Gobuster

web_information_gathering adventofcyber2 webenumerationv2 ccpentesting

Gobuster (9.0k ⭐) is a popular web scanner mainly used for forced browsing with these wordlists.

$ gobuster dir -u URL -w wordlist

Add -k to scan a target with an expired HTTPS certificate.

$ gobuster [...] -k

You can append extensions to wordlist words

$ gobuster [...] -w php
$ gobuster [...] -w php,html

Gobuster is slow by default. Increase the number of threads to make it work faster using -t n, and $n$ the number of threads.

$ gobuster [...] -t 50 # usual
$ gobuster [...] -t 64 # common
$ gobuster [...] -t 100 # may be too much

Other options

  • -U: username
  • -P: password
  • -p: proxy
  • -c: a cookie (for instance, to simulated that we are logged)
  • -r NS: use a custom nameserver
  • -H 'Name:value': a header
  • --exclude-length x: exclude responses with this length

Special uses

Fuzzing

Refer to gobuster fuzz πŸ‘».


subdomains brute force

For subdomains brute force, you can use:

$ gobuster dns -d URL -w wordlist
$ gobuster dns -q -r NS -d URL -w wordlist
$ gobuster dns -d example.com -w wordlist # example

vhost brute force

For vhosts brute force, you can use:

$ gobuster vhost -u URL -w wordlist --append-domain

In newer versions, you need to add --append-domain to check xxx.example.com, and not just xxx.


πŸ‘» To-do πŸ‘»

Stuff that I found, but never read/used yet.

  • -p pattern_file (with {GOBUSTER} inside)
  • -s status_codes