[Web] gobuster
https://cybersecbits.com/gobuster-finding-web-files-and-directories
https://github.com/OJ/gobuster
For finding:
- Files
- Directories
- Subdomains
Mode options
- dir: Directory / File enumeration mode (For finding
html/php/static contentโฆ) - dns: DNS subdomain enumeration mode (For subdomain e.g.
www.example.com,mail.example.com) - vhost: VHOST enumeration mode (For vhost e.g.
www.example.com,mail.example.com) - fuzz: fuzzing mode for parameter (For test parameter e.g.
https://example.com?FUZZ=test) - s3: fuzzing aws bucket enumeration mode (For destination)
Dir mode
Basic usage
gobuster dir -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -u 10.10.103.116
gobuster dir -w ~/wordlists/shortlist.txt -u https://buffered.ioWith Cookies
gobuster dir -w ~/wordlists/shortlist.txt -u https://buffered.io -c 'session=123456'Specific .html and .php
gobuster dir -w ~/wordlists/shortlist.txt -u https://buffered.io -x .php,.htmlDNS mode
You may set up the /etc/hosts with e.g. 103.43.132.43 hello.io before buste the DNS
Basic usage
gobuster dns -d thetoppers.htb -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt
gobuster dns -d google.com -w /usr/share/wordlists/dirbuster/subdomains.txtShows ip
gobuster dns -d google.com -w ~/wordlists/subdomains.txt -iVhost mode
Basic usage
gobuster vhost -u https://mysite.com -w common-vhosts.txtFuzz Mode
Basic usage
gobuster fuzz -u https://example.com?FUZZ=test -w parameter-names.txt