Usage of Gobuster Tool with an Example
1. Obtaining Full Path for a directory or file
Option “-e” is used for completing printing URL when extracting any hidden file or hidden directories.
gobuster dir -e -u w3wiki.org -w /usr/share/wordlists/dirb/common.txt –wildcard
2. Hide Status Code
Using -n Option “no status” mode prints the results’ output without presenting the status code.
gobuster dir -u w3wiki.org -w /usr/share/wordlists/dirb/common.txt -n –wildcard
3. Disable Banner
Gobuster tool constantly adds the banner to define the brief introduction of applied options while launching a brute force attack. By using the -q option, we can disable the flag to hide extra data.
gobuster dir -u w3wiki.org -w /usr/share/wordlists/dirb/common.txt -q –wildcard
4. Set Threads Number
Using the -t option enables the number of thread parameters to be implemented while brute-forcing sub-domain names or directories.
gobuster dns -d w3wiki.org -t 100 -w /usr/share/wordlists/dirb/common.txt –wildcard
5. Obtain Sub Domain IPs
Using the -i option allows the IP parameter, which should show the IPs of selected sub-domains.
gobuster dns -d w3wiki.org -t 100 -w /usr/share/wordlists/dirb/common.txt -i –wildcard
DNS mode is covered in this command
6. Timeout
Using the –timeout option allows the timeout parameter for HTTP requests, and 5 seconds is the default time limit for the HTTP request.
gobuster dir –timeout 5s -u w3wiki.org -t 100 -w /usr/share/wordlists/dirb/common.txt –wildcard
7. Appending Forward Slash
I am using the -f option here for appending the forward-slash while making a brute-force attack on the target URL.
gobuster dir -u w3wiki.org -w /usr/share/wordlists/dirb/common.txt -f –wildcard
8. Enumerating Directory with Specific Extension List
There are many scenarios where we need to extract the directories of a specific extension over the victim server, and then we can use the -X parameter of this scan. This parameter allows the file extension name and then explores the given extension files over the victim server or computer.
gobuster dir -u w3wiki.org -w /usr/share/wordlists/dirb/common.txt -x .php –wildcard
9. Follow Redirect
Using -r options allows redirecting the parameters, redirecting HTTP requests to another, and changing the Status code for a directory or file.
gobuster dir -u w3wiki.org -w /usr/share/wordlists/dirb/common.txt -q –wildcard
gobuster dir -u w3wiki.org -r -w /usr/share/wordlists/dirb/common.txt -q –wildcard
10. HTTP AUTHORIZATION (-u username: password)
HTTP Authentication/Authentication mechanisms are all based on the use of 401-status code and WWW-Authenticate response header. The most generally used HTTP authentication mechanisms are Primary. The client sends the user name and password un-encrypted base64 encoded data.
So, to avoid this kind of authentication with the help of Gobuster, we have used the command below:
gobuster dir -u http://testphp.vulnweb.com/login.php -w /usr/share/wordlists/dirb/common.txt -U test -P test –wildcard
11. Force Processing Brute Force
It ends by obtaining the sub-domain name if it meets any Wildcard DNS, which is a non-existing domain. Therefore, it uses the –wildcard option to allow parameters to continue the attack even if there is any Wildcard Domain.
gobuster dir -u w3wiki.org -w /usr/share/wordlists/dirb/common.txt –wildcard
12. Hide Process of Extracting
Using the -z option covers the process of obtaining sub-domains names while making brute force attacks.
gobuster dns -d w3wiki.org -t 100 -w /usr/share/wordlists/dirb/common.txt -z –wildcard
13. Extracting CNAME Records
Using the –cn option enables the CNAME Records parameter of the obtained sub-domains and their CNAME records.
gobuster dns -d w3wiki.org -t 100 -w /usr/share/wordlists/dirb/common.txt -c –wildcard
14. Proxy URL
Using the –p option allows proxy URL to be used for all requests; by default, it works on port 1080. As you can see, on examining the victim’s network IP in the web browser, it put up an “Access forbidden error”, which means this web page is operating backwards by some proxy.
gobuster dir -p ‘https://18.172.30:3128’ -u ‘http://18.192.172.30/’ -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt –wildcard
Example :
Now that everything is set up and installed, we’re ready to go and use Gobuster. Let’s run it against our victim with the default parameters.
Target for Scanning : https://testphp.vulnweb.com
kali@kali:~$ gobuster dir -u testphp.vulnweb.com -w /usr/share/wordlists/dirb/common.txt
From the above screenshot, we are enumerating for directories on https://testphp.vulnweb.com.
The wordlist used for the scanning is located at /usr/share/wordlists/dirb/common.txt
From the above screenshot, we have identified the admin panel while brute-forcing directories. After opening the web browser and typing the URL of our target, https://testphp.vulnweb.com/ and giving the identified directory /admin/, we will provide the contents available in that directory. Being a Security Researcher, you can test the functionality of that web page.
Gobuster – Penetration Testing Tools in Kali Tools
One of the primary steps in attacking an internet application is enumerating hidden directories and files. Doing so can often yield valuable information that makes it easier to execute a particular attack, leaving less room for errors and wasted time. There are many tools available to try to do this, but not all of them are created equally. Gobuster, a record scanner written in Go Language, is worth searching for. In popular directories, brute-force scanners like DirBuster and DIRB work just elegantly but can often be slow and responsive to errors. Gobuster may be a Go implementation of those tools and is obtainable in a convenient command-line format. The primary benefit Gobuster has over other directory scanners is speed. As a programming language, Go is understood to be fast. It also has excellent help for concurrency, so that Gobuster can benefit from multiple threads for quicker processing. The one defeat of Gobuster, though, is the lack of recursive directory exploration. For directories, quite one level deep, another scan is going to be needed, unfortunately. Often, this is not that big of a deal, and other scanners can intensify and fill in the gaps for Gobuster in this area.