gobuster 一款基于go开发的目录文件、dns和vhost爆破工具
目录
工具介绍
Gobuster这款工具基于Go编程语言开发,广大研究人员可使用该工具来对目录、文件、DNS和VHost等对象进行暴力破解攻击。目前,该工具刚刚发布了最新的Gobuster v3.0.1版本。
Gobuster可爆破的对象包括:
1、目标站点中的URI(目录或文件);
2、DNS子域名(支持通配符);
3、目标Web服务器的虚拟主机名(VHost);
工具优势
1、没有使用臃肿的Java GUI,工具基于FTW控制台实现;
2、可直接在命令行工具中执行;
3、不会执行递归爆破;
4、允许测试人员同时对目标文件夹以及多种扩展进行爆破;
5、跨平台支持;
6、运行速度比解释型脚本的运行速度快;
7、不需要运行时环境;
8、并发性支持;
Gobuster v3.0.1新特性
1、引入了新的命令行选项;
2、性能优化,网络连接更稳定;
3、新增VHost名爆破支持;
4、可提供自定义的HTTP头;
工具可选模式
dir:传统的目录爆破模式;
dns:DNS子域名爆破模式;
vhost:虚拟主机爆破模式;
内置帮助菜单
gobuster help:输出完整的帮助信息
gobuster help <mode>:输出指定模块的帮助信息
dns模式帮助
Usage:
gobuster dns [flags]
Flags:
d, --domain string The target domain
h, --help help for dns
r, --resolver string Use custom DNS server (format server.com or server.com:port)
c, --showcname Show CNAME records (cannot be used with '-i' option)
i, --showips Show IP addresses
--timeout duration DNS resolver timeout (default 1s)
--wildcard Force continued operation when wildcard found
中文翻译:
d, --domain string 目标域 h, --help dns 帮助 r, --resolver string 使用自定义 DNS 服务器(格式 server.com 或 server.com:port) c, --showcname 显示 CNAME 记录(不能与 '-i' 选项一起使用) i, --showips 显示 IP 地址 --timeout 持续时间 DNS 解析器超时(默认 1 秒) --wildcard 找到通配符时强制继续操作
Global Flags:
z, --noprogress Don't display progress
o, --output string Output file to write results to (defaults to stdout)
q, --quiet Don't print the banner and other noise
t, --threads int Number of concurrent threads (default 10)
--delay duration Time each thread waits between requests (e.g. 1500ms)
v, --verbose Verbose output (errors)
w, --wordlist string Path to the wordlist
中文翻译:
z, --noprogress 不显示进度 o, --output string 要将结果写入的输出文件(默认为 stdout) q, --quiet 不打印横幅和其他噪音 t, --threads int 并发线程数(默认 10) --delay duration 每个线程在请求之间等待的时间(例如 1500 毫秒) v, --verbose 详细输出(错误) w, --wordlist string 词表的路径
dir模式选项
Usage:
gobuster dir [flags]
Flags:
f, --addslash Append / to each request
c, --cookies string Cookies to use for the requests
e, --expanded Expanded mode, print full URLs
x, --extensions string File extension(s) to search for
r, --followredirect Follow redirects
H, --headers stringArray Specify HTTP headers, -H 'Header1: val1' -H 'Header2: val2'
h, --help help for dir
l, --includelength Include the length of the body in the output
k, --insecuressl Skip SSL certificate verification
n, --nostatus Don't print status codes
P, --password string Password for Basic Auth
p, --proxy string Proxy to use for requests [http(s)://host:port]
s, --statuscodes string Positive status codes (will be overwritten with statuscodesblacklist if set) (default "200,204,301,302,307,401,403")
b, --statuscodesblacklist string Negative status codes (will override statuscodes if set)
--timeout duration HTTP Timeout (default 10s)
u, --url string The target URL
a, --useragent string Set the User-Agent string (default "gobuster/3.0.1")
U, --username string Username for Basic Auth
--wildcard Force continued operation when wildcard found
中文翻译:
f, --addslash 将 / 附加到每个请求 c, --cookies string 用于请求的 Cookie e, --expanded 展开模式,打印完整网址 x, --extensions string 要搜索的文件扩展名 r, --followredirect 跟随重定向 H, --headers stringArray 指定 HTTP 标头,-H 'Header1: val1' -H 'Header2: val2' h, --help 帮助目录 l, --includelength 在输出中包含正文的长度 k, --insecuressl 跳过 SSL 证书验证 n, --nostatus 不打印状态码 P, --password string 基本身份验证的密码 p, --proxy string 用于请求的代理 [http(s)://host:port] s, --statuscodes string 正状态代码(如果设置,将被状态代码黑名单覆盖)(默认“200,204,301,302,307,401,403”) b, --statuscodesblacklist string 否定状态代码(如果设置将覆盖状态代码) --timeout duration HTTP 超时(默认 10 秒) u, --url string 目标网址 a, --useragent string 设置User-Agent字符串(默认“gobuster/3.0.1”) U, --username string 基本身份验证的用户名 --wildcard 找到通配符时强制继续操作
Global Flags:
z, --noprogress Don't display progress
o, --output string Output file to write results to (defaults to stdout)
q, --quiet Don't print the banner and other noise
t, --threads int Number of concurrent threads (default 10)
--delay duration Time each thread waits between requests (e.g. 1500ms)
v, --verbose Verbose output (errors)
w, --wordlist string Path to the wordlist
中文翻译:
z, --noprogress 不显示进度 o, --output string 要将结果写入的输出文件(默认为 stdout) q, --quiet 不打印横幅和其他噪音 t, --threads int 并发线程数(默认 10) --delay duration 每个线程在请求之间等待的时间(例如 1500 毫秒) v, --verbose 详细输出(错误) w, --wordlist string 词表的路径
vhost模式选项
Usage:
gobuster vhost [flags]
Flags:
c, --cookies string Cookies to use for the requests
r, --followredirect Follow redirects
H, --headers stringArray Specify HTTP headers, -H 'Header1: val1' -H 'Header2: val2'
h, --help help for vhost
k, --insecuressl Skip SSL certificate verification
P, --password string Password for Basic Auth
p, --proxy string Proxy to use for requests [http(s)://host:port]
--timeout duration HTTP Timeout (default 10s)
u, --url string The target URL
a, --useragent string Set the User-Agent string (default "gobuster/3.0.1")
U, --username string Username for Basic Auth
中文翻译:
c, --cookies string 用于请求的 Cookie r, --followredirect 跟随重定向 H, --headers stringArray 指定 HTTP 标头,-H 'Header1: val1' -H 'Header2: val2' h, --help 虚拟主机的帮助 k, --insecuressl 跳过 SSL 证书验证 P, --password string 基本身份验证的密码 p, --proxy string 用于请求的代理 [http(s)://host:port] --timeout duration HTTP 超时(默认 10 秒) u, --url string 目标网址 a, --useragent string 设置User-Agent字符串(默认“gobuster/3.0.1”) U, --username string 基本身份验证的用户名
Global Flags:
z, --noprogress Don't display progress
o, --output string Output file to write results to (defaults to stdout)
q, --quiet Don't print the banner and other noise
t, --threads int Number of concurrent threads (default 10)
--delay duration Time each thread waits between requests (e.g. 1500ms)
v, --verbose Verbose output (errors)
w, --wordlist string Path to the wordlist
中文翻译:
z, --noprogress 不显示进度 o, --output string 要将结果写入的输出文件(默认为 stdout) q, --quiet 不打印横幅和其他噪音 t, --threads int 并发线程数(默认 10) --delay duration 每个线程在请求之间等待的时间(例如 1500 毫秒) v, --verbose 详细输出(错误) w, --wordlist string 词表的路径
工具安装
代码发布
我们已经将项目的源码发布到了Gobuster的GitHub主页,广大用户目前无需自行构建项目代码。
下载地址:【Releases页面传送门】
使用“go get”
如果你已经搭建好了Go环境,你就可以直接使用下列命令来下载和安装Gobuster:
go get github.com/OJ/gobuster源码构建
由于该工具采用Go语言开发,那么用户首先就需要安装Go语言环境和编译器等等。关于Go环境的具体配置信息,可以参考Go语言的【官方网站】。
编译
gobuster现在引入了外部依赖组件,所以我们需要先配置依赖组件:
go get && go build该命令将会创建一份gobuster代码,运行下列命令即可在$GOPATH/bin目录中安装:
go install配置好所有的依赖组件之后,我们就可以使用代码构建脚本了:
make - 使用当前Go配置来构建工具,例如“go build”;
make windows - 构建32位或64位Windows程序,并将其写入build子目录;
make linux - 构建32位或64位Linux程序,并将其写入build子目录;
make darwin - 构建32位或64位Darwin程序,并将其写入build子目录;
make all - 构建跨平台程序,并将其写入build子目录;
make clean - 清理build子目录;
make test - 运行测试;
字典与STDIN
字典文件可以直接通过stdin嵌入到gobuster:
hashcat -a 3 --stdout ?l | gobuster dir -u https://mysite.com -w -使用样例
dir模式
命令行运行:
gobuster dir -u https://mysite.com/path/to/folder -c 'session=123456' -t 50 -w common-files.txt -x .php,.html默认选项如下:
gobuster dir -u https://buffered.io -w ~/wordlists/shortlist.txt
===============================================================
Gobuster v3.0.1
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@_FireFart_)
===============================================================
[+] Mode : dir
[+] Url/Domain : https://buffered.io/
[+] Threads : 10
[+] Wordlist : /home/oj/wordlists/shortlist.txt
[+] Status codes : 200,204,301,302,307,401,403
[+] User Agent : gobuster/3.0.1
[+] Timeout : 10s
===============================================================
2019/06/21 11:49:43 Starting gobuster
===============================================================
/categories (Status: 301)
/contact (Status: 301)
/posts (Status: 301)
/index (Status: 200)
===============================================================
2019/06/21 11:49:44 Finished
===============================================================禁用状态码的默认选项:
gobuster dir -u https://buffered.io -w ~/wordlists/shortlist.txt -n
===============================================================
Gobuster v3.0.1
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@_FireFart_)
===============================================================
[+] Mode : dir
[+] Url/Domain : https://buffered.io/
[+] Threads : 10
[+] Wordlist : /home/oj/wordlists/shortlist.txt
[+] Status codes : 200,204,301,302,307,401,403
[+] User Agent : gobuster/3.0.1
[+] No status : true
[+] Timeout : 10s
===============================================================
2019/06/21 11:50:18 Starting gobuster
===============================================================
/categories
/contact
/index
/posts
===============================================================
2019/06/21 11:50:18 Finished
===============================================================Verbose输出:
gobuster dir -u https://buffered.io -w ~/wordlists/shortlist.txt -v
===============================================================
Gobuster v3.0.1
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@_FireFart_)
===============================================================
[+] Mode : dir
[+] Url/Domain : https://buffered.io/
[+] Threads : 10
[+] Wordlist : /home/oj/wordlists/shortlist.txt
[+] Status codes : 200,204,301,302,307,401,403
[+] User Agent : gobuster/3.0.1
[+] Verbose : true
[+] Timeout : 10s
===============================================================
2019/06/21 11:50:51 Starting gobuster
===============================================================
Missed: /alsodoesnotexist (Status: 404)
Found: /index (Status: 200)
Missed: /doesnotexist (Status: 404)
Found: /categories (Status: 301)
Found: /posts (Status: 301)
Found: /contact (Status: 301)
===============================================================
2019/06/21 11:50:51 Finished
===============================================================显示内容长度:
gobuster dir -u https://buffered.io -w ~/wordlists/shortlist.txt -l
===============================================================
Gobuster v3.0.1
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@_FireFart_)
===============================================================
[+] Mode : dir
[+] Url/Domain : https://buffered.io/
[+] Threads : 10
[+] Wordlist : /home/oj/wordlists/shortlist.txt
[+] Status codes : 200,204,301,302,307,401,403
[+] User Agent : gobuster/3.0.1
[+] Show length : true
[+] Timeout : 10s
===============================================================
2019/06/21 11:51:16 Starting gobuster
===============================================================
/categories (Status: 301) [Size: 178]
/posts (Status: 301) [Size: 178]
/contact (Status: 301) [Size: 178]
/index (Status: 200) [Size: 51759]
===============================================================
2019/06/21 11:51:17 Finished
===============================================================dns模式
命令行运行:
gobuster dns -d mysite.com -t 50 -w common-names.txt运行样例:
gobuster dns -d google.com -w ~/wordlists/subdomains.txt
===============================================================
Gobuster v3.0.1
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@_FireFart_)
===============================================================
[+] Mode : dns
[+] Url/Domain : google.com
[+] Threads : 10
[+] Wordlist : /home/oj/wordlists/subdomains.txt
===============================================================
2019/06/21 11:54:20 Starting gobuster
===============================================================
Found: chrome.google.com
Found: ns1.google.com
Found: admin.google.com
Found: www.google.com
Found: m.google.com
Found: support.google.com
Found: translate.google.com
Found: cse.google.com
Found: news.google.com
Found: music.google.com
Found: mail.google.com
Found: store.google.com
Found: mobile.google.com
Found: search.google.com
Found: wap.google.com
Found: directory.google.com
Found: local.google.com
Found: blog.google.com
===============================================================
2019/06/21 11:54:20 Finished
===============================================================IP样本运行:
gobuster dns -d google.com -w ~/wordlists/subdomains.txt -i
===============================================================
Gobuster v3.0.1
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@_FireFart_)
===============================================================
[+] Mode : dns
[+] Url/Domain : google.com
[+] Threads : 10
[+] Wordlist : /home/oj/wordlists/subdomains.txt
===============================================================
2019/06/21 11:54:54 Starting gobuster
===============================================================
Found: www.google.com [172.217.25.36, 2404:6800:4006:802::2004]
Found: admin.google.com [172.217.25.46, 2404:6800:4006:806::200e]
Found: store.google.com [172.217.167.78, 2404:6800:4006:802::200e]
Found: mobile.google.com [172.217.25.43, 2404:6800:4006:802::200b]
Found: ns1.google.com [216.239.32.10, 2001:4860:4802:32::a]
Found: m.google.com [172.217.25.43, 2404:6800:4006:802::200b]
Found: cse.google.com [172.217.25.46, 2404:6800:4006:80a::200e]
Found: chrome.google.com [172.217.25.46, 2404:6800:4006:802::200e]
Found: search.google.com [172.217.25.46, 2404:6800:4006:802::200e]
Found: local.google.com [172.217.25.46, 2404:6800:4006:80a::200e]
Found: news.google.com [172.217.25.46, 2404:6800:4006:802::200e]
Found: blog.google.com [216.58.199.73, 2404:6800:4006:806::2009]
Found: support.google.com [172.217.25.46, 2404:6800:4006:802::200e]
Found: wap.google.com [172.217.25.46, 2404:6800:4006:802::200e]
Found: directory.google.com [172.217.25.46, 2404:6800:4006:802::200e]
Found: translate.google.com [172.217.25.46, 2404:6800:4006:802::200e]
Found: music.google.com [172.217.25.46, 2404:6800:4006:802::200e]
Found: mail.google.com [172.217.25.37, 2404:6800:4006:802::2005]
===============================================================
2019/06/21 11:54:55 Finished
===============================================================DNS通配符检测:
gobuster dns -d 0.0.1.xip.io -w ~/wordlists/subdomains.txt
===============================================================
Gobuster v3.0.1
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@_FireFart_)
===============================================================
[+] Mode : dns
[+] Url/Domain : 0.0.1.xip.io
[+] Threads : 10
[+] Wordlist : /home/oj/wordlists/subdomains.txt
===============================================================
2019/06/21 12:13:48 Starting gobuster
===============================================================
2019/06/21 12:13:48 [-] Wildcard DNS found. IP address(es): 1.0.0.0
2019/06/21 12:13:48 [!] To force processing of Wildcard DNS, specify the '--wildcard' switch.
===============================================================
2019/06/21 12:13:48 Finished
===============================================================vhost模式
命令行运行:
gobuster vhost -u https://mysite.com -w common-vhosts.txt常规样本运行结果:
gobuster vhost -u https://mysite.com -w common-vhosts.txt
===============================================================
Gobuster v3.0.1
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@_FireFart_)
===============================================================
[+] Url: https://mysite.com
[+] Threads: 10
[+] Wordlist: common-vhosts.txt
[+] User Agent: gobuster/3.0.1
[+] Timeout: 10s
===============================================================
2019/06/21 08:36:00 Starting gobuster
===============================================================
Found: www.mysite.com
Found: piwik.mysite.com
Found: mail.mysite.com
===============================================================
2019/06/21 08:36:05 Finished
===============================================================