Gobuster

https://null-byte.wonderhowto.com/how-to/hack-like-pro-find-directories-websites-using-dirbuster-0157593/

gobuster dir -u http://10.129.230.183 --wordlist /usr/share/wordlists/dirbuster/directory-list-2.3-small.txt


//DIR mode
gobuster dir -u abrictosecurity.com -w /usr/share/dirbuster/wordlists/directory-list-2.3-medium.txt -x php,php3, html



//DNS mode
gobuster dns -d abrictosecurity -w /usr/share/wordlists/subdomains/top5000subdomains -i –wildcard
$ gobuster dns -q -r 8.8.8.8 -d example.com -w wordlists/Discovery/DNS/subdomains-top1million-5000.txt -t 4 --delay 1s -o results.txt"



//VHOST mode
gobuster vhost -v -u https://abrictosecurity.com -w /usr/share/wordlists/subdomains/top5000subdomains -o vhostlist.txt
gobuster vhost -u http://pov.htb -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-20000.txt --append-domain -r

--append-domain -k --no-error //no error
-r         //option is not mentioned in your provided text, but it's worth mentioning that it stands for "follow redirects." When specified, Gobuster will automatically follow HTTP redirects (e.g., 301 or 302 responses) to their destination URLs.
-k        //This option stands for "keep alive." It tells Gobuster to use HTTP keep-alive to maintain persistent connections to the target server, which can improve performance by reusing existing connections for multiple requests
--no-error      //This option tells Gobuster to suppress any errors it encounters during the scanning process. By default, Gobuster will display errors such as HTTP status codes indicating that a file or directory was not found (e.g., 404 errors). Using `--no-error` will prevent Gobuster from displaying these errors, which can make the output cleaner and more concise.



//s3 for amazon instance
gobuster s3 -w /usr/share/wordlists/s3_bucket_masterlist
Usage:
 gobuster dir [flags]
Flags:
 -f, --add-slash Append / to each request
 -c, --cookies string Cookies to use for the requests
 -e, --expanded Expanded mode, print full URLs
<span style="font-size: 16px; color: #00FFFF; font-weight: bold"> -x, --extensions string File extension(s) to search for</span>
 -r, --follow-redirect Follow redirects
 -H, --headers stringArray Specify HTTP headers, -H 'Header1: val1' -H
'Header2: val2'
 -h, --help help for dir

 ..[Output omitted]..

 -u, --url string The target URL
 -a, --useragent string Set the User-Agent string (default
"gobuster/3.1.0")
 -U, --username string Username for Basic Auth
 -d, --discover-backup Upon finding a file search for backup files
 --wildcard Force continued operation when wildcard found
Global Flags:
 -z, --no-progress Don't display progress
 -o, --output string Output file to write results to (defaults to stdout)
 -q, --quiet Don't print the banner and other noise
 -t, --threads int Number of concurrent threads (default 10)
 --delay duration Time each thread waits between requests (e.g. 1500ms)

sudo apt-get install seclists

Using Gobuster

DIR mode

Dir mode is used to enumerate URLs for directories and files. This mode will be used to find content within a known target domain or subdomain. Gobuster will uncover hidden directories or files. -u is the URL that will define our target domain. -w is the wordlist we use to help identify the names of possible common directories or file names. -x are the string extensions we are expecting to find.

gobuster dir -u <url> -w <wordlist.txt> -x <file_extensions>

Example: gobuster dir -u abrictosecurity.com -w /usr/share/dirbuster/wordlists/directory-list-2.3-medium.txt -x php,php3, html

DNS mode

DNS mode is used to enumerate subdomains. -d is the identifiable target domain. -w is the wordlist that we will use to define our possible subdomain name list. -i will show the IP address. –wildcard allows parameters to continue even if there is a Wildcard DNS. This means a result will post, even if the results are from the same IP address.

gobuster dns -d <domain> -w <wordlist.txt> -i --wildcard

example: gobuster dns -d abrictosecurity -w /usr/share/wordlists/subdomains/top5000subdomains -i –wildcard

VHOST mode

VHOST mode or Virtual host brute-forcing mode will find virtual hosts within the domain. Virtual Hosting occurs when a domain is hosting other domain names on a single server or multiple other servers. This allows companies to share resources on a single server. This works by having Gobuster visit a URL and check the associated IP address. -v is for verbose mode. -u defines the target URL. -w is the wordlist that can help enumerate common virtual host site names. -o will output the results to an assigned file.

gobuster vhost -v -u <url> -w <wordlist.txt> -o <output_file.txt>

S3 Mode

S3 mode will enumerate publicly available Amazon Web Service (AWS) S3 buckets. While Gobuster can help determine the names of the potential S3 buckets, it does not indicate that the buckets are able to be accessed or modified. You may still be able to use the information to access files available such as web support, logs, videos, or images. -w is the wordlist to define the names we will look to enumerate.

gobuster s3 -w <wordlist.txt>

example: gobuster s3 -w /usr/share/wordlists/s3_bucket_masterlist

Other Useful Flags

-e : completes printing the URL from enumerated directories

-n : will print results without the status code

-k : skip SSL verification

-t : assign the number of threads that will be used during enumeration

-r --resolver string : Use custom DNS server (format server.com or server.com:port)

-p : allows proxy URLs to be used for requests on port 1080. This port can be changed in the URL.

-timeout : allows a timeout parameter to be set

-U [username] -P [password] : define a username and password for basic HTTP authentication mechanisms

--delay -- delay duration

-o --output string : Output file to write results to (defaults to stdout)

PreviousDirsearchNextWfuzz

Last updated