... something that didn't have a fat Java GUI (console FTW).
... to build something that just worked on the command line.
... something that did not do recursive brute force.
... something that allowed me to brute force folders and multiple extensions at once.
... something that compiled to native on multiple platforms.
... something that was faster than an interpreted script (such as Python).
... something that didn't require a runtime.
... use something that was good with concurrency (hence Go).
... to build something in Go that wasn't totally useless.
But it's shit! And your implementation sucks!
Yes, you're probably correct. Feel free to:
Not use it.
Show me how to do it better.
Love this tool? Back it!
If you're backing us already, you rock. If you're not, that's cool too! Want to back us? Become a backer!
All funds that are donated to this project will be donated to charity. A full log of charity donations will be available in this repository as they are processed.
Changes in 3.1-dev
Use go 1.16
use contexts in the correct way
get rid of the wildcard flag (except in DNS mode)
Changes in 3.1
enumerate public AWS S3 buckets
fuzzing mode
specify HTTP method
added support for patterns. You can now specify a file containing patterns that are applied to every word, one by line. Every occurrence of the term {GOBUSTER} in it will be replaced with the current wordlist item. Please use with caution as this can cause increase the number of requests issued a lot.
The shorthand p flag which was assigned to proxy is now used by the pattern flag
Changes in 3.0
New CLI options so modes are strictly separated (-m is now gone!)
Performance Optimizations and better connection handling
Ability to enumerate vhost names
Option to supply custom HTTP headers
Available Modes
dir - the classic directory brute-forcing mode
dns - DNS subdomain brute-forcing mode
s3 - Enumerate open S3 buckets and look for existence and bucket listings
vhost - virtual host brute-forcing mode (not the same as DNS!)
Built-in Help
Help is built-in!
gobuster help - outputs the top-level help.
gobuster help <mode> - outputs the help specific to that mode.
dns Mode Help
Usage:
gobuster dns [flags]
Flags:
-d, --domain string The target domain
-h, --help help for dns
-r, --resolver string Use custom DNS server (format server.com or server.com:port)
-c, --show-cname Show CNAME records (cannot be used with '-i' option)
-i, --show-ips Show IP addresses
--timeout duration DNS resolver timeout (default 1s)
--wildcard Force continued operation when wildcard found
Global Flags:
-z, --no-progress Don't display progress
-o, --output string Output file to write results to (defaults to stdout)
-q, --quiet Don't print the banner and other noise
-t, --threads int Number of concurrent threads (default 10)
--delay duration Time each thread waits between requests (e.g. 1500ms)
-v, --verbose Verbose output (errors)
-w, --wordlist string Path to the wordlist
dir Mode Options
Usage:
gobuster dir [flags]
Flags:
-f, --add-slash Append / to each request
-c, --cookies string Cookies to use for the requests
-e, --expanded Expanded mode, print full URLs
-x, --extensions string File extension(s) to search for
-r, --follow-redirect Follow redirects
-H, --headers stringArray Specify HTTP headers, -H 'Header1: val1' -H 'Header2: val2'
-h, --help help for dir
-l, --include-length Include the length of the body in the output
-k, --no-tls-validation Skip TLS certificate verification
-n, --no-status Don't print status codes
-P, --password string Password for Basic Auth
-p, --proxy string Proxy to use for requests [http(s)://host:port]
-s, --status-codes string Positive status codes (will be overwritten with status-codes-blacklist if set) (default "200,204,301,302,307,401,403")
-b, --status-codes-blacklist string Negative status codes (will override status-codes if set)
--timeout duration HTTP Timeout (default 10s)
-u, --url string The target URL
-a, --useragent string Set the User-Agent string (default "gobuster/3.1.0")
-U, --username string Username for Basic Auth
-d, --discover-backup Upon finding a file search for backup files
--wildcard Force continued operation when wildcard found
Global Flags:
-z, --no-progress Don't display progress
-o, --output string Output file to write results to (defaults to stdout)
-q, --quiet Don't print the banner and other noise
-t, --threads int Number of concurrent threads (default 10)
--delay duration Time each thread waits between requests (e.g. 1500ms)
-v, --verbose Verbose output (errors)
-w, --wordlist string Path to the wordlist
vhost Mode Options
Usage:
gobuster vhost [flags]
Flags:
-c, --cookies string Cookies to use for the requests
-r, --follow-redirect Follow redirects
-H, --headers stringArray Specify HTTP headers, -H 'Header1: val1' -H 'Header2: val2'
-h, --help help for vhost
-k, --no-tls-validation Skip TLS certificate verification
-P, --password string Password for Basic Auth
-p, --proxy string Proxy to use for requests [http(s)://host:port]
--timeout duration HTTP Timeout (default 10s)
-u, --url string The target URL
-a, --useragent string Set the User-Agent string (default "gobuster/3.1.0")
-U, --username string Username for Basic Auth
Global Flags:
-z, --no-progress Don't display progress
-o, --output string Output file to write results to (defaults to stdout)
-q, --quiet Don't print the banner and other noise
-t, --threads int Number of concurrent threads (default 10)
--delay duration Time each thread waits between requests (e.g. 1500ms)
-v, --verbose Verbose output (errors)
-w, --wordlist string Path to the wordlist
Easy Installation
Binary Releases
We are now shipping binaries for each of the releases so that you don't even have to build them yourself! How wonderful is that!
If you're stupid enough to trust binaries that I've put together, you can download them from the releases page.
Using go install
If you have a Go environment ready to go (at least go 1.16), it's as easy as:
go install github.com/OJ/gobuster/v3@latest
PS: You need at least go 1.16.0 to compile gobuster.
Building From Source
Since this tool is written in Go you need to install the Go language/compiler/etc. Full details of installation and set up can be found on the Go language website. Once installed you have two options. You need at least go 1.16.0 to compile gobuster.
Compiling
gobuster has external dependencies, and so they need to be pulled in first:
go get && go build
This will create a gobuster binary for you. If you want to install it in the $GOPATH/bin folder you can run:
go install
If you have all the dependencies already, you can make use of the build scripts:
make - builds for the current Go configuration (ie. runs go build).
make windows - builds 32 and 64 bit binaries for windows, and writes them to the build folder.
make linux - builds 32 and 64 bit binaries for linux, and writes them to the build folder.
make darwin - builds 32 and 64 bit binaries for darwin, and writes them to the build folder.
make all - builds for all platforms and architectures, and writes the resulting binaries to the build folder.
make clean - clears out the build folder.
make test - runs the tests.
Wordlists via STDIN
Wordlists can be piped into gobuster via stdin by providing a - to the -w option:
hashcat -a 3 --stdout ?l | gobuster dir -u https://mysite.com -w -
Note: If the -w option is specified at the same time as piping from STDIN, an error will be shown and the program will terminate.
Patterns
You can supply pattern files that will be applied to every word from the wordlist.
Just place the string {GOBUSTER} in it and this will be replaced with the word.
This feature is also handy in s3 mode to pre- or postfix certain patterns.
Caution: Using a big pattern file can cause a lot of request as every pattern is applied to every word in the wordlist.
Base domain validation warning when the base domain fails to resolve. This is a warning rather than a failure in case the user fat-fingers while typing the domain.
gobuster dns -d yp.to -w ~/wordlists/subdomains.txt -i
===============================================================
Gobuster v3.1.0
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@firefart)
===============================================================
[+] Mode : dns
[+] Url/Domain : yp.to
[+] Threads : 10
[+] Wordlist : /home/oj/wordlists/subdomains.txt
===============================================================
2019/06/21 11:56:43 Starting gobuster
===============================================================
2019/06/21 11:56:53 [-] Unable to validate base domain: yp.to
Found: cr.yp.to [131.193.32.108, 131.193.32.109]
===============================================================
2019/06/21 11:56:53 Finished
===============================================================
Wildcard DNS is also detected properly:
gobuster dns -d 0.0.1.xip.io -w ~/wordlists/subdomains.txt
===============================================================
Gobuster v3.1.0
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@firefart)
===============================================================
[+] Mode : dns
[+] Url/Domain : 0.0.1.xip.io
[+] Threads : 10
[+] Wordlist : /home/oj/wordlists/subdomains.txt
===============================================================
2019/06/21 12:13:48 Starting gobuster
===============================================================
2019/06/21 12:13:48 [-] Wildcard DNS found. IP address(es): 1.0.0.0
2019/06/21 12:13:48 [!] To force processing of Wildcard DNS, specify the '--wildcard' switch.
===============================================================
2019/06/21 12:13:48 Finished
===============================================================
If the user wants to force processing of a domain that has wildcard entries, use --wildcard:
gobuster dns -d 0.0.1.xip.io -w ~/wordlists/subdomains.txt --wildcard
===============================================================
Gobuster v3.1.0
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@firefart)
===============================================================
[+] Mode : dns
[+] Url/Domain : 0.0.1.xip.io
[+] Threads : 10
[+] Wordlist : /home/oj/wordlists/subdomains.txt
===============================================================
2019/06/21 12:13:51 Starting gobuster
===============================================================
2019/06/21 12:13:51 [-] Wildcard DNS found. IP address(es): 1.0.0.0
Found: 127.0.0.1.xip.io
Found: test.127.0.0.1.xip.io
===============================================================
2019/06/21 12:13:53 Finished
===============================================================
请发表评论