Gobuster这款工具基于Go编程语言开发,广大研究人员可使用该工具来对目录、文件、DNS和VHost等对象进行暴力破解攻击。目前,该工具刚刚发布了最新的Gobuster v3.0.1版本。
Gobuster可爆破的对象包括:
1、目标站点中的URI(目录或文件);
2、DNS子域名(支持通配符);
3、目标Web服务器的虚拟主机名(VHost);
1、没有使用臃肿的Java GUI,工具基于FTW控制台实现;
2、可直接在命令行工具中执行;
3、不会执行递归爆破;
4、允许测试人员同时对目标文件夹以及多种扩展进行爆破;
5、跨平台支持;
6、运行速度比解释型脚本的运行速度快;
7、不需要运行时环境;
8、并发性支持;
1、引入了新的命令行选项;
2、性能优化,网络连接更稳定;
3、新增VHost名爆破支持;
4、可提供自定义的HTTP头;
dir:传统的目录爆破模式;
dns:DNS子域名爆破模式;
vhost:虚拟主机爆破模式;
gobuster help:输出完整的帮助信息
gobuster help <mode>:输出指定模块的帮助信息
Usage:
gobuster dns [flags]
Flags:
d, –domain string The target domain
h, –help help for dns
r, –resolver string Use custom DNS server (format server.com or server.com:port)
c, –showcname Show CNAME records (cannot be used with ‘-i’ option)
i, –showips Show IP addresses
–timeout duration DNS resolver timeout (default 1s)
–wildcard Force continued operation when wildcard found
Global Flags:
z, –noprogress Don’t display progress
o, –output string Output file to write results to (defaults to stdout)
q, –quiet Don’t print the banner and other noise
t, –threads int Number of concurrent threads (default 10)
–delay duration Time each thread waits between requests (e.g. 1500ms)
v, –verbose Verbose output (errors)
w, –wordlist string Path to the wordlist
Usage:
gobuster dir [flags]
Flags:
f, –addslash Append / to each request
c, –cookies string Cookies to use for the requests
e, –expanded Expanded mode, print full URLs
x, –extensions string File extension(s) to search for
r, –followredirect Follow redirects
H, –headers stringArray Specify HTTP headers, -H ‘Header1: val1′ -H ‘Header2: val2′
h, –help help for dir
l, –includelength Include the length of the body in the output
k, –insecuressl Skip SSL certificate verification
n, –nostatus Don’t print status codes
P, –password string Password for Basic Auth
p, –proxy string Proxy to use for requests [http(s)://host:port]
s, –statuscodes string Positive status codes (will be overwritten with statuscodesblacklist if set) (default “200,204,301,302,307,401,403″)
b, –statuscodesblacklist string Negative status codes (will override statuscodes if set)
–timeout duration HTTP Timeout (default 10s)
u, –url string The target URL
a, –useragent string Set the User-Agent string (default “gobuster/3.0.1″)
U, –username string Username for Basic Auth
–wildcard Force continued operation when wildcard found
Global Flags:
z, –noprogress Don’t display progress
o, –output string Output file to write results to (defaults to stdout)
q, –quiet Don’t print the banner and other noise
t, –threads int Number of concurrent threads (default 10)
–delay duration Time each thread waits between requests (e.g. 1500ms)
v, –verbose Verbose output (errors)
w, –wordlist string Path to the wordlist
Usage:
gobuster vhost [flags]
Flags:
c, –cookies string Cookies to use for the requests
r, –followredirect Follow redirects
H, –headers stringArray Specify HTTP headers, -H ‘Header1: val1′ -H ‘Header2: val2′
h, –help help for vhost
k, –insecuressl Skip SSL certificate verification
P, –password string Password for Basic Auth
p, –proxy string Proxy to use for requests [http(s)://host:port]
–timeout duration HTTP Timeout (default 10s)
u, –url string The target URL
a, –useragent string Set the User-Agent string (default “gobuster/3.0.1″)
U, –username string Username for Basic Auth
Global Flags:
z, –noprogress Don’t display progress
o, –output string Output file to write results to (defaults to stdout)
q, –quiet Don’t print the banner and other noise
t, –threads int Number of concurrent threads (default 10)
–delay duration Time each thread waits between requests (e.g. 1500ms)
v, –verbose Verbose output (errors)
w, –wordlist string Path to the wordlist
我们已经将项目的源码发布到了Gobuster的GitHub主页,广大用户目前无需自行构建项目代码。
下载地址:【Releases页面传送门】
如果你已经搭建好了Go环境,你就可以直接使用下列命令来下载和安装Gobuster:
go get github.com/OJ/gobuster
由于该工具采用Go语言开发,那么用户首先就需要安装Go语言环境和编译器等等。关于Go环境的具体配置信息,可以参考Go语言的【官方网站】。
编译
gobuster现在引入了外部依赖组件,所以我们需要先配置依赖组件:
go get && go build
该命令将会创建一份gobuster代码,运行下列命令即可在$GOPATH/bin目录中安装:
go install
配置好所有的依赖组件之后,我们就可以使用代码构建脚本了:
make – 使用当前Go配置来构建工具,例如“go build”;
make windows – 构建32位或64位Windows程序,并将其写入build子目录;
make linux – 构建32位或64位Linux程序,并将其写入build子目录;
make darwin – 构建32位或64位Darwin程序,并将其写入build子目录;
make all – 构建跨平台程序,并将其写入build子目录;
make clean – 清理build子目录;
make test – 运行测试;
字典文件可以直接通过stdin嵌入到gobuster:
hashcat -a 3 --stdout ?l | gobuster dir -u https://mysite.com -w -
命令行运行:
gobuster dir -u https://mysite.com/path/to/folder -c 'session=123456' -t 50 -w common-files.txt -x .php,.html
默认选项如下:
gobuster dir -u https://buffered.io -w ~/wordlists/shortlist.txt
===============================================================
Gobuster v3.0.1
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@_FireFart_)
===============================================================
[+] Mode : dir
[+] Url/Domain : https://buffered.io/
[+] Threads : 10
[+] Wordlist : /home/oj/wordlists/shortlist.txt
[+] Status codes : 200,204,301,302,307,401,403
[+] User Agent : gobuster/3.0.1
[+] Timeout : 10s
===============================================================
2019/06/21 11:49:43 Starting gobuster
===============================================================
/categories (Status: 301)
/contact (Status: 301)
/posts (Status: 301)
/index (Status: 200)
===============================================================
2019/06/21 11:49:44 Finished
===============================================================
禁用状态码的默认选项:
gobuster dir -u https://buffered.io -w ~/wordlists/shortlist.txt -n
===============================================================
Gobuster v3.0.1
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@_FireFart_)
===============================================================
[+] Mode : dir
[+] Url/Domain : https://buffered.io/
[+] Threads : 10
[+] Wordlist : /home/oj/wordlists/shortlist.txt
[+] Status codes : 200,204,301,302,307,401,403
[+] User Agent : gobuster/3.0.1
[+] No status : true
[+] Timeout : 10s
===============================================================
2019/06/21 11:50:18 Starting gobuster
===============================================================
/categories
/contact
/index
/posts
===============================================================
2019/06/21 11:50:18 Finished
===============================================================
Verbose输出:
gobuster dir -u https://buffered.io -w ~/wordlists/shortlist.txt -v
===============================================================
Gobuster v3.0.1
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@_FireFart_)
===============================================================
[+] Mode : dir
[+] Url/Domain : https://buffered.io/
[+] Threads : 10
[+] Wordlist : /home/oj/wordlists/shortlist.txt
[+] Status codes : 200,204,301,302,307,401,403
[+] User Agent : gobuster/3.0.1
[+] Verbose : true
[+] Timeout : 10s
===============================================================
2019/06/21 11:50:51 Starting gobuster
===============================================================
Missed: /alsodoesnotexist (Status: 404)
Found: /index (Status: 200)
Missed: /doesnotexist (Status: 404)
Found: /categories (Status: 301)
Found: /posts (Status: 301)
Found: /contact (Status: 301)
===============================================================
2019/06/21 11:50:51 Finished
===============================================================
显示内容长度:
gobuster dir -u https://buffered.io -w ~/wordlists/shortlist.txt -l
===============================================================
Gobuster v3.0.1
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@_FireFart_)
===============================================================
[+] Mode : dir
[+] Url/Domain : https://buffered.io/
[+] Threads : 10
[+] Wordlist : /home/oj/wordlists/shortlist.txt
[+] Status codes : 200,204,301,302,307,401,403
[+] User Agent : gobuster/3.0.1
[+] Show length : true
[+] Timeout : 10s
===============================================================
2019/06/21 11:51:16 Starting gobuster
===============================================================
/categories (Status: 301) [Size: 178]
/posts (Status: 301) [Size: 178]
/contact (Status: 301) [Size: 178]
/index (Status: 200) [Size: 51759]
===============================================================
2019/06/21 11:51:17 Finished
===============================================================
命令行运行:
gobuster dns -d mysite.com -t 50 -w common-names.txt
运行样例:
gobuster dns -d google.com -w ~/wordlists/subdomains.txt
===============================================================
Gobuster v3.0.1
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@_FireFart_)
===============================================================
[+] Mode : dns
[+] Url/Domain : google.com
[+] Threads : 10
[+] Wordlist : /home/oj/wordlists/subdomains.txt
===============================================================
2019/06/21 11:54:20 Starting gobuster
===============================================================
Found: chrome.google.com
Found: ns1.google.com
Found: admin.google.com
Found: www.google.com
Found: m.google.com
Found: support.google.com
Found: translate.google.com
Found: cse.google.com
Found: news.google.com
Found: music.google.com
Found: mail.google.com
Found: store.google.com
Found: mobile.google.com
Found: search.google.com
Found: wap.google.com
Found: directory.google.com
Found: local.google.com
Found: blog.google.com
===============================================================
2019/06/21 11:54:20 Finished
===============================================================
IP样本运行:
gobuster dns -d google.com -w ~/wordlists/subdomains.txt -i
===============================================================
Gobuster v3.0.1
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@_FireFart_)
===============================================================
[+] Mode : dns
[+] Url/Domain : google.com
[+] Threads : 10
[+] Wordlist : /home/oj/wordlists/subdomains.txt
===============================================================
2019/06/21 11:54:54 Starting gobuster
===============================================================
Found: www.google.com [172.217.25.36, 2404:6800:4006:802::2004]
Found: admin.google.com [172.217.25.46, 2404:6800:4006:806::200e]
Found: store.google.com [172.217.167.78, 2404:6800:4006:802::200e]
Found: mobile.google.com [172.217.25.43, 2404:6800:4006:802::200b]
Found: ns1.google.com [216.239.32.10, 2001:4860:4802:32::a]
Found: m.google.com [172.217.25.43, 2404:6800:4006:802::200b]
Found: cse.google.com [172.217.25.46, 2404:6800:4006:80a::200e]
Found: chrome.google.com [172.217.25.46, 2404:6800:4006:802::200e]
Found: search.google.com [172.217.25.46, 2404:6800:4006:802::200e]
Found: local.google.com [172.217.25.46, 2404:6800:4006:80a::200e]
Found: news.google.com [172.217.25.46, 2404:6800:4006:802::200e]
Found: blog.google.com [216.58.199.73, 2404:6800:4006:806::2009]
Found: support.google.com [172.217.25.46, 2404:6800:4006:802::200e]
Found: wap.google.com [172.217.25.46, 2404:6800:4006:802::200e]
Found: directory.google.com [172.217.25.46, 2404:6800:4006:802::200e]
Found: translate.google.com [172.217.25.46, 2404:6800:4006:802::200e]
Found: music.google.com [172.217.25.46, 2404:6800:4006:802::200e]
Found: mail.google.com [172.217.25.37, 2404:6800:4006:802::2005]
===============================================================
2019/06/21 11:54:55 Finished
===============================================================
DNS通配符检测:
gobuster dns -d 0.0.1.xip.io -w ~/wordlists/subdomains.txt
===============================================================
Gobuster v3.0.1
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@_FireFart_)
===============================================================
[+] Mode : dns
[+] Url/Domain : 0.0.1.xip.io
[+] Threads : 10
[+] Wordlist : /home/oj/wordlists/subdomains.txt
===============================================================
2019/06/21 12:13:48 Starting gobuster
===============================================================
2019/06/21 12:13:48 [-] Wildcard DNS found. IP address(es): 1.0.0.0
2019/06/21 12:13:48 [!] To force processing of Wildcard DNS, specify the '--wildcard' switch.
===============================================================
2019/06/21 12:13:48 Finished
===============================================================
命令行运行:
gobuster vhost -u https://mysite.com -w common-vhosts.txt
常规样本运行结果:
gobuster vhost -u https://mysite.com -w common-vhosts.txt
===============================================================
Gobuster v3.0.1
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@_FireFart_)
===============================================================
[+] Url: https://mysite.com
[+] Threads: 10
[+] Wordlist: common-vhosts.txt
[+] User Agent: gobuster/3.0.1
[+] Timeout: 10s
===============================================================
2019/06/21 08:36:00 Starting gobuster
===============================================================
Found: www.mysite.com
Found: piwik.mysite.com
Found: mail.mysite.com
===============================================================
2019/06/21 08:36:05 Finished
===============================================================
Gobuster:【GitHub传送门】
*参考来源:gobuster,FB小编Alpha_h4ck编译,转载请注明来自FreeBuf.COM