当前位置: 首页 > 工具软件 > gobuster > 使用案例 >

gobuster 一款基于go开发的目录文件、dns和vhost爆破工具

云正信
2023-12-01

目录

工具介绍

工具优势

Gobuster v3.0.1新特性

工具可选模式

内置帮助菜单

dns模式帮助

dir模式选项

vhost模式选项

工具安装

代码发布

使用“go get”

源码构建

字典与STDIN

使用样例

dir模式

dns模式

vhost模式

项目地址


工具介绍

Gobuster这款工具基于Go编程语言开发,广大研究人员可使用该工具来对目录、文件、DNS和VHost等对象进行暴力破解攻击。目前,该工具刚刚发布了最新的Gobuster v3.0.1版本。

Gobuster可爆破的对象包括:

1、目标站点中的URI(目录或文件);

2、DNS子域名(支持通配符);

3、目标Web服务器的虚拟主机名(VHost);

工具优势

1、没有使用臃肿的Java GUI,工具基于FTW控制台实现;

2、可直接在命令行工具中执行;

3、不会执行递归爆破;

4、允许测试人员同时对目标文件夹以及多种扩展进行爆破;

5、跨平台支持;

6、运行速度比解释型脚本的运行速度快;

7、不需要运行时环境;

8、并发性支持;

Gobuster v3.0.1新特性

1、引入了新的命令行选项;

2、性能优化,网络连接更稳定;

3、新增VHost名爆破支持;

4、可提供自定义的HTTP头;

工具可选模式

dir:传统的目录爆破模式;

dns:DNS子域名爆破模式;

vhost:虚拟主机爆破模式;

内置帮助菜单

gobuster help:输出完整的帮助信息

gobuster help <mode>:输出指定模块的帮助信息

dns模式帮助

Usage:

gobuster dns [flags]

Flags:

d, --domain string      The target domain

h, --help               help for dns

r, --resolver string    Use custom DNS server (format server.com or server.com:port)

c, --showcname          Show CNAME records (cannot be used with '-i' option)

i, --showips            Show IP addresses

   --timeout duration   DNS resolver timeout (default 1s)

   --wildcard           Force continued operation when wildcard found

中文翻译:

d, --domain string 目标域
h, --help dns 帮助
r, --resolver string 使用自定义 DNS 服务器(格式 server.com 或 server.com:port)
c, --showcname 显示 CNAME 记录(不能与 '-i' 选项一起使用)
i, --showips 显示 IP 地址
--timeout 持续时间 DNS 解析器超时(默认 1 秒)
--wildcard 找到通配符时强制继续操作

Global Flags:

z, --noprogress        Don't display progress

o, --output string     Output file to write results to (defaults to stdout)

q, --quiet             Don't print the banner and other noise

t, --threads int       Number of concurrent threads (default 10)

      --delay duration    Time each thread waits between requests (e.g. 1500ms)

v, --verbose           Verbose output (errors)

w, --wordlist string   Path to the wordlist

中文翻译:

z, --noprogress 不显示进度
o, --output string 要将结果写入的输出文件(默认为 stdout)
q, --quiet 不打印横幅和其他噪音
t, --threads int 并发线程数(默认 10)
--delay duration 每个线程在请求​​之间等待的时间(例如 1500 毫秒)
v, --verbose 详细输出(错误)
w, --wordlist string 词表的路径

dir模式选项

Usage:

gobuster dir [flags]

Flags:

f, --addslash                      Append / to each request

c, --cookies string                Cookies to use for the requests

e, --expanded                      Expanded mode, print full URLs

x, --extensions string             File extension(s) to search for

r, --followredirect                Follow redirects

H, --headers stringArray           Specify HTTP headers, -H 'Header1: val1' -H 'Header2: val2'

h, --help                          help for dir

l, --includelength                 Include the length of the body in the output

k, --insecuressl                   Skip SSL certificate verification

n, --nostatus                      Don't print status codes

P, --password string               Password for Basic Auth

p, --proxy string                  Proxy to use for requests [http(s)://host:port]

s, --statuscodes string            Positive status codes (will be overwritten with statuscodesblacklist if set) (default "200,204,301,302,307,401,403")

b, --statuscodesblacklist string   Negative status codes (will override statuscodes if set)

      --timeout duration              HTTP Timeout (default 10s)

u, --url string                    The target URL

a, --useragent string              Set the User-Agent string (default "gobuster/3.0.1")

U, --username string               Username for Basic Auth

      --wildcard                      Force continued operation when wildcard found

中文翻译:

f, --addslash 将 / 附加到每个请求
c, --cookies string 用于请求的 Cookie
e, --expanded 展开模式,打印完整网址
x, --extensions string 要搜索的文件扩展名
r, --followredirect 跟随重定向
H, --headers stringArray 指定 HTTP 标头,-H 'Header1: val1' -H 'Header2: val2'
h, --help 帮助目录
l, --includelength 在输出中包含正文的长度
k, --insecuressl 跳过 SSL 证书验证
n, --nostatus 不打印状态码
P, --password string 基本身份验证的密码
p, --proxy string 用于请求的代理 [http(s)://host:port]
s, --statuscodes string 正状态代码(如果设置,将被状态代码黑名单覆盖)(默认“200,204,301,302,307,401,403”)
b, --statuscodesblacklist string 否定状态代码(如果设置将覆盖状态代码)
--timeout duration HTTP 超时(默认 10 秒)
u, --url string 目标网址
a, --useragent string 设置User-Agent字符串(默认“gobuster/3.0.1”)
U, --username string 基本身份验证的用户名
--wildcard 找到通配符时强制继续操作

Global Flags:

z, --noprogress        Don't display progress

o, --output string     Output file to write results to (defaults to stdout)

q, --quiet             Don't print the banner and other noise

t, --threads int       Number of concurrent threads (default 10)

      --delay duration    Time each thread waits between requests (e.g. 1500ms)

v, --verbose           Verbose output (errors)

w, --wordlist string   Path to the wordlist

中文翻译:

z, --noprogress 不显示进度
o, --output string 要将结果写入的输出文件(默认为 stdout)
q, --quiet 不打印横幅和其他噪音
t, --threads int 并发线程数(默认 10)
--delay duration 每个线程在请求​​之间等待的时间(例如 1500 毫秒)
v, --verbose 详细输出(错误)
w, --wordlist string 词表的路径

vhost模式选项

Usage:

gobuster vhost [flags]

Flags:

c, --cookies string        Cookies to use for the requests

r, --followredirect        Follow redirects

H, --headers stringArray   Specify HTTP headers, -H 'Header1: val1' -H 'Header2: val2'

h, --help                  help for vhost

k, --insecuressl           Skip SSL certificate verification

P, --password string       Password for Basic Auth

p, --proxy string          Proxy to use for requests [http(s)://host:port]

      --timeout duration      HTTP Timeout (default 10s)

u, --url string            The target URL

a, --useragent string      Set the User-Agent string (default "gobuster/3.0.1")

U, --username string       Username for Basic Auth

中文翻译:

c, --cookies string 用于请求的 Cookie
r, --followredirect 跟随重定向
H, --headers stringArray 指定 HTTP 标头,-H 'Header1: val1' -H 'Header2: val2'
h, --help 虚拟主机的帮助
k, --insecuressl 跳过 SSL 证书验证
P, --password string 基本身份验证的密码
p, --proxy string 用于请求的代理 [http(s)://host:port]
--timeout duration HTTP 超时(默认 10 秒)
u, --url string 目标网址
a, --useragent string 设置User-Agent字符串(默认“gobuster/3.0.1”)
U, --username string 基本身份验证的用户名

Global Flags:

z, --noprogress        Don't display progress

o, --output string     Output file to write results to (defaults to stdout)

q, --quiet             Don't print the banner and other noise

t, --threads int       Number of concurrent threads (default 10)

      --delay duration    Time each thread waits between requests (e.g. 1500ms)

v, --verbose           Verbose output (errors)

w, --wordlist string   Path to the wordlist

中文翻译:

z, --noprogress 不显示进度
o, --output string 要将结果写入的输出文件(默认为 stdout)
q, --quiet 不打印横幅和其他噪音
t, --threads int 并发线程数(默认 10)
--delay duration 每个线程在请求​​之间等待的时间(例如 1500 毫秒)
v, --verbose 详细输出(错误)
w, --wordlist string 词表的路径

工具安装

代码发布

我们已经将项目的源码发布到了Gobuster的GitHub主页,广大用户目前无需自行构建项目代码。

下载地址:【Releases页面传送门

使用“go get”

如果你已经搭建好了Go环境,你就可以直接使用下列命令来下载和安装Gobuster:

go get github.com/OJ/gobuster

源码构建

由于该工具采用Go语言开发,那么用户首先就需要安装Go语言环境和编译器等等。关于Go环境的具体配置信息,可以参考Go语言的【官方网站】。

编译

gobuster现在引入了外部依赖组件,所以我们需要先配置依赖组件:

go get && go build

该命令将会创建一份gobuster代码,运行下列命令即可在$GOPATH/bin目录中安装:

go install

配置好所有的依赖组件之后,我们就可以使用代码构建脚本了:

make - 使用当前Go配置来构建工具,例如“go build”;

make windows - 构建32位或64位Windows程序,并将其写入build子目录;

make linux - 构建32位或64位Linux程序,并将其写入build子目录;

make darwin - 构建32位或64位Darwin程序,并将其写入build子目录;

make all - 构建跨平台程序,并将其写入build子目录;

make clean - 清理build子目录;

make test - 运行测试;

字典与STDIN

字典文件可以直接通过stdin嵌入到gobuster:

hashcat -a 3 --stdout ?l | gobuster dir -u https://mysite.com -w -

使用样例

dir模式

命令行运行:

gobuster dir -u https://mysite.com/path/to/folder -c 'session=123456' -t 50 -w common-files.txt -x .php,.html

默认选项如下:

gobuster dir -u https://buffered.io -w ~/wordlists/shortlist.txt
    ===============================================================
    Gobuster v3.0.1
    by OJ Reeves (@TheColonial) & Christian Mehlmauer (@_FireFart_)
    ===============================================================
    [+] Mode         : dir
    [+] Url/Domain   : https://buffered.io/
    [+] Threads      : 10
    [+] Wordlist     : /home/oj/wordlists/shortlist.txt
    [+] Status codes : 200,204,301,302,307,401,403
    [+] User Agent   : gobuster/3.0.1
    [+] Timeout      : 10s
    ===============================================================
    2019/06/21 11:49:43 Starting gobuster
    ===============================================================
    /categories (Status: 301)
    /contact (Status: 301)
    /posts (Status: 301)
    /index (Status: 200)
    ===============================================================
    2019/06/21 11:49:44 Finished
    ===============================================================

禁用状态码的默认选项:

gobuster dir -u https://buffered.io -w ~/wordlists/shortlist.txt -n
    ===============================================================
    Gobuster v3.0.1
    by OJ Reeves (@TheColonial) & Christian Mehlmauer (@_FireFart_)
    ===============================================================
    [+] Mode         : dir
    [+] Url/Domain   : https://buffered.io/
    [+] Threads      : 10
    [+] Wordlist     : /home/oj/wordlists/shortlist.txt
    [+] Status codes : 200,204,301,302,307,401,403
    [+] User Agent   : gobuster/3.0.1
    [+] No status    : true
    [+] Timeout      : 10s
    ===============================================================
    2019/06/21 11:50:18 Starting gobuster
    ===============================================================
    /categories
    /contact
    /index
    /posts
    ===============================================================
    2019/06/21 11:50:18 Finished
    ===============================================================

Verbose输出:

gobuster dir -u https://buffered.io -w ~/wordlists/shortlist.txt -v
    ===============================================================
    Gobuster v3.0.1
    by OJ Reeves (@TheColonial) & Christian Mehlmauer (@_FireFart_)
    ===============================================================
    [+] Mode         : dir
    [+] Url/Domain   : https://buffered.io/
    [+] Threads      : 10
    [+] Wordlist     : /home/oj/wordlists/shortlist.txt
    [+] Status codes : 200,204,301,302,307,401,403
    [+] User Agent   : gobuster/3.0.1
    [+] Verbose      : true
    [+] Timeout      : 10s
    ===============================================================
    2019/06/21 11:50:51 Starting gobuster
    ===============================================================
    Missed: /alsodoesnotexist (Status: 404)
    Found: /index (Status: 200)
    Missed: /doesnotexist (Status: 404)
    Found: /categories (Status: 301)
    Found: /posts (Status: 301)
    Found: /contact (Status: 301)
    ===============================================================
    2019/06/21 11:50:51 Finished
    ===============================================================

显示内容长度:

gobuster dir -u https://buffered.io -w ~/wordlists/shortlist.txt -l
    ===============================================================
    Gobuster v3.0.1
    by OJ Reeves (@TheColonial) & Christian Mehlmauer (@_FireFart_)
    ===============================================================
    [+] Mode         : dir
    [+] Url/Domain   : https://buffered.io/
    [+] Threads      : 10
    [+] Wordlist     : /home/oj/wordlists/shortlist.txt
    [+] Status codes : 200,204,301,302,307,401,403
    [+] User Agent   : gobuster/3.0.1
    [+] Show length  : true
    [+] Timeout      : 10s
    ===============================================================
    2019/06/21 11:51:16 Starting gobuster
    ===============================================================
    /categories (Status: 301) [Size: 178]
    /posts (Status: 301) [Size: 178]
    /contact (Status: 301) [Size: 178]
    /index (Status: 200) [Size: 51759]
    ===============================================================
    2019/06/21 11:51:17 Finished
    ===============================================================

dns模式

命令行运行:

gobuster dns -d mysite.com -t 50 -w common-names.txt

运行样例:

gobuster dns -d google.com -w ~/wordlists/subdomains.txt
    ===============================================================
    Gobuster v3.0.1
    by OJ Reeves (@TheColonial) & Christian Mehlmauer (@_FireFart_)
    ===============================================================
    [+] Mode         : dns
    [+] Url/Domain   : google.com
    [+] Threads      : 10
    [+] Wordlist     : /home/oj/wordlists/subdomains.txt
    ===============================================================
    2019/06/21 11:54:20 Starting gobuster
    ===============================================================
    Found: chrome.google.com
    Found: ns1.google.com
    Found: admin.google.com
    Found: www.google.com
    Found: m.google.com
    Found: support.google.com
    Found: translate.google.com
    Found: cse.google.com
    Found: news.google.com
    Found: music.google.com
    Found: mail.google.com
    Found: store.google.com
    Found: mobile.google.com
    Found: search.google.com
    Found: wap.google.com
    Found: directory.google.com
    Found: local.google.com
    Found: blog.google.com
    ===============================================================
    2019/06/21 11:54:20 Finished
    ===============================================================

IP样本运行:

gobuster dns -d google.com -w ~/wordlists/subdomains.txt -i
    ===============================================================
    Gobuster v3.0.1
    by OJ Reeves (@TheColonial) & Christian Mehlmauer (@_FireFart_)
    ===============================================================
    [+] Mode         : dns
    [+] Url/Domain   : google.com
    [+] Threads      : 10
    [+] Wordlist     : /home/oj/wordlists/subdomains.txt
    ===============================================================
    2019/06/21 11:54:54 Starting gobuster
    ===============================================================
    Found: www.google.com [172.217.25.36, 2404:6800:4006:802::2004]
    Found: admin.google.com [172.217.25.46, 2404:6800:4006:806::200e]
    Found: store.google.com [172.217.167.78, 2404:6800:4006:802::200e]
    Found: mobile.google.com [172.217.25.43, 2404:6800:4006:802::200b]
    Found: ns1.google.com [216.239.32.10, 2001:4860:4802:32::a]
    Found: m.google.com [172.217.25.43, 2404:6800:4006:802::200b]
    Found: cse.google.com [172.217.25.46, 2404:6800:4006:80a::200e]
    Found: chrome.google.com [172.217.25.46, 2404:6800:4006:802::200e]
    Found: search.google.com [172.217.25.46, 2404:6800:4006:802::200e]
    Found: local.google.com [172.217.25.46, 2404:6800:4006:80a::200e]
    Found: news.google.com [172.217.25.46, 2404:6800:4006:802::200e]
    Found: blog.google.com [216.58.199.73, 2404:6800:4006:806::2009]
    Found: support.google.com [172.217.25.46, 2404:6800:4006:802::200e]
    Found: wap.google.com [172.217.25.46, 2404:6800:4006:802::200e]
    Found: directory.google.com [172.217.25.46, 2404:6800:4006:802::200e]
    Found: translate.google.com [172.217.25.46, 2404:6800:4006:802::200e]
    Found: music.google.com [172.217.25.46, 2404:6800:4006:802::200e]
    Found: mail.google.com [172.217.25.37, 2404:6800:4006:802::2005]
    ===============================================================
    2019/06/21 11:54:55 Finished
    ===============================================================

DNS通配符检测:

gobuster dns -d 0.0.1.xip.io -w ~/wordlists/subdomains.txt
    ===============================================================
    Gobuster v3.0.1
    by OJ Reeves (@TheColonial) & Christian Mehlmauer (@_FireFart_)
    ===============================================================
    [+] Mode         : dns
    [+] Url/Domain   : 0.0.1.xip.io
    [+] Threads      : 10
    [+] Wordlist     : /home/oj/wordlists/subdomains.txt
    ===============================================================
    2019/06/21 12:13:48 Starting gobuster
    ===============================================================
    2019/06/21 12:13:48 [-] Wildcard DNS found. IP address(es): 1.0.0.0
    2019/06/21 12:13:48 [!] To force processing of Wildcard DNS, specify the '--wildcard' switch.
    ===============================================================
    2019/06/21 12:13:48 Finished
    ===============================================================

vhost模式

命令行运行:

gobuster vhost -u https://mysite.com -w common-vhosts.txt

常规样本运行结果:

gobuster vhost -u https://mysite.com -w common-vhosts.txt
    ===============================================================
    Gobuster v3.0.1
    by OJ Reeves (@TheColonial) & Christian Mehlmauer (@_FireFart_)
    ===============================================================
    [+] Url:          https://mysite.com
    [+] Threads:      10
    [+] Wordlist:     common-vhosts.txt
    [+] User Agent:   gobuster/3.0.1
    [+] Timeout:      10s
    ===============================================================
    2019/06/21 08:36:00 Starting gobuster
    ===============================================================
    Found: www.mysite.com
    Found: piwik.mysite.com
    Found: mail.mysite.com
    ===============================================================
    2019/06/21 08:36:05 Finished
    ===============================================================

项目地址

https://github.com/OJ/gobuster

 类似资料: