xxxxxxxxxx
# sudo apt install gobuster
gobuster dir --url http://MACHINE_IP/ -w wordlist.txt
xxxxxxxxxx
gobuster dir -u http://<ip>:3333 -w <word list location>
#world lists are in
/usr/share/wordlists
GoBuster Flags
-e Prints url in console
-u Url of machine
-w path to wordlist
-U username
-P password
-p<x> Request Proxy
-c<http cookie> Cookie for simulated authentication
xxxxxxxxxx
it is a tool used to brute force urls.
!!!it is quite aggressiv use carfully against websites you dont have permission to!!!
# Syntax
gobuster dir -u [target ip] -w [wordlist]
# Example
gobuster dir -u 192.168.0.1 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt
gobuster
xxxxxxxxxx
ubuntu@tryhackme:~/Desktop$ gobuster -u http://fakebank.com -w wordlist.txt dir =====================================================
Gobuster v2.0.1
=====================================================
[+] Mode : dir
[+] Url/Domain : http://fakebank.com/
[+] Threads : 10
[+] Wordlist : wordlist.txt
[+] Status codes : 200,204,301,302,307,403
[+] Timeout : 10s
=====================================================
2022/04/11 18:23:28 Starting gobuster
=====================================================
/images (Status: 301)
/DIRECTORY_NAME_OUTPUT (Status: 200)
=====================================================
2022/04/11 18:23:38 Finished
=====================================================
xxxxxxxxxx
# To find hidden directories in a website, use gobuster in the terminal:
gobuster -u http://website.com -w wordlist.txt directories
Gobuster is a popular open-source tool used for directory and DNS subdomain brute-forcing. Gobuster works by sending a series of HTTP or DNS requests to a target server and analyzing the responses received. It systematically tries different directory or subdomain names, allowing users to enumerate existing directories, files, or subdomains that might not be easily discoverable through regular web browsing.
xxxxxxxxxx
$ gobuster -h
Usage:
gobuster [command]
Available commands:
dir Uses directory/file enumeration mode
dns Uses DNS subdomain enumeration mode
fuzz Uses fuzzing mode
help Help about any command
s3 Uses aws bucket enumeration mode
version shows the current version
vhost Uses VHOST enumeration mode
Flags:
--delay duration Time each thread waits between requests (e.g. 1500ms)
-h, --help help for gobuster
--no-error Don't display errors
-z, --no-progress Don't display progress
-o, --output string Output file to write results to (defaults to stdout)
-p, --pattern string File containing replacement patters
-q, --quiet Don't print the banner and other noise
-t, --threads int Number of concurrent threads (default 10)
-v, --verbose Verbose output (errors)
-w, --wordlist string Path to the wordlist
xxxxxxxxxx
user@machine$ gobuster dir --url http://10.10.82.162/ -w /usr/share/wordlists/SecLists/Discovery/Web-Content/common.txt