Import Upstream version 2.0.1
Sophie Brun
5 years ago
0 | TARGET=./build | |
1 | OSES=darwin linux windows | |
2 | ARCHS=amd64 386 | |
3 | ||
4 | current: outputdir | |
5 | @go build -o ./gobuster; \ | |
6 | echo "Done." | |
7 | ||
8 | outputdir: | |
9 | @mkdir -p ${TARGET} | |
10 | ||
11 | windows: outputdir | |
12 | @for GOARCH in ${ARCHS}; do \ | |
13 | echo "Building for windows $${GOARCH} ..." ; \ | |
14 | GOOS=windows GARCH=$${GOARCH} go build -o ${TARGET}/gobuster-$${GOARCH}.exe ; \ | |
15 | done; \ | |
16 | echo "Done." | |
17 | ||
18 | linux: outputdir | |
19 | @for GOARCH in ${ARCHS}; do \ | |
20 | echo "Building for linux $${GOARCH} ..." ; \ | |
21 | GOOS=linux GARCH=$${GOARCH} go build -o ${TARGET}/gobuster-linux-$${GOARCH} ; \ | |
22 | done; \ | |
23 | echo "Done." | |
24 | ||
25 | darwin: outputdir | |
26 | @for GOARCH in ${ARCHS}; do \ | |
27 | echo "Building for darwin $${GOARCH} ..." ; \ | |
28 | GOOS=darwin GARCH=$${GOARCH} go build -o ${TARGET}/gobuster-darwin-$${GOARCH} ; \ | |
29 | done; \ | |
30 | echo "Done." | |
31 | ||
32 | ||
33 | all: darwin linux windows | |
34 | ||
35 | test: | |
36 | @go test -v -race ./... ; \ | |
37 | echo "Done." | |
38 | ||
39 | clean: | |
40 | @rm -rf ${TARGET}/* ; \ | |
41 | echo "Done." |
0 | Gobuster v2.0.0 (OJ Reeves @TheColonial) | |
0 | Gobuster v2.0.1 (OJ Reeves @TheColonial) | |
1 | 1 | ======================================== |
2 | 2 | |
3 | 3 | Gobuster is a tool used to brute-force: |
77 | 77 | ``` |
78 | 78 | gobuster $ go install |
79 | 79 | ``` |
80 | If you have all the dependencies already, you can make use of the build scripts: | |
81 | * `make` - builds for the current Go configuration (ie. runs `go build`). | |
82 | * `make windows` - builds 32 and 64 bit binaries for windows, and writes them to the `build` subfolder. | |
83 | * `make linux` - builds 32 and 64 bit binaries for linux, and writes them to the `build` subfolder. | |
84 | * `make darwin` - builds 32 and 64 bit binaries for darwin, and writes them to the `build` subfolder. | |
85 | * `make all` - builds for all platforms and architectures, and writes the resulting binaries to the `build` subfolder. | |
86 | * `make clean` - clears out the `build` subfolder. | |
87 | * `make test` - runs the tests (requires you to `go get githubcom/h2non/gock` first). | |
80 | 88 | |
81 | 89 | #### Running as a script |
82 | 90 | ``` |
103 | 111 | $ gobuster -u https://buffered.io -w ~/wordlists/shortlist.txt |
104 | 112 | |
105 | 113 | ===================================================== |
106 | Gobuster v2.0.0 OJ Reeves (@TheColonial) | |
114 | Gobuster v2.0.1 OJ Reeves (@TheColonial) | |
107 | 115 | ===================================================== |
108 | 116 | [+] Mode : dir |
109 | 117 | [+] Url/Domain : https://buffered.io/ |
127 | 135 | $ gobuster -u https://buffered.io -w ~/wordlists/shortlist.txt -n |
128 | 136 | |
129 | 137 | ===================================================== |
130 | Gobuster v2.0.0 OJ Reeves (@TheColonial) | |
138 | Gobuster v2.0.1 OJ Reeves (@TheColonial) | |
131 | 139 | ===================================================== |
132 | 140 | [+] Mode : dir |
133 | 141 | [+] Url/Domain : https://buffered.io/ |
152 | 160 | $ gobuster -u https://buffered.io -w ~/wordlists/shortlist.txt -v |
153 | 161 | |
154 | 162 | ===================================================== |
155 | Gobuster v2.0.0 OJ Reeves (@TheColonial) | |
163 | Gobuster v2.0.1 OJ Reeves (@TheColonial) | |
156 | 164 | ===================================================== |
157 | 165 | [+] Mode : dir |
158 | 166 | [+] Url/Domain : https://buffered.io/ |
179 | 187 | $ gobuster -u https://buffered.io -w ~/wordlists/shortlist.txt -l |
180 | 188 | |
181 | 189 | ===================================================== |
182 | Gobuster v2.0.0 OJ Reeves (@TheColonial) | |
190 | Gobuster v2.0.1 OJ Reeves (@TheColonial) | |
183 | 191 | ===================================================== |
184 | 192 | [+] Mode : dir |
185 | 193 | [+] Url/Domain : https://buffered.io/ |
219 | 227 | $ gobuster -m dns -w ~/wordlists/subdomains.txt -u google.com |
220 | 228 | |
221 | 229 | ===================================================== |
222 | Gobuster v2.0.0 OJ Reeves (@TheColonial) | |
230 | Gobuster v2.0.1 OJ Reeves (@TheColonial) | |
223 | 231 | ===================================================== |
224 | 232 | [+] Mode : dns |
225 | 233 | [+] Url/Domain : google.com |
255 | 263 | $ gobuster -m dns -w ~/wordlists/subdomains.txt -u google.com -i |
256 | 264 | |
257 | 265 | ===================================================== |
258 | Gobuster v2.0.0 OJ Reeves (@TheColonial) | |
266 | Gobuster v2.0.1 OJ Reeves (@TheColonial) | |
259 | 267 | ===================================================== |
260 | 268 | [+] Mode : dns |
261 | 269 | [+] Url/Domain : google.com |
291 | 299 | $ gobuster -m dns -w ~/wordlists/subdomains.txt -u yp.to -i |
292 | 300 | |
293 | 301 | ===================================================== |
294 | Gobuster v2.0.0 OJ Reeves (@TheColonial) | |
302 | Gobuster v2.0.1 OJ Reeves (@TheColonial) | |
295 | 303 | ===================================================== |
296 | 304 | [+] Mode : dns |
297 | 305 | [+] Url/Domain : yp.to |
311 | 319 | $ gobuster -m dns -w ~/wordlists/subdomains.txt -u 0.0.1.xip.io |
312 | 320 | |
313 | 321 | ===================================================== |
314 | Gobuster v2.0.0 OJ Reeves (@TheColonial) | |
322 | Gobuster v2.0.1 OJ Reeves (@TheColonial) | |
315 | 323 | ===================================================== |
316 | 324 | [+] Mode : dns |
317 | 325 | [+] Url/Domain : 0.0.1.xip.io |
331 | 339 | $ gobuster -m dns -w ~/wordlists/subdomains.txt -u 0.0.1.xip.io -fw |
332 | 340 | |
333 | 341 | ===================================================== |
334 | Gobuster v2.0.0 OJ Reeves (@TheColonial) | |
342 | Gobuster v2.0.1 OJ Reeves (@TheColonial) | |
335 | 343 | ===================================================== |
336 | 344 | [+] Mode : dns |
337 | 345 | [+] Url/Domain : 0.0.1.xip.io |
3 | 3 | "bytes" |
4 | 4 | "fmt" |
5 | 5 | "log" |
6 | "net" | |
7 | 6 | "strings" |
8 | 7 | |
9 | 8 | "github.com/OJ/gobuster/libgobuster" |
17 | 16 | func (d GobusterDNS) Setup(g *libgobuster.Gobuster) error { |
18 | 17 | // Resolve a subdomain sthat probably shouldn't exist |
19 | 18 | guid := uuid.New() |
20 | wildcardIps, err := net.LookupHost(fmt.Sprintf("%s.%s", guid, g.Opts.URL)) | |
19 | wildcardIps, err := g.DNSLookup(fmt.Sprintf("%s.%s", guid, g.Opts.URL)) | |
21 | 20 | if err == nil { |
22 | 21 | g.IsWildcard = true |
23 | 22 | g.WildcardIps.AddRange(wildcardIps) |
29 | 28 | |
30 | 29 | if !g.Opts.Quiet { |
31 | 30 | // Provide a warning if the base domain doesn't resolve (in case of typo) |
32 | _, err = net.LookupHost(g.Opts.URL) | |
31 | _, err = g.DNSLookup(g.Opts.URL) | |
33 | 32 | if err != nil { |
34 | 33 | // Not an error, just a warning. Eg. `yp.to` doesn't resolve, but `cr.py.to` does! |
35 | 34 | log.Printf("[-] Unable to validate base domain: %s", g.Opts.URL) |
42 | 41 | // Process is the process implementation of gobusterdns |
43 | 42 | func (d GobusterDNS) Process(g *libgobuster.Gobuster, word string) ([]libgobuster.Result, error) { |
44 | 43 | subdomain := fmt.Sprintf("%s.%s", word, g.Opts.URL) |
45 | ips, err := net.LookupHost(subdomain) | |
44 | ips, err := g.DNSLookup(subdomain) | |
46 | 45 | var ret []libgobuster.Result |
47 | 46 | if err == nil { |
48 | 47 | if !g.IsWildcard || !g.WildcardIps.ContainsAny(ips) { |
52 | 51 | if g.Opts.ShowIPs { |
53 | 52 | result.Extra = strings.Join(ips, ", ") |
54 | 53 | } else if g.Opts.ShowCNAME { |
55 | cname, err := net.LookupCNAME(subdomain) | |
54 | cname, err := g.DNSLookupCname(subdomain) | |
56 | 55 | if err == nil { |
57 | 56 | result.Extra = cname |
58 | 57 | } |
4 | 4 | "bytes" |
5 | 5 | "context" |
6 | 6 | "fmt" |
7 | "net" | |
7 | 8 | "os" |
8 | 9 | "strings" |
9 | 10 | "sync" |
11 | 12 | |
12 | 13 | const ( |
13 | 14 | // VERSION contains the current gobuster version |
14 | VERSION = "2.0.0" | |
15 | VERSION = "2.0.1" | |
15 | 16 | ) |
16 | 17 | |
17 | 18 | // SetupFunc is the "setup" function prototype for implementations |
110 | 111 | // GetRequest issues a GET request to the target and returns |
111 | 112 | // the status code, length and an error |
112 | 113 | func (g *Gobuster) GetRequest(url string) (*int, *int64, error) { |
113 | g.incrementRequests() | |
114 | 114 | return g.http.makeRequest(url, g.Opts.Cookies) |
115 | } | |
116 | ||
117 | // DNSLookup looks up a domain via system default DNS servers | |
118 | func (g *Gobuster) DNSLookup(domain string) ([]string, error) { | |
119 | return net.LookupHost(domain) | |
120 | } | |
121 | ||
122 | // DNSLookupCname looks up a CNAME record via system default DNS servers | |
123 | func (g *Gobuster) DNSLookupCname(domain string) (string, error) { | |
124 | return net.LookupCNAME(domain) | |
115 | 125 | } |
116 | 126 | |
117 | 127 | func (g *Gobuster) worker(wordChan <-chan string, wg *sync.WaitGroup) { |
125 | 135 | if !ok { |
126 | 136 | return |
127 | 137 | } |
138 | g.incrementRequests() | |
128 | 139 | // Mode-specific processing |
129 | 140 | res, err := g.plugin.Process(g, word) |
130 | 141 | if err != nil { |
156 | 167 | return nil, fmt.Errorf("failed to get number of lines: %v", err) |
157 | 168 | } |
158 | 169 | |
159 | // mutiply by extensions to get the total number of requests | |
160 | if len(g.Opts.ExtensionsParsed.Set) > 0 { | |
161 | lines = lines + (lines * len(g.Opts.ExtensionsParsed.Set)) | |
162 | } | |
163 | 170 | g.requestsExpected = lines |
164 | 171 | g.requestsIssued = 0 |
165 | 172 |
0 | @echo off | |
1 | ||
2 | SET ARG=%1 | |
3 | SET TARGET=.\build | |
4 | ||
5 | IF "%ARG%"=="test" ( | |
6 | go test -v -race ./... | |
7 | echo Done. | |
8 | GOTO Done | |
9 | ) | |
10 | ||
11 | IF "%ARG%"=="clean" ( | |
12 | del /F /Q %TARGET%\*.* | |
13 | echo Done. | |
14 | GOTO Done | |
15 | ) | |
16 | ||
17 | IF "%ARG%"=="windows" ( | |
18 | CALL :Windows | |
19 | GOTO Done | |
20 | ) | |
21 | ||
22 | IF "%ARG%"=="darwin" ( | |
23 | CALL :Darwin | |
24 | GOTO Done | |
25 | ) | |
26 | ||
27 | IF "%ARG%"=="linux" ( | |
28 | CALL :Linux | |
29 | GOTO Done | |
30 | ) | |
31 | ||
32 | IF "%ARG%"=="all" ( | |
33 | CALL :Darwin | |
34 | CALL :Linux | |
35 | CALL :Windows | |
36 | GOTO Done | |
37 | ) | |
38 | ||
39 | IF "%ARG%"=="" ( | |
40 | go build -o .\gobuster.exe | |
41 | GOTO Done | |
42 | ) | |
43 | ||
44 | GOTO Done | |
45 | ||
46 | :Darwin | |
47 | set GOOS=darwin | |
48 | set GOARCH=amd64 | |
49 | echo Building for %GOOS% %GOARCH% ... | |
50 | go build -o %TARGET%\gobuster-%GOOS%-%GOARCH% | |
51 | set GOARCH=386 | |
52 | echo Building for %GOOS% %GOARCH% ... | |
53 | go build -o %TARGET%\gobuster-%GOOS%-%GOARCH% | |
54 | echo Done. | |
55 | EXIT /B 0 | |
56 | ||
57 | :Linux | |
58 | set GOOS=linux | |
59 | set GOARCH=amd64 | |
60 | echo Building for %GOOS% %GOARCH% ... | |
61 | go build -o %TARGET%\gobuster-%GOOS%-%GOARCH% | |
62 | set GOARCH=386 | |
63 | echo Building for %GOOS% %GOARCH% ... | |
64 | go build -o %TARGET%\gobuster-%GOOS%-%GOARCH% | |
65 | echo Done. | |
66 | EXIT /B 0 | |
67 | ||
68 | :Windows | |
69 | set GOOS=windows | |
70 | set GOARCH=amd64 | |
71 | echo Building for %GOOS% %GOARCH% ... | |
72 | go build -o %TARGET%\gobuster-%GOARCH%.exe | |
73 | set GOARCH=386 | |
74 | echo Building for %GOOS% %GOARCH% ... | |
75 | go build -o %TARGET%\gobuster-%GOARCH%.exe | |
76 | echo Done. | |
77 | EXIT /B 0 | |
78 | ||
79 | :Done |