Meow's Testing Tools - gobuster
[toc]
gobuster
Select list of possible directories and files
- normally located at
/usr/share/dirbuster/wordlists
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
-e is used to print full path of the files.
-u is used to assign target URL, 192.168.1.105 is our target/DVWA.
-w is used to assign wordlist. /usr/share/wordlists/dirb/common.txt is the wordlist location.
-v is used for verbose mode.
-n is used to print with no status codes.
# gobuster
Usage:
gobuster [command]
Available Commands:
dir Uses directory/file brutceforcing mode
dns Uses DNS subdomain bruteforcing mode
help Help about any command
vhost Uses VHOST bruteforcing mode
Flags:
-h, --help help for gobuster
-z, --noprogress Don't display progress
-o, --output string Output file to write results to (defaults to stdout)
-q, --quiet Don't print the banner and other noise
-t, --threads int Number of concurrent threads (default 10)
-v, --verbose Verbose output (errors)
-w, --wordlist string Path to the wordlist
FINDING FILES/ DIRECTORIES
On Target side we will be using DVWA (Dam Vulnerable Web Application)
-u is used to assign target URL, 192.168.1.105 is our target/DVWA.
-w is used to assign wordlist. /usr/share/wordlists/dirb/common.txt is the wordlist location.
# gobuster dir -u https://192.168.1.105/dvwa -w /usr/share/wordlists/dirb/common.txt
Gobuster v3.0.1
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@FireFart)
[+] Url: https://192.168.1.105/dvwa
[+] Threads: 10
[+] Wordlist: /usr/share/wordlists/dirb/common.txt
[+] Status codes: 200,204,301,302,307,401,403
[+] User Agent: gobuster/3.0.1
[+] Timeout: 10s
2019/11/01 01:20:19 Starting gobuster
/.hta (Status: 403)
/.svn (Status: 301)
/.htpasswd (Status: 403)
/.svn/entries (Status: 200)
/.htaccess (Status: 403)
/css (Status: 301)
/images (Status: 301)
/includes (Status: 301)
/js (Status: 301)
2019/11/01 01:20:25 Finished
Above query has scanned all the files & directories on the target URL.
PRINTING FILES WITH FULL PATH
Type gobuster dir -e -u https://192.168.1.105/dvwa -w /usr/share/wordlists/dirb/common.txt
-e is used to print full path of the files.
-u is used to assign target URL 192.168.1.105 is our target.
-w is used to assign wordlist. /usr/share/wordlists/dirb/common.txt is the wordlist location.
# gobuster dir -e -u https://192.168.1.105/dvwa -w /usr/share/wordlists/dirb/common.txt
Gobuster v3.0.1
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@FireFart)
[+] Url: https://192.168.1.105/dvwa
[+] Threads: 10
[+] Wordlist: /usr/share/wordlists/dirb/common.txt
[+] Status codes: 200,204,301,302,307,401,403
[+] User Agent: gobuster/3.0.1
[+] Expanded: true
[+] Timeout: 10s
2019/11/01 01:21:34 Starting gobuster
https://192.168.1.105/dvwa/.hta (Status: 403)
https://192.168.1.105/dvwa/.htpasswd (Status: 403)
https://192.168.1.105/dvwa/.svn (Status: 301)
https://192.168.1.105/dvwa/.htaccess (Status: 403)
https://192.168.1.105/dvwa/.svn/entries (Status: 200)
https://192.168.1.105/dvwa/css (Status: 301)
https://192.168.1.105/dvwa/images (Status: 301)
https://192.168.1.105/dvwa/includes (Status: 301)
https://192.168.1.105/dvwa/js (Status: 301)
2019/11/01 01:21:39 Finished
Above you can find the full path of the target URL. This query can help to prepare for the initial level of information gathering.
PRINTING OUTPUT USING VERBOSE
Type gobuster dir -u https://192.168.1.105/dvwa -w /usr/share/wordlists/dirb/common.txt -v
-u is used to assign target URL. 192.168.1.105 is our target.
-w is used to assign wordlist. /usr/share/wordlists/dirb/common.txt is the wordlist location.
-v is used for verbose mode.
# gobuster dir -u https://192.168.1.105/dvwa -w /usr/share/wordlists/dirb/common.txt -v
Gobuster v3.0.1
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@FireFart)
[+] Url: https://192.168.1.105/dvwa
[+] Threads: 10
[+] Wordlist: /usr/share/wordlists/dirb/common.txt
[+] Status codes: 200,204,301,302,307,401,403
[+] User Agent: gobuster/3.0.1
[+] Verbose: true
[+] Timeout: 10s
2019/11/01 01:33:32 Starting gobuster
Missed: /.bashrc (Status: 404)
Missed: /.cvs (Status: 404)
Missed: /.cvsignore (Status: 404)
...
Missed: /_mm (Status: 404)
Missed: /_mygallery (Status: 404)
Above query has try to find files in verbose mode. Showing HTTP status code on each request.
PRINTING FILES WITH NO STATUS
Type gobuster dir -u https://192.168.1.105/dvwa -w /usr/share/wordlists/dirb/common.txt -n
-u is used to assign target URL. 192.168.1.105 is our target URL.
-w is used to assign wordlist. /usr/share/wordlists/dirb/common.txt is the wordlist location.
-n is used to print with no status codes.
# gobuster dir -u https://192.168.1.105/dvwa -w /usr/share/wordlists/dirb/common.txt -n
Gobuster v3.0.1
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@FireFart)
[+] Url: https://192.168.1.105/dvwa
[+] Threads: 10
[+] Wordlist: /usr/share/wordlists/dirb/common.txt
[+] Status codes: 200,204,301,302,307,401,403
[+] User Agent: gobuster/3.0.1
[+] No status: true
[+] Timeout: 10s
2019/11/01 02:36:35 Starting gobuster
/.hta
/.htpasswd
/.svn
/.svn/entries
/.htaccess
/css
/images
/includes
/js
2019/11/01 02:36:38 Finished
Above query has printed with data without any status codes.
FINDING LENGTH OF THE RESPONSE FILES
Type gobuster dir -u https://192.168.1.105/dvwa -w /usr/share/wordlists/dirb/common.txt -l
-u is used to assign target URL. 192.168.1.105 is our target URL.
-w is used to assign wordlist location. -w /usr/share/wordlists/dirb/common.txt is our wordlist location.
-l is used find length of response files.
# gobuster dir -u https://192.168.1.105/dvwa -w /usr/share/wordlists/dirb/common.txt -l
Gobuster v3.0.1
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@FireFart)
[+] Url: https://192.168.1.105/dvwa
[+] Threads: 10
[+] Wordlist: /usr/share/wordlists/dirb/common.txt
[+] Status codes: 200,204,301,302,307,401,403
[+] User Agent: gobuster/3.0.1
[+] Show length: true
[+] Timeout: 10s
2019/11/01 02:57:45 Starting gobuster
/.hta (Status: 403) [Size: 1108]
/.htpasswd (Status: 403) [Size: 1108]
/.svn/entries (Status: 200) [Size: 256]
/.htaccess (Status: 403) [Size: 1108]
/.svn (Status: 301) [Size: 416]
/css (Status: 301) [Size: 415]
/images (Status: 301) [Size: 418]
/includes (Status: 301) [Size: 420]
/js (Status: 301) [Size: 414]
2019/11/01 02:57:48 Finished
Above shows the files size. By this attacker can obtain type of files target uses to maintain their website and as per digital forensics expert of International Institute of Cyber Security file size is also one of the parameters in analyzing the malware.
FINDING FILES WITH SPECIFIC EXTENSION
Type gobuster dir -u https://192.168.1.105/dvwa -w /usr/share/wordlists/dirb/common.txt -x .php
-u is used to assign URL. 192.168.1.105 is our target URL
-w is used to assign wordlist. -w /usr/share/wordlists/dirb/common.txt is wordlist location.
-x is used to extract specific extension files. .php will be extracted.
# gobuster dir -u https://192.168.1.105/dvwa -w /usr/share/wordlists/dirb/common.txt -x .php
Gobuster v3.0.1
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@FireFart)
[+] Url: https://192.168.1.105/dvwa
[+] Threads: 10
[+] Wordlist: /usr/share/wordlists/dirb/common.txt
[+] Status codes: 200,204,301,302,307,401,403
[+] User Agent: gobuster/3.0.1
[+] Extensions: php
[+] Timeout: 10s
2019/11/01 03:32:20 Starting gobuster
/.hta (Status: 403)
/.hta.php (Status: 403)
/.htpasswd (Status: 403)
/.htpasswd.php (Status: 403)
/.htaccess (Status: 403)
/.htaccess.php (Status: 403)
/.svn/entries (Status: 200)
/.svn (Status: 301)
/css (Status: 301)
/images (Status: 301)
/includes (Status: 301)
/js (Status: 301)
2019/11/01 03:32:25 Finished
Above query has found files with .php extension. This query can help attacker to create malicious files on specific extension.
FINDING USERNAME & PASSWORD
Type gobuster dir -u https://testphp.vulnweb.com/login.php -w /usr/share/wordlists/dirb/common.txt -U test -P test
-u is used to assign URL. 192.168.1.105 is our target URL
-w is used to assign wordlist. -w /usr/share/wordlists/dirb/common.txt is wordlist location.
-U is for username & -P is for password.
# gobuster dir -u https://testphp.vulnweb.com/login.php -w /usr/share/wordlists/dirb/common.txt -U test -P test
Gobuster v3.0.1
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@FireFart)
[+] Url: https://testphp.vulnweb.com/login.php
[+] Threads: 10
[+] Wordlist: /usr/share/wordlists/dirb/common.txt
[+] Status codes: 200,204,301,302,307,401,403
[+] User Agent: gobuster/3.0.1
[+] Auth User: test
[+] Timeout: 10s
2019/11/01 04:31:34 Starting gobuster
/admin.php (Status: 200)
/index.php (Status: 200)
/info.php (Status: 200)
/phpinfo.php (Status: 200)
/xmlrpc.php (Status: 200)
/xmlrpc_server.php (Status: 200)
2019/11/01 04:32:54 Finished
.
This post is licensed under CC BY 4.0 by the author.
Comments powered by Disqus.