Gobuster
Jump to navigation
Jump to search
Description
Gobuster is a tool used to brute-force:
- URIs (directories and files) in web sites.
- DNS subdomains (with wildcard support).
- Virtual Host names on target web servers.
Installation
$ sudo apt install gobuster
Usage
Syntax
gobuster [options]
Options
- -P string
- Password for Basic Auth (dir mode only)
- -U string
- Username for Basic Auth (dir mode only)
- -a string
- Set the User-Agent string (dir mode only)
- -c string
- Cookies to use for the requests (dir mode only)
- -cn
- Show CNAME records (dns mode only, cannot be used with '-i' option)
- -e
- Expanded mode, print full URLs
- -f
- Append a forward-slash to each directory request (dir mode only)
- -fw
- Force continued operation when wildcard found
- -i
- Show IP addresses (dns mode only)
- -k
- Skip SSL certificate verification
- -l
- Include the length of the body in the output (dir mode only)
- -m string
- Directory/File mode (dir) or DNS mode (dns) (default "dir")
- -n
- Don't print status codes
- -np
- Don't display progress
- -o string
- Output file to write results to (defaults to stdout)
- -p string
- Proxy to use for requests [http(s)://host:port] (dir mode only)
- -q
- Don't print the banner and other noise
- -r
- Follow redirects
- -s string
- Positive status codes (dir mode only) (default "200,204,301,302,307,403")
- -t int
- Number of concurrent threads (default 10)
- -to duration
- HTTP Timeout in seconds (dir mode only) (default 10s)
- -u string
- The target URL or Domain
- -v
- Verbose output (errors)
- -w string
- Path to the wordlist
- -x string
- File extension(s) to search for (dir mode only)
Example
$ gobuster -w /data/src/wordlists/apache.txt -u http://10.10.124.19/ ===================================================== Gobuster v2.0.1 OJ Reeves (@TheColonial) ===================================================== [+] Mode : dir [+] Url/Domain : http://10.10.124.19/ [+] Threads : 10 [+] Wordlist : /data/src/wordlists/apache.txt [+] Status codes : 200,204,301,302,307,403 [+] Timeout : 10s ===================================================== 2020/04/29 07:45:07 Starting gobuster ===================================================== /.htpasswd (Status: 403) /.htaccess (Status: 403) /index.html (Status: 200) /server-status (Status: 403) ===================================================== 2020/04/29 07:45:07 Finished =====================================================
Comments
Keywords: gobuster directory reconnaissance bruteforce