Gobuster Tutorial for Ethical Hackers

In this tutorial, we will understand how Gobuster works and use it for Web enumeration.

How to Install Gobuster

go install github.com/OJ/gobuster/[email protected]

Gobuster Parameters

Gobuster can use different attack modes against a webserver a DNS server and S3 buckets from Amazon AWS.

Attack Modes

/usr/bin/gobuster                    
Usage:
  gobuster [command]

Available Commands:
  dir         Uses directory/file enumeration mode
  dns         Uses DNS subdomain enumeration mode
  fuzz        Uses fuzzing mode
  help        Help about any command
  s3          Uses aws bucket enumeration mode
  version     shows the current version
  vhost       Uses VHOST enumeration mode

Gobuster Optimization parameters

Flags:
      --delay duration    Time each thread waits between requests (e.g. 1500ms)
  -h, --help              help for gobuster
      --no-error          Don't display errors
  -z, --no-progress       Don't display progress
  -o, --output string     Output file to write results to (defaults to stdout)
  -p, --pattern string    File containing replacement patterns
  -q, --quiet             Don't print the banner and other noise
  -t, --threads int       Number of concurrent threads (default 10)
  -v, --verbose           Verbose output (errors)
  -w, --wordlist string   Path to the wordlist

Gobuster Virtual Hosts enumeration

Usage:
  gobuster vhost [flags]
Flags:
  -c, --cookies string        Cookies to use for the requests
  -r, --follow-redirect       Follow redirects
  -H, --headers stringArray   Specify HTTP headers, -H 'Header1: val1' -H 'Header2: val2'
  -h, --help                  help for vhost
  -k, --no-tls-validation     Skip TLS certificate verification
  -P, --password string       Password for Basic Auth
  -p, --proxy string          Proxy to use for requests [http(s)://host:port]
      --timeout duration      HTTP Timeout (default 10s)
  -u, --url string            The target URL
  -a, --useragent string      Set the User-Agent string (default "gobuster/3.1.0")
  -U, --username string       Username for Basic Auth
gobuster vhost -u http://10.10.90.255 -w /home/kali/Desktop/Utilities/2m-subdomains.txt -o output.txt

Gobuster directory enumeration

Gobuster can be used to brute force a directory in a web server it has many arguments to control and filter the execution.

To verify the options on directory enumeration execute:

Usage:
  gobuster dir [flags]
Flags:
  -f, --add-slash                       Append / to each request
  -c, --cookies string                  Cookies to use for the requests
  -d, --discover-backup                 Upon finding a file search for backup files
      --exclude-length ints             exclude the following content length (completely ignores the status). Supply multiple times to exclude multiple sizes.
  -e, --expanded                        Expanded mode, print full URLs
  -x, --extensions string               File extension(s) to search for
  -r, --follow-redirect                 Follow redirects
  -H, --headers stringArray             Specify HTTP headers, -H 'Header1: val1' -H 'Header2: val2'
  -h, --help                            help for dir
      --hide-length                     Hide the length of the body in the output
  -m, --method string                   Use the following HTTP method (default "GET")
  -n, --no-status                       Don't print status codes
  -k, --no-tls-validation               Skip TLS certificate verification
  -P, --password string                 Password for Basic Auth
      --proxy string                    Proxy to use for requests [http(s)://host:port]
      --random-agent                    Use a random User-Agent string
  -s, --status-codes string             Positive status codes (will be overwritten with status-codes-blacklist if set)
  -b, --status-codes-blacklist string   Negative status codes (will override status-codes if set) (default "404")
      --timeout duration                HTTP Timeout (default 10s)
  -u, --url string                      The target URL
  -a, --useragent string                Set the User-Agent string (default "gobuster/3.1.0")
  -U, --username string                 Username for Basic Auth
      --wildcard                        Force continued operation when wildcard found
/usr/bin/gobuster dir -u http://10.10.90.255 -w /usr/share/wordlists/dirbuster/directory-list-2.3-small.txt -t 50 -o output.txt

Gobuster Files enumeration

gobuster dir -u http://10.10.90.255 -x zip,bak,old,php -w /usr/share/wordlists/dirb/common.txt -o output.txt

Gobuster DNS enumeration

Usage:
  gobuster dns [flags]
Flags:
  -d, --domain string      The target domain
  -h, --help               help for dns
  -r, --resolver string    Use custom DNS server (format server.com or server.com:port)
  -c, --show-cname         Show CNAME records (cannot be used with '-i' option)
  -i, --show-ips           Show IP addresses
      --timeout duration   DNS resolver timeout (default 1s)
      --wildcard           Force continued operation when wildcard found

Gobuster Recursive

Gobuster S3 Enumeration

Uses aws bucket enumeration mode

/usr/bin/gobuster s3 --help 
Uses aws bucket enumeration mode

Usage:
  gobuster s3 [flags]

Flags:
  -h, --help               help for s3
  -m, --maxfiles int       max files to list when listing buckets (only shown in verbose mode) (default 5)
      --proxy string       Proxy to use for requests [http(s)://host:port]
      --random-agent       Use a random User-Agent string
      --timeout duration   HTTP Timeout (default 10s)
  -a, --useragent string   Set the User-Agent string (default "gobuster/3.1.0")

Gobuster Fuzzing Mode

Uses fuzzing mode

sage:
  gobuster fuzz [flags]

Flags:
  -c, --cookies string              Cookies to use for the requests
      --exclude-length ints         exclude the following content length (completely ignores the status). Supply multiple times to exclude multiple sizes.
  -b, --excludestatuscodes string   Negative status codes (will override statuscodes if set)
  -r, --follow-redirect             Follow redirects
  -H, --headers stringArray         Specify HTTP headers, -H 'Header1: val1' -H 'Header2: val2'
  -h, --help                        help for fuzz
  -m, --method string               Use the following HTTP method (default "GET")
  -k, --no-tls-validation           Skip TLS certificate verification
  -P, --password string             Password for Basic Auth
      --proxy string                Proxy to use for requests [http(s)://host:port]
      --random-agent                Use a random User-Agent string
      --timeout duration            HTTP Timeout (default 10s)
  -u, --url string                  The target URL
  -a, --useragent string            Set the User-Agent string (default "gobuster/3.1.0")
  -U, --username string             Username for Basic Auth
      --wildcard                    Force continued operation when wildcard found

https://github.com/OJ/gobuster

Related Posts

Index