Alternative directory and file busting tool written in Go. DNS support recently added after inspiration and effort from Peleus.
Because I wanted:
- ... something that didn't have a fat Java GUI (console FTW).
- ... to build something that just worked on the command line.
- ... something that did not do recursive brute force.
- ... something that allowed me to brute force folders and multiple extensions at once.
- ... something that compiled to native on multiple platforms.
- ... something that was faster than an interpreted script (such as Python).
- ... something that didn't require a runtime.
- ... use something that was good with concurrency (hence Go).
- ... to build something in Go that wasn't totally useless.
Yes, you're probably correct. Feel free to :
- Not use it.
- Show me how to do it better.
-m <mode>
- which mode to use, eitherdir
ordns
(default:dir
)-u <url/domain>
- full URL (including scheme), or base domain name.-t <threads>
- number of threads to run (default:10
).-w <wordlist>
- path to the wordlist used for brute forcing.-v
- verbose output (show all results).
-i
- show all IP addresses for the result.
-c <http cookies>
- use this to specify any cookies that you might need (simulating auth).-f
- append/
for directory brute forces.-r
- follow redirects.-l
- show the length of the response.-n
- "no status" mode, disables the output of the result's status code.-q
- disables banner/underline output.-e
- expand the results to include the full URL.-s <status codes>
- comma-separated set of the list of status codes to be deemed a "positive" (default:200,204,301,302,307
).-x <extensions>
- list of extensions to check for, if any.-p <proxy url>
- specify a proxy to use for all requests (scheme much match the URL scheme)
Since this tool is written in Go you need install the Go language/compiler/etc. Full details of installation and set up can be found on the Go language website. Once installed you have two options.
gobuster$ go build
This will create a gobuster
binary for you.
gobuster$ go run main.go <parameters>
Command line might look like this:
$ ./gobuster -u https://mysite.com/path/to/folder -c 'session=123456' -t 50 -w common-files.txt -x .php,.html
Default options looks like this:
$ ./gobuster -u http://buffered.io/ -w words.txt
=====================================================
Gobuster v1.0 (DIR support by OJ Reeves @TheColonial)
(DNS support by Peleus @0x42424242)
=====================================================
[+] Mode : dir
[+] Url/Domain : http://buffered.io/
[+] Threads : 10
[+] Wordlist : words.txt
[+] Status codes : 200,204,301,302,307
=====================================================
/index (Status: 200)
/posts (Status: 301)
/contact (Status: 301)
=====================================================
Default options with status codes disabled looks like this:
$ ./gobuster -u http://buffered.io/ -w words.txt -n
=====================================================
Gobuster v1.0 (DIR support by OJ Reeves @TheColonial)
(DNS support by Peleus @0x42424242)
=====================================================
[+] Mode : dir
[+] Url/Domain : http://buffered.io/
[+] Threads : 10
[+] Wordlist : words.txt
[+] Status codes : 200,204,301,302,307
[+] No status : true
=====================================================
/index
/posts
/contact
=====================================================
Verbose output looks like this:
$ ./gobuster -u http://buffered.io/ -w words.txt -v
=====================================================
Gobuster v1.0 (DIR support by OJ Reeves @TheColonial)
(DNS support by Peleus @0x42424242)
=====================================================
[+] Mode : dir
[+] Url/Domain : http://buffered.io/
[+] Threads : 10
[+] Wordlist : words.txt
[+] Status codes : 200,204,301,302,307
[+] Verbose : true
=====================================================
Found : /index (Status: 200)
Missed: /derp (Status: 404)
Found : /posts (Status: 301)
Found : /contact (Status: 301)
=====================================================
Example showing content length:
=====================================================
Gobuster v1.0 (DIR support by OJ Reeves @TheColonial)
(DNS support by Peleus @0x42424242)
=====================================================
[+] Mode : dir
[+] Url/Domain : http://buffered.io/
[+] Threads : 10
[+] Wordlist : /tmp/words
[+] Status codes : 301,302,307,200,204
=====================================================
/contact (Status: 301)
/posts (Status: 301)
/index (Status: 200) [Size: 61481]
=====================================================
Quiet output, with status disabled and expanded mode looks like this ("grep mode"):
$ ./gobuster -u http://buffered.io/ -w words.txt -q -n -e
http://buffered.io/posts
http://buffered.io/contact
http://buffered.io/index
Command line might look like this:
$ ./gobuster -m dns -u mysite.com -t 50 -w common-names.txt
Normal sample run goes like this:
$ ./gobuster -m dns -w subdomains.txt -u google.com
=====================================================
Gobuster v1.0 (DIR support by OJ Reeves @TheColonial)
(DNS support by Peleus @0x42424242)
=====================================================
[+] Mode : dns
[+] Url/Domain : google.com
[+] Threads : 10
[+] Wordlist : subdomains.txt
=====================================================
Found: m.google.com
Found: admin.google.com
Found: mobile.google.com
Found: www.google.com
Found: search.google.com
Found: chrome.google.com
Found: ns1.google.com
Found: store.google.com
Found: wap.google.com
Found: support.google.com
Found: directory.google.com
Found: translate.google.com
Found: news.google.com
Found: music.google.com
Found: mail.google.com
Found: blog.google.com
Found: cse.google.com
Found: local.google.com
=====================================================
Show IP sample run goes like this:
$ ./gobuster -m dns -w subdomains.txt -u google.com -i
=====================================================
Gobuster v1.0 (DIR support by OJ Reeves @TheColonial)
(DNS support by Peleus @0x42424242)
=====================================================
[+] Mode : dns
[+] Url/Domain : google.com
[+] Threads : 10
[+] Wordlist : subdomains.txt
[+] Verbose : true
=====================================================
Found: chrome.google.com [2404:6800:4006:801::200e, 216.58.220.110]
Found: m.google.com [216.58.220.107, 2404:6800:4006:801::200b]
Found: www.google.com [74.125.237.179, 74.125.237.177, 74.125.237.178, 74.125.237.180, 74.125.237.176, 2404:6800:4006:801::2004]
Found: search.google.com [2404:6800:4006:801::200e, 216.58.220.110]
Found: admin.google.com [216.58.220.110, 2404:6800:4006:801::200e]
Found: store.google.com [216.58.220.110, 2404:6800:4006:801::200e]
Found: mobile.google.com [216.58.220.107, 2404:6800:4006:801::200b]
Found: ns1.google.com [216.239.32.10]
Found: directory.google.com [216.58.220.110, 2404:6800:4006:801::200e]
Found: translate.google.com [216.58.220.110, 2404:6800:4006:801::200e]
Found: cse.google.com [216.58.220.110, 2404:6800:4006:801::200e]
Found: local.google.com [2404:6800:4006:801::200e, 216.58.220.110]
Found: music.google.com [2404:6800:4006:801::200e, 216.58.220.110]
Found: wap.google.com [216.58.220.110, 2404:6800:4006:801::200e]
Found: blog.google.com [216.58.220.105, 2404:6800:4006:801::2009]
Found: support.google.com [216.58.220.110, 2404:6800:4006:801::200e]
Found: news.google.com [216.58.220.110, 2404:6800:4006:801::200e]
Found: mail.google.com [216.58.220.101, 2404:6800:4006:801::2005]
=====================================================
See the LICENSE file.
See the THANKS file for people who helped out.