Codebase list gobuster / 70611cb
Merge branch 'debian' into kali/master Sophie Brun 4 years ago
17 changed file(s) with 302 addition(s) and 70 deletion(s). Raw diff Collapse all Expand all
+2
-1
.gitignore less more
2424 *.txt
2525 *.swp
2626
27 gobuster
27 gobuster
28 build
+42
-0
Makefile less more
0 TARGET=./build
1 OSES=darwin linux windows
2 ARCHS=amd64 386
3
4 current: outputdir
5 @go build -o ./gobuster; \
6 echo "Done."
7
8 outputdir:
9 @mkdir -p ${TARGET}
10
11 windows: outputdir
12 @for GOARCH in ${ARCHS}; do \
13 echo "Building for windows $${GOARCH} ..." ; \
14 GOOS=windows GARCH=$${GOARCH} go build -o ${TARGET}/gobuster-$${GOARCH}.exe ; \
15 done; \
16 echo "Done."
17
18 linux: outputdir
19 @for GOARCH in ${ARCHS}; do \
20 echo "Building for linux $${GOARCH} ..." ; \
21 GOOS=linux GARCH=$${GOARCH} go build -o ${TARGET}/gobuster-linux-$${GOARCH} ; \
22 done; \
23 echo "Done."
24
25 darwin: outputdir
26 @for GOARCH in ${ARCHS}; do \
27 echo "Building for darwin $${GOARCH} ..." ; \
28 GOOS=darwin GARCH=$${GOARCH} go build -o ${TARGET}/gobuster-darwin-$${GOARCH} ; \
29 done; \
30 echo "Done."
31
32
33 all: darwin linux windows
34
35 test:
36 @go test -v -race ./... ; \
37 echo "Done."
38
39 clean:
40 @rm -rf ${TARGET}/* ; \
41 echo "Done."
+18
-10
README.md less more
0 Gobuster v2.0.0 (OJ Reeves @TheColonial)
0 Gobuster v2.0.1 (OJ Reeves @TheColonial)
11 ========================================
22
33 Gobuster is a tool used to brute-force:
7777 ```
7878 gobuster $ go install
7979 ```
80 If you have all the dependencies already, you can make use of the build scripts:
81 * `make` - builds for the current Go configuration (ie. runs `go build`).
82 * `make windows` - builds 32 and 64 bit binaries for windows, and writes them to the `build` subfolder.
83 * `make linux` - builds 32 and 64 bit binaries for linux, and writes them to the `build` subfolder.
84 * `make darwin` - builds 32 and 64 bit binaries for darwin, and writes them to the `build` subfolder.
85 * `make all` - builds for all platforms and architectures, and writes the resulting binaries to the `build` subfolder.
86 * `make clean` - clears out the `build` subfolder.
87 * `make test` - runs the tests (requires you to `go get githubcom/h2non/gock` first).
8088
8189 #### Running as a script
8290 ```
103111 $ gobuster -u https://buffered.io -w ~/wordlists/shortlist.txt
104112
105113 =====================================================
106 Gobuster v2.0.0 OJ Reeves (@TheColonial)
114 Gobuster v2.0.1 OJ Reeves (@TheColonial)
107115 =====================================================
108116 [+] Mode : dir
109117 [+] Url/Domain : https://buffered.io/
127135 $ gobuster -u https://buffered.io -w ~/wordlists/shortlist.txt -n
128136
129137 =====================================================
130 Gobuster v2.0.0 OJ Reeves (@TheColonial)
138 Gobuster v2.0.1 OJ Reeves (@TheColonial)
131139 =====================================================
132140 [+] Mode : dir
133141 [+] Url/Domain : https://buffered.io/
152160 $ gobuster -u https://buffered.io -w ~/wordlists/shortlist.txt -v
153161
154162 =====================================================
155 Gobuster v2.0.0 OJ Reeves (@TheColonial)
163 Gobuster v2.0.1 OJ Reeves (@TheColonial)
156164 =====================================================
157165 [+] Mode : dir
158166 [+] Url/Domain : https://buffered.io/
179187 $ gobuster -u https://buffered.io -w ~/wordlists/shortlist.txt -l
180188
181189 =====================================================
182 Gobuster v2.0.0 OJ Reeves (@TheColonial)
190 Gobuster v2.0.1 OJ Reeves (@TheColonial)
183191 =====================================================
184192 [+] Mode : dir
185193 [+] Url/Domain : https://buffered.io/
219227 $ gobuster -m dns -w ~/wordlists/subdomains.txt -u google.com
220228
221229 =====================================================
222 Gobuster v2.0.0 OJ Reeves (@TheColonial)
230 Gobuster v2.0.1 OJ Reeves (@TheColonial)
223231 =====================================================
224232 [+] Mode : dns
225233 [+] Url/Domain : google.com
255263 $ gobuster -m dns -w ~/wordlists/subdomains.txt -u google.com -i
256264
257265 =====================================================
258 Gobuster v2.0.0 OJ Reeves (@TheColonial)
266 Gobuster v2.0.1 OJ Reeves (@TheColonial)
259267 =====================================================
260268 [+] Mode : dns
261269 [+] Url/Domain : google.com
291299 $ gobuster -m dns -w ~/wordlists/subdomains.txt -u yp.to -i
292300
293301 =====================================================
294 Gobuster v2.0.0 OJ Reeves (@TheColonial)
302 Gobuster v2.0.1 OJ Reeves (@TheColonial)
295303 =====================================================
296304 [+] Mode : dns
297305 [+] Url/Domain : yp.to
311319 $ gobuster -m dns -w ~/wordlists/subdomains.txt -u 0.0.1.xip.io
312320
313321 =====================================================
314 Gobuster v2.0.0 OJ Reeves (@TheColonial)
322 Gobuster v2.0.1 OJ Reeves (@TheColonial)
315323 =====================================================
316324 [+] Mode : dns
317325 [+] Url/Domain : 0.0.1.xip.io
331339 $ gobuster -m dns -w ~/wordlists/subdomains.txt -u 0.0.1.xip.io -fw
332340
333341 =====================================================
334 Gobuster v2.0.0 OJ Reeves (@TheColonial)
342 Gobuster v2.0.1 OJ Reeves (@TheColonial)
335343 =====================================================
336344 [+] Mode : dns
337345 [+] Url/Domain : 0.0.1.xip.io
+19
-0
debian/changelog less more
0 gobuster (2.0.1-1) unstable; urgency=medium
1
2 [ Ondřej Nový ]
3 * d/control: Remove trailing whitespaces
4
5 [ Alexander Fischer ]
6 * New upstream version 2.0.1
7 * remove patch
8 * changed uuid library dependency
9 * removed test file due to missing dependency in debian
10
11 -- Alexander Fischer <[email protected]> Sun, 03 Feb 2019 14:03:01 +0100
12
013 gobuster (2.0.0-0kali1) kali-dev; urgency=medium
114
215 * Import new upstream release (see 4939)
316
417 -- Sophie Brun <[email protected]> Wed, 29 Aug 2018 16:45:17 +0200
18
19 gobuster (1.4.1-1) unstable; urgency=medium
20
21 * Initial release (Closes: #897628)
22
23 -- Alexander Fischer <[email protected]> Thu, 03 May 2018 17:55:25 +0200
524
625 gobuster (1.2-0kali1) kali-dev; urgency=medium
726
+1
-1
debian/compat less more
0 9
0 11
+12
-20
debian/control less more
00 Source: gobuster
1 Section: net
1 Section: utils
22 Priority: optional
33 Maintainer: Kali Developers <[email protected]>
44 Uploaders: Sophie Brun <[email protected]>
5 Build-Depends: debhelper (>=9),
6 golang-go (>= 1.4),
5 Build-Depends: debhelper (>= 11),
76 dh-golang,
8 golang-golang-x-crypto-dev,
9 golang-github-satori-go.uuid-dev,
10 golang-github-hashicorp-go-multierror-dev,
11 golang-github-google-uuid-dev,
7 golang-any,
8 golang-github-hashicorp-go-multierror-dev,
9 golang-github-google-uuid-dev,
10 golang-golang-x-crypto-dev
1211 Standards-Version: 4.2.1
1312 Homepage: https://github.com/OJ/gobuster
1413 Vcs-Git: git://git.kali.org/packages/gobuster.git
1514 Vcs-Browser: http://git.kali.org/gitweb/?p=packages/gobuster.git;a=summary
1615 XS-Go-Import-Path: gobuster
16 Testsuite: autopkgtest-pkg-go
1717
1818 Package: gobuster
1919 Architecture: any
20 Depends: ${shlibs:Depends}, ${misc:Depends}
2120 Built-Using: ${misc:Built-Using}
22 Description: Directory/file and DNS busting tool written in Go
23 This package contains an alternative directory and file busting tool written
24 in Go. Why:
25 * something that didn't have a fat Java GUI (console FTW).
26 * to build something that just worked on the command line.
27 * something that did not do recursive brute force.
28 * something that allowed to brute force folders and multiple
29 extensions at once.
30 * something that compiled to native on multiple platforms.
31 * something that was faster than an interpreted script (such as Python).
32 * something that didn't require a runtime.
33 * use something that was good with concurrency (hence Go).
21 Depends: ${misc:Depends},
22 ${shlibs:Depends}
23 Description: Directory/file & DNS busting tool written in Go
24 Gobuster is a tool used to brute-force URIs including directories and
25 files as well as DNS subdomains.
+9
-5
debian/copyright less more
00 Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
11 Upstream-Name: gobuster
22 Source: https://github.com/OJ/gobuster
3 Files-Excluded:
4 Godeps/_workspace
35
46 Files: *
5 Copyright: OJ Reeves
7 Copyright: 2014 OJ Reeves
68 License: Apache-2.0
79
810 Files: debian/*
9 Copyright: 2016 Sophie Brun <[email protected]>
11 Copyright: 2018 Alexander Fischer <[email protected]>
12 2016-2019 Sophie Brun <[email protected]>
1013 License: Apache-2.0
14 Comment: Debian packaging is licensed under the same terms as upstream
1115
1216 License: Apache-2.0
1317 Licensed under the Apache License, Version 2.0 (the "License");
1418 you may not use this file except in compliance with the License.
1519 You may obtain a copy of the License at
1620 .
17 http://www.apache.org/licenses/LICENSE-2.0
21 http://www.apache.org/licenses/LICENSE-2.0
1822 .
1923 Unless required by applicable law or agreed to in writing, software
2024 distributed under the License is distributed on an "AS IS" BASIS,
2226 See the License for the specific language governing permissions and
2327 limitations under the License.
2428 .
25 On Debian systems, the complete text of the Apache License version 2.0 can
26 be found in "/usr/share/common-licenses/Apache-2.0".
29 On Debian systems, the complete text of the Apache version 2.0 license
30 can be found in "/usr/share/common-licenses/Apache-2.0".
+2
-0
debian/gbp.conf less more
0 [DEFAULT]
1 pristine-tar = True
+88
-0
debian/gobuster.1 less more
0 .\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6.
1 .TH GOBUSTER "1" "May 2018" "gobuster 1.4.1" "User Commands"
2 .SH NAME
3 gobuster \- Directory/file & DNS busting tool
4 .SH DESCRIPTION
5 .HP
6 \fB\-P\fR string
7 .IP
8 Password for Basic Auth (dir mode only)
9 .HP
10 \fB\-U\fR string
11 .IP
12 Username for Basic Auth (dir mode only)
13 .HP
14 \fB\-a\fR string
15 .IP
16 Set the User\-Agent string (dir mode only)
17 .HP
18 \fB\-c\fR string
19 .IP
20 Cookies to use for the requests (dir mode only)
21 .HP
22 \fB\-cn\fR
23 .IP
24 Show CNAME records (dns mode only, cannot be used with '\-i' option)
25 .TP
26 \fB\-e\fR
27 Expanded mode, print full URLs
28 .TP
29 \fB\-f\fR
30 Append a forward\-slash to each directory request (dir mode only)
31 .HP
32 \fB\-fw\fR
33 .IP
34 Force continued operation when wildcard found
35 .TP
36 \fB\-i\fR
37 Show IP addresses (dns mode only)
38 .TP
39 \fB\-k\fR
40 Skip SSL certificate verification
41 .TP
42 \fB\-l\fR
43 Include the length of the body in the output (dir mode only)
44 .HP
45 \fB\-m\fR string
46 .IP
47 Directory/File mode (dir) or DNS mode (dns) (default "dir")
48 .TP
49 \fB\-n\fR
50 Don't print status codes
51 .HP
52 \fB\-o\fR string
53 .IP
54 Output file to write results to (defaults to stdout)
55 .HP
56 \fB\-p\fR string
57 .IP
58 Proxy to use for requests [http(s)://host:port] (dir mode only)
59 .TP
60 \fB\-q\fR
61 Don't print the banner and other noise
62 .TP
63 \fB\-r\fR
64 Follow redirects
65 .HP
66 \fB\-s\fR string
67 .IP
68 Positive status codes (dir mode only) (default "200,204,301,302,307")
69 .HP
70 \fB\-t\fR int
71 .IP
72 Number of concurrent threads (default 10)
73 .HP
74 \fB\-u\fR string
75 .IP
76 The target URL or Domain
77 .TP
78 \fB\-v\fR
79 Verbose output (errors)
80 .HP
81 \fB\-w\fR string
82 .IP
83 Path to the wordlist
84 .HP
85 \fB\-x\fR string
86 .IP
87 File extension(s) to search for (dir mode only)
+1
-0
debian/gobuster.manpages less more
0 debian/gobuster.1
+7
-7
debian/rules less more
00 #!/usr/bin/make -f
11
2 export DH_GOPKG := github.com/OJ/gobuster
2 override_dh_auto_install:
3 dh_auto_install -- --no-source
4 %:
5 dh $@ --buildsystem=golang --with=golang
36
4 %:
5 dh $@ --buildsystem=golang --with=golang
6
7 override_dh_auto_install:
8 dh_auto_install --buildsystem=golang
9 rm -rf debian/gobuster/usr/share/gocode
7 override_dh_auto_build:
8 dh_auto_build
9 rm -f obj-*/src/github.com/OJ/gobuster/libgobuster/http_test.go
+4
-3
debian/watch less more
0 version=4
1 opts="filenamemangle=s/.*\/v(\d[\d.]*)\.tar\.gz/gobuster-$1.tar.gz/" \
2 https://github.com/OJ/gobuster/tags .*/v?(\d[\d.]*)\.tar\.gz debian uupdate
0 version=3
1 opts=filenamemangle=s/.+\/v?(\d\S*)\.tar\.gz/gobuster-\$1\.tar\.gz/,\
2 uversionmangle=s/(\d)[_\.\-\+]?(RC|rc|pre|dev|beta|alpha)[.]?(\d*)$/\$1~\$2\$3/ \
3 https://github.com/OJ/gobuster/tags .*/v?(\d\S*)\.tar\.gz
+4
-5
gobusterdns/gobusterdns.go less more
33 "bytes"
44 "fmt"
55 "log"
6 "net"
76 "strings"
87
98 "github.com/OJ/gobuster/libgobuster"
1716 func (d GobusterDNS) Setup(g *libgobuster.Gobuster) error {
1817 // Resolve a subdomain sthat probably shouldn't exist
1918 guid := uuid.New()
20 wildcardIps, err := net.LookupHost(fmt.Sprintf("%s.%s", guid, g.Opts.URL))
19 wildcardIps, err := g.DNSLookup(fmt.Sprintf("%s.%s", guid, g.Opts.URL))
2120 if err == nil {
2221 g.IsWildcard = true
2322 g.WildcardIps.AddRange(wildcardIps)
2928
3029 if !g.Opts.Quiet {
3130 // Provide a warning if the base domain doesn't resolve (in case of typo)
32 _, err = net.LookupHost(g.Opts.URL)
31 _, err = g.DNSLookup(g.Opts.URL)
3332 if err != nil {
3433 // Not an error, just a warning. Eg. `yp.to` doesn't resolve, but `cr.py.to` does!
3534 log.Printf("[-] Unable to validate base domain: %s", g.Opts.URL)
4241 // Process is the process implementation of gobusterdns
4342 func (d GobusterDNS) Process(g *libgobuster.Gobuster, word string) ([]libgobuster.Result, error) {
4443 subdomain := fmt.Sprintf("%s.%s", word, g.Opts.URL)
45 ips, err := net.LookupHost(subdomain)
44 ips, err := g.DNSLookup(subdomain)
4645 var ret []libgobuster.Result
4746 if err == nil {
4847 if !g.IsWildcard || !g.WildcardIps.ContainsAny(ips) {
5251 if g.Opts.ShowIPs {
5352 result.Extra = strings.Join(ips, ", ")
5453 } else if g.Opts.ShowCNAME {
55 cname, err := net.LookupCNAME(subdomain)
54 cname, err := g.DNSLookupCname(subdomain)
5655 if err == nil {
5756 result.Extra = cname
5857 }
+13
-6
libgobuster/libgobuster.go less more
44 "bytes"
55 "context"
66 "fmt"
7 "net"
78 "os"
89 "strings"
910 "sync"
1112
1213 const (
1314 // VERSION contains the current gobuster version
14 VERSION = "2.0.0"
15 VERSION = "2.0.1"
1516 )
1617
1718 // SetupFunc is the "setup" function prototype for implementations
110111 // GetRequest issues a GET request to the target and returns
111112 // the status code, length and an error
112113 func (g *Gobuster) GetRequest(url string) (*int, *int64, error) {
113 g.incrementRequests()
114114 return g.http.makeRequest(url, g.Opts.Cookies)
115 }
116
117 // DNSLookup looks up a domain via system default DNS servers
118 func (g *Gobuster) DNSLookup(domain string) ([]string, error) {
119 return net.LookupHost(domain)
120 }
121
122 // DNSLookupCname looks up a CNAME record via system default DNS servers
123 func (g *Gobuster) DNSLookupCname(domain string) (string, error) {
124 return net.LookupCNAME(domain)
115125 }
116126
117127 func (g *Gobuster) worker(wordChan <-chan string, wg *sync.WaitGroup) {
125135 if !ok {
126136 return
127137 }
138 g.incrementRequests()
128139 // Mode-specific processing
129140 res, err := g.plugin.Process(g, word)
130141 if err != nil {
156167 return nil, fmt.Errorf("failed to get number of lines: %v", err)
157168 }
158169
159 // mutiply by extensions to get the total number of requests
160 if len(g.Opts.ExtensionsParsed.Set) > 0 {
161 lines = lines + (lines * len(g.Opts.ExtensionsParsed.Set))
162 }
163170 g.requestsExpected = lines
164171 g.requestsIssued = 0
165172
+80
-0
make.bat less more
0 @echo off
1
2 SET ARG=%1
3 SET TARGET=.\build
4
5 IF "%ARG%"=="test" (
6 go test -v -race ./...
7 echo Done.
8 GOTO Done
9 )
10
11 IF "%ARG%"=="clean" (
12 del /F /Q %TARGET%\*.*
13 echo Done.
14 GOTO Done
15 )
16
17 IF "%ARG%"=="windows" (
18 CALL :Windows
19 GOTO Done
20 )
21
22 IF "%ARG%"=="darwin" (
23 CALL :Darwin
24 GOTO Done
25 )
26
27 IF "%ARG%"=="linux" (
28 CALL :Linux
29 GOTO Done
30 )
31
32 IF "%ARG%"=="all" (
33 CALL :Darwin
34 CALL :Linux
35 CALL :Windows
36 GOTO Done
37 )
38
39 IF "%ARG%"=="" (
40 go build -o .\gobuster.exe
41 GOTO Done
42 )
43
44 GOTO Done
45
46 :Darwin
47 set GOOS=darwin
48 set GOARCH=amd64
49 echo Building for %GOOS% %GOARCH% ...
50 go build -o %TARGET%\gobuster-%GOOS%-%GOARCH%
51 set GOARCH=386
52 echo Building for %GOOS% %GOARCH% ...
53 go build -o %TARGET%\gobuster-%GOOS%-%GOARCH%
54 echo Done.
55 EXIT /B 0
56
57 :Linux
58 set GOOS=linux
59 set GOARCH=amd64
60 echo Building for %GOOS% %GOARCH% ...
61 go build -o %TARGET%\gobuster-%GOOS%-%GOARCH%
62 set GOARCH=386
63 echo Building for %GOOS% %GOARCH% ...
64 go build -o %TARGET%\gobuster-%GOOS%-%GOARCH%
65 echo Done.
66 EXIT /B 0
67
68 :Windows
69 set GOOS=windows
70 set GOARCH=amd64
71 echo Building for %GOOS% %GOARCH% ...
72 go build -o %TARGET%\gobuster-%GOARCH%.exe
73 set GOARCH=386
74 echo Building for %GOOS% %GOARCH% ...
75 go build -o %TARGET%\gobuster-%GOARCH%.exe
76 echo Done.
77 EXIT /B 0
78
79 :Done
+0
-6
make_linux.bat less more
0 @echo off
1 set GOOS=linux
2 set GOARCH=amd64
3
4 go test -v -race ./...
5 go build -o gobuster
+0
-6
make_windows.bat less more
0 @echo off
1 set GOOS=windows
2 set GOARCH=amd64
3
4 go test -v -race ./...
5 go build -o gobuster.exe