_) = = [+] Mode: dir [+] Url/Domain: https://buffered.io/[+] Threads: 10 [+] Wordlist: / home/oj/wordlists/shortlist.txt [+] Status codes: 200204301302307401403 [+] User Agent: gobuster/3.0.1 [+ ] Verbose: true [+] Timeout: 10s===2019/06/21 11:50:51 Starting gobuster===Missed: / alsodoesnotexist (Status: 404) Found: / index (Status: 200) Missed: / doesnotexist (Status: 404) Found: / categories (Status: 301) Found: / posts (Status: 301) Found: / contact (Status: 301) = = 2019-06-21 11:50:51 Finished===
Display content length:
Gobuster dir-u https://buffered.io-w / wordlists/shortlist.txt-l===Gobuster v3.0.1by OJ Reeves (@ TheColonial) & Christian Mehlmauer (@ _ FireFart_) = = [+] Mode: dir [+] Url/Domain: https://buffered.io/[+] Threads: 10 [+] Wordlist: / home/oj/wordlists/shortlist.txt [+] Status codes: 200204301302307401403 [+] User Agent: gobuster/3.0.1 [+ ] Show length: true [+] Timeout: 10s===2019/06/21 11:51:16 Starting gobuster===/categories (Status: 301) [Size: 178] / posts (Status: 301) [Size: 178] / contact (Status: 301) [Size: 178] / index (Status: 51759) [Size: 51759] = = 11:51:17 Finished===dns mode on 2019-06-21
Run on the command line:
Gobuster dns-d mysite.com-t 50-w common-names.txt
Run the sample:
Gobuster dns-d google.com-w / wordlists/subdomains.txt===Gobuster v3.0.1by OJ Reeves (@ TheColonial) & Christian Mehlmauer (@ _ FireFart_) = = [+] Mode: dns [+] Url/Domain: google.com [+] Threads: 10 [+] Wordlist: / home/oj/wordlists/subdomains.txt===2019/06/21 11:54:20 Starting gobuster===Found: chrome.google.comFound: ns1.google.comFound: admin.google.comFound: www.google. ComFound: m.google.comFound: support.google.comFound: translate.google.comFound: cse.google.comFound: news.google.comFound: music.google.comFound: mail.google.comFound: store.google.comFound: mobile.google.comFound: search.google.comFound: wap.google.comFound: directory.google.comFound: local.google.comFound: blog.google.com===2019/06/21 11:54:20 Finished===
IP sample run:
Gobuster dns-d google.com-w / wordlists/subdomains.txt-i===Gobuster v3.0.1by OJ Reeves (@ TheColonial) & Christian Mehlmauer (@ _ FireFart_) = = [+] Mode: dns [+] Url/Domain: google.com [+] Threads: 10 [+] Wordlist: / home/oj/wordlists/subdomains.txt===2019/06/21 11:54:54 Starting gobuster===Found: www.google.com [172.217.25.36 2404:6800:4006:802::2004] Found: admin.google.com [172.217.25.46, 2404:6800:4006:806::200e] Found: store.google.com [172.217.167.78, 2404:6800:4006:802::200e] Found: mobile.google.com [172.217.25.43, 2404:6800:4006:802::200b] Found: ns1.google.com [216.239.32.10 2001:4860:4802:32::a] Found: m.google.com [172.217.25.43, 2404:6800:4006:802::200b] Found: cse.google.com [172.217.25.46, 2404:6800:4006:80a::200e] Found: chrome.google.com [172.217.25.46, 2404:6800:4006:802::200e] Found: search.google.com [172.217.25.46 2404:6800:4006:802::200e] Found: local.google.com [172.217.25.46, 2404:6800:4006:80a::200e] Found: news.google.com [172.217.25.46, 2404:6800:4006:802::200e] Found: blog.google.com [216.58.199.73, 2404:6800:4006:806::2009] Found: support.google.com [172.217.25.46 2404:6800:4006:802::200e] Found: wap.google.com [172.217.25.46, 2404:6800:4006:802::200e] Found: directory.google.com [172.217.25.46, 2404:6800:4006:802::200e] Found: translate.google.com [172.217.25.46, 2404:6800:4006:802::200e] Found: music.google.com [172.217.25.46 2404 Found: mail.google.com [172.217.25.37, 2404 Finished=== 18800 4006 Finished===
DNS wildcard detection:
Gobuster dns-d 0.0.1.xip.io-w / wordlists/subdomains.txt===Gobuster v3.0.1by OJ Reeves (@ TheColonial) & Christian Mehlmauer (@ _ FireFart_) = = [+] Mode: dns [+] Url/Domain: 0.0.1.xip.io [+] Threads: 10 [+] Wordlist: / home/oj/wordlists/subdomains.txt===2019/06/21 12:13:48 Starting gobuster===2019/06/21 12:13:48 [-] Wildcard DNS found. IP address (es): 1.0.0.02019 + + 06 + To force processing of Wildcard DNS, specify the'--wildcard' switch.===2019/06/21 12:13:48 Finished===vhost mode
Run on the command line:
Gobuster vhost-u https://mysite.com-w common-vhosts.txt
Results of regular sample operation:
Gobuster vhost-u https://mysite.com-w common-vhosts.txt===Gobuster v3.0.1by OJ Reeves (@ TheColonial) & Christian Mehlmauer (@ _ FireFart_) = = [+] Url: https://mysite.com[+] Threads: 10 [+] Wordlist: common-vhosts.txt [+] User Agent: gobuster/3.0.1 [+] Timeout: 10s===2019/06/21 08:36:00 Starting gobuster===Found: www.mysite.comFound: piwik .mysite.comFound: mail.mysite.com===2019/06/21 08:36:05 Finished=== finished reading this article I believe you have a certain understanding of "what a tool Gobuster is". If you want to know more about it, you are welcome to follow the industry information channel. Thank you for reading!
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.