工具介绍

Gobuster这款工具基于Go编程语言开发,广大研究人员可使用该工具来对目录、文件、DNS和VHost等对象进行暴力破解攻击。目前,该工具刚刚发布了最新的Gobuster v3.0.1版本。

Gobuster可爆破的对象包括:

1、目标站点中的URI(目录或文件);

2、DNS子域名(支持通配符);

3、目标Web服务器的虚拟主机名(VHost);

工具优势

1、没有使用臃肿的Java GUI,工具基于FTW控制台实现;

2、可直接在命令行工具中执行;

3、不会执行递归爆破;

4、允许测试人员同时对目标文件夹以及多种扩展进行爆破;

5、跨平台支持;

6、运行速度比解释型脚本的运行速度快;

7、不需要运行时环境;

8、并发性支持;

Gobuster v3.0.1新特性

1、引入了新的命令行选项;

2、性能优化,网络连接更稳定;

3、新增VHost名爆破支持;

4、可提供自定义的HTTP头;

工具可选模式

dir:传统的目录爆破模式;

dns:DNS子域名爆破模式;

vhost:虚拟主机爆破模式;

内置帮助菜单

gobuster help:输出完整的帮助信息

gobuster help <mode>:输出指定模块的帮助信息

dns模式帮助

Usage:

gobuster dns [flags]

Flags:

d, –domain string      The target domain

h, –help               help for dns

r, –resolver string    Use custom DNS server (format server.com or server.com:port)

c, –showcname          Show CNAME records (cannot be used with ‘-i’ option)

i, –showips            Show IP addresses

   –timeout duration   DNS resolver timeout (default 1s)

   –wildcard           Force continued operation when wildcard found

Global Flags:

z, –noprogress        Don’t display progress

o, –output string     Output file to write results to (defaults to stdout)

q, –quiet             Don’t print the banner and other noise

t, –threads int       Number of concurrent threads (default 10)

      –delay duration    Time each thread waits between requests (e.g. 1500ms)

v, –verbose           Verbose output (errors)

w, –wordlist string   Path to the wordlist

dir模式选项

Usage:

gobuster dir [flags]

Flags:

f, –addslash                      Append / to each request

c, –cookies string                Cookies to use for the requests

e, –expanded                      Expanded mode, print full URLs

x, –extensions string             File extension(s) to search for

r, –followredirect                Follow redirects

H, –headers stringArray           Specify HTTP headers, -H ‘Header1: val1′ -H ‘Header2: val2′

h, –help                          help for dir

l, –includelength                 Include the length of the body in the output

k, –insecuressl                   Skip SSL certificate verification

n, –nostatus                      Don’t print status codes

P, –password string               Password for Basic Auth

p, –proxy string                  Proxy to use for requests [http(s)://host:port]

s, –statuscodes string            Positive status codes (will be overwritten with statuscodesblacklist if set) (default “200,204,301,302,307,401,403″)

b, –statuscodesblacklist string   Negative status codes (will override statuscodes if set)

      –timeout duration              HTTP Timeout (default 10s)

u, –url string                    The target URL

a, –useragent string              Set the User-Agent string (default “gobuster/3.0.1″)

U, –username string               Username for Basic Auth

      –wildcard                      Force continued operation when wildcard found

Global Flags:

z, –noprogress        Don’t display progress

o, –output string     Output file to write results to (defaults to stdout)

q, –quiet             Don’t print the banner and other noise

t, –threads int       Number of concurrent threads (default 10)

      –delay duration    Time each thread waits between requests (e.g. 1500ms)

v, –verbose           Verbose output (errors)

w, –wordlist string   Path to the wordlist

vhost模式选项

Usage:

gobuster vhost [flags]

Flags:

c, –cookies string        Cookies to use for the requests

r, –followredirect        Follow redirects

H, –headers stringArray   Specify HTTP headers, -H ‘Header1: val1′ -H ‘Header2: val2′

h, –help                  help for vhost

k, –insecuressl           Skip SSL certificate verification

P, –password string       Password for Basic Auth

p, –proxy string          Proxy to use for requests [http(s)://host:port]

      –timeout duration      HTTP Timeout (default 10s)

u, –url string            The target URL

a, –useragent string      Set the User-Agent string (default “gobuster/3.0.1″)

U, –username string       Username for Basic Auth

Global Flags:

z, –noprogress        Don’t display progress

o, –output string     Output file to write results to (defaults to stdout)

q, –quiet             Don’t print the banner and other noise

t, –threads int       Number of concurrent threads (default 10)

      –delay duration    Time each thread waits between requests (e.g. 1500ms)

v, –verbose           Verbose output (errors)

w, –wordlist string   Path to the wordlist

工具安装

代码发布

我们已经将项目的源码发布到了Gobuster的GitHub主页,广大用户目前无需自行构建项目代码。

下载地址:【Releases页面传送门

使用“go get”

如果你已经搭建好了Go环境,你就可以直接使用下列命令来下载和安装Gobuster:

go get github.com/OJ/gobuster

源码构建

由于该工具采用Go语言开发,那么用户首先就需要安装Go语言环境和编译器等等。关于Go环境的具体配置信息,可以参考Go语言的【官方网站】。

编译

gobuster现在引入了外部依赖组件,所以我们需要先配置依赖组件:

go get && go build

该命令将会创建一份gobuster代码,运行下列命令即可在$GOPATH/bin目录中安装:

go install

配置好所有的依赖组件之后,我们就可以使用代码构建脚本了:

make – 使用当前Go配置来构建工具,例如“go build”;

make windows – 构建32位或64位Windows程序,并将其写入build子目录;

make linux – 构建32位或64位Linux程序,并将其写入build子目录;

make darwin – 构建32位或64位Darwin程序,并将其写入build子目录;

make all – 构建跨平台程序,并将其写入build子目录;

make clean – 清理build子目录;

make test – 运行测试;

字典与STDIN

字典文件可以直接通过stdin嵌入到gobuster:

hashcat -a 3 --stdout ?l | gobuster dir -u https://mysite.com -w -

使用样例

dir模式

命令行运行:

gobuster dir -u https://mysite.com/path/to/folder -c 'session=123456' -t 50 -w common-files.txt -x .php,.html

默认选项如下:


gobuster dir -u https://buffered.io -w ~/wordlists/shortlist.txt

===============================================================

Gobuster v3.0.1

by OJ Reeves (@TheColonial) & Christian Mehlmauer (@_FireFart_)

===============================================================

[+] Mode         : dir

[+] Url/Domain   : https://buffered.io/

[+] Threads      : 10

[+] Wordlist     : /home/oj/wordlists/shortlist.txt

[+] Status codes : 200,204,301,302,307,401,403

[+] User Agent   : gobuster/3.0.1

[+] Timeout      : 10s

===============================================================

2019/06/21 11:49:43 Starting gobuster

===============================================================

/categories (Status: 301)

/contact (Status: 301)

/posts (Status: 301)

/index (Status: 200)

===============================================================

2019/06/21 11:49:44 Finished

===============================================================

禁用状态码的默认选项:


gobuster dir -u https://buffered.io -w ~/wordlists/shortlist.txt -n

===============================================================

Gobuster v3.0.1

by OJ Reeves (@TheColonial) & Christian Mehlmauer (@_FireFart_)

===============================================================

[+] Mode         : dir

[+] Url/Domain   : https://buffered.io/

[+] Threads      : 10

[+] Wordlist     : /home/oj/wordlists/shortlist.txt

[+] Status codes : 200,204,301,302,307,401,403

[+] User Agent   : gobuster/3.0.1

[+] No status    : true

[+] Timeout      : 10s

===============================================================

2019/06/21 11:50:18 Starting gobuster

===============================================================

/categories

/contact

/index

/posts

===============================================================

2019/06/21 11:50:18 Finished

===============================================================

Verbose输出:


gobuster dir -u https://buffered.io -w ~/wordlists/shortlist.txt -v

===============================================================

Gobuster v3.0.1

by OJ Reeves (@TheColonial) & Christian Mehlmauer (@_FireFart_)

===============================================================

[+] Mode         : dir

[+] Url/Domain   : https://buffered.io/

[+] Threads      : 10

[+] Wordlist     : /home/oj/wordlists/shortlist.txt

[+] Status codes : 200,204,301,302,307,401,403

[+] User Agent   : gobuster/3.0.1

[+] Verbose      : true

[+] Timeout      : 10s

===============================================================

2019/06/21 11:50:51 Starting gobuster

===============================================================

Missed: /alsodoesnotexist (Status: 404)

Found: /index (Status: 200)

Missed: /doesnotexist (Status: 404)

Found: /categories (Status: 301)

Found: /posts (Status: 301)

Found: /contact (Status: 301)

===============================================================

2019/06/21 11:50:51 Finished

===============================================================

显示内容长度:


gobuster dir -u https://buffered.io -w ~/wordlists/shortlist.txt -l

===============================================================

Gobuster v3.0.1

by OJ Reeves (@TheColonial) & Christian Mehlmauer (@_FireFart_)

===============================================================

[+] Mode         : dir

[+] Url/Domain   : https://buffered.io/

[+] Threads      : 10

[+] Wordlist     : /home/oj/wordlists/shortlist.txt

[+] Status codes : 200,204,301,302,307,401,403

[+] User Agent   : gobuster/3.0.1

[+] Show length  : true

[+] Timeout      : 10s

===============================================================

2019/06/21 11:51:16 Starting gobuster

===============================================================

/categories (Status: 301) [Size: 178]

/posts (Status: 301) [Size: 178]

/contact (Status: 301) [Size: 178]

/index (Status: 200) [Size: 51759]

===============================================================

2019/06/21 11:51:17 Finished

===============================================================

dns模式

命令行运行:

gobuster dns -d mysite.com -t 50 -w common-names.txt

运行样例:


gobuster dns -d google.com -w ~/wordlists/subdomains.txt

===============================================================

Gobuster v3.0.1

by OJ Reeves (@TheColonial) & Christian Mehlmauer (@_FireFart_)

===============================================================

[+] Mode         : dns

[+] Url/Domain   : google.com

[+] Threads      : 10

[+] Wordlist     : /home/oj/wordlists/subdomains.txt

===============================================================

2019/06/21 11:54:20 Starting gobuster

===============================================================

Found: chrome.google.com

Found: ns1.google.com

Found: admin.google.com

Found: www.google.com

Found: m.google.com

Found: support.google.com

Found: translate.google.com

Found: cse.google.com

Found: news.google.com

Found: music.google.com

Found: mail.google.com

Found: store.google.com

Found: mobile.google.com

Found: search.google.com

Found: wap.google.com

Found: directory.google.com

Found: local.google.com

Found: blog.google.com

===============================================================

2019/06/21 11:54:20 Finished

===============================================================

IP样本运行:


gobuster dns -d google.com -w ~/wordlists/subdomains.txt -i

===============================================================

Gobuster v3.0.1

by OJ Reeves (@TheColonial) & Christian Mehlmauer (@_FireFart_)

===============================================================

[+] Mode         : dns

[+] Url/Domain   : google.com

[+] Threads      : 10

[+] Wordlist     : /home/oj/wordlists/subdomains.txt

===============================================================

2019/06/21 11:54:54 Starting gobuster

===============================================================

Found: www.google.com [172.217.25.36, 2404:6800:4006:802::2004]

Found: admin.google.com [172.217.25.46, 2404:6800:4006:806::200e]

Found: store.google.com [172.217.167.78, 2404:6800:4006:802::200e]

Found: mobile.google.com [172.217.25.43, 2404:6800:4006:802::200b]

Found: ns1.google.com [216.239.32.10, 2001:4860:4802:32::a]

Found: m.google.com [172.217.25.43, 2404:6800:4006:802::200b]

Found: cse.google.com [172.217.25.46, 2404:6800:4006:80a::200e]

Found: chrome.google.com [172.217.25.46, 2404:6800:4006:802::200e]

Found: search.google.com [172.217.25.46, 2404:6800:4006:802::200e]

Found: local.google.com [172.217.25.46, 2404:6800:4006:80a::200e]

Found: news.google.com [172.217.25.46, 2404:6800:4006:802::200e]

Found: blog.google.com [216.58.199.73, 2404:6800:4006:806::2009]

Found: support.google.com [172.217.25.46, 2404:6800:4006:802::200e]

Found: wap.google.com [172.217.25.46, 2404:6800:4006:802::200e]

Found: directory.google.com [172.217.25.46, 2404:6800:4006:802::200e]

Found: translate.google.com [172.217.25.46, 2404:6800:4006:802::200e]

Found: music.google.com [172.217.25.46, 2404:6800:4006:802::200e]

Found: mail.google.com [172.217.25.37, 2404:6800:4006:802::2005]

===============================================================

2019/06/21 11:54:55 Finished

===============================================================

DNS通配符检测:


gobuster dns -d 0.0.1.xip.io -w ~/wordlists/subdomains.txt

===============================================================

Gobuster v3.0.1

by OJ Reeves (@TheColonial) & Christian Mehlmauer (@_FireFart_)

===============================================================

[+] Mode         : dns

[+] Url/Domain   : 0.0.1.xip.io

[+] Threads      : 10

[+] Wordlist     : /home/oj/wordlists/subdomains.txt

===============================================================

2019/06/21 12:13:48 Starting gobuster

===============================================================

2019/06/21 12:13:48 [-] Wildcard DNS found. IP address(es): 1.0.0.0

2019/06/21 12:13:48 [!] To force processing of Wildcard DNS, specify the '--wildcard' switch.

===============================================================

2019/06/21 12:13:48 Finished

===============================================================

vhost模式

命令行运行:

gobuster vhost -u https://mysite.com -w common-vhosts.txt

常规样本运行结果:


gobuster vhost -u https://mysite.com -w common-vhosts.txt

===============================================================

Gobuster v3.0.1

by OJ Reeves (@TheColonial) & Christian Mehlmauer (@_FireFart_)

===============================================================

[+] Url:          https://mysite.com

[+] Threads:      10

[+] Wordlist:     common-vhosts.txt

[+] User Agent:   gobuster/3.0.1

[+] Timeout:      10s

===============================================================

2019/06/21 08:36:00 Starting gobuster

===============================================================

Found: www.mysite.com

Found: piwik.mysite.com

Found: mail.mysite.com

===============================================================

2019/06/21 08:36:05 Finished

===============================================================

项目地址

Gobuster:【GitHub传送门

*参考来源:gobuster,FB小编Alpha_h4ck编译,转自FreeBuf