Codebase list gobuster / ac42d1f
Imported Upstream version 1.1 Sophie Brun 7 years ago
3 changed file(s) with 128 addition(s) and 52 deletion(s). Raw diff Collapse all Expand all
+34
-25
README.md less more
0 Gobuster v1.0 (OJ Reeves @TheColonial)
0 Gobuster v1.1 (OJ Reeves @TheColonial)
11 ======================================
22
33 Alternative directory and file busting tool written in Go. DNS support recently added after inspiration and effort from [Peleus](https://twitter.com/0x42424242).
2626 ### Common Command line options
2727
2828 * `-m <mode>` - which mode to use, either `dir` or `dns` (default: `dir`)
29 * `-t <threads>` - number of threads to run (default: `10`).
2930 * `-u <url/domain>` - full URL (including scheme), or base domain name.
30 * `-t <threads>` - number of threads to run (default: `10`).
31 * `-v` - verbose output (show all results).
3132 * `-w <wordlist>` - path to the wordlist used for brute forcing.
32 * `-v` - verbose output (show all results).
3333
3434 ### Command line options for `dns` mode
3535
3737
3838 ### Command line options for `dir` mode
3939
40 * `-a <user agent string>` - specify a user agent string to send in the request header
4041 * `-c <http cookies>` - use this to specify any cookies that you might need (simulating auth).
4142 * `-f` - append `/` for directory brute forces.
42 * `-r` - follow redirects.
4343 * `-l` - show the length of the response.
4444 * `-n` - "no status" mode, disables the output of the result's status code.
45 * `-p <proxy url>` - specify a proxy to use for all requests (scheme much match the URL scheme)
4546 * `-q` - disables banner/underline output.
46 * `-e` - expand the results to include the full URL.
47 * `-r` - follow redirects.
4748 * `-s <status codes>` - comma-separated set of the list of status codes to be deemed a "positive" (default: `200,204,301,302,307`).
4849 * `-x <extensions>` - list of extensions to check for, if any.
49 * `-p <proxy url>` - specify a proxy to use for all requests (scheme much match the URL scheme)
50 * `-P <password>` - HTTP Authorization password (Basic Auth only, prompted if missing).
51 * `-U <username>` - HTTP Authorization username (Basic Auth only).
5052
5153 ### Building
5254
5759 gobuster$ go build
5860 ```
5961 This will create a `gobuster` binary for you.
62
6063 #### Running as a script
6164 ```
6265 gobuster$ go run main.go <parameters>
7477 ```
7578 $ ./gobuster -u http://buffered.io/ -w words.txt
7679
77 =====================================================
78 Gobuster v1.0 (DIR support by OJ Reeves @TheColonial)
79 (DNS support by Peleus @0x42424242)
80 Gobuster v1.1 OJ Reeves (@TheColonial)
8081 =====================================================
8182 [+] Mode : dir
8283 [+] Url/Domain : http://buffered.io/
9394 ```
9495 $ ./gobuster -u http://buffered.io/ -w words.txt -n
9596
96 =====================================================
97 Gobuster v1.0 (DIR support by OJ Reeves @TheColonial)
98 (DNS support by Peleus @0x42424242)
97 Gobuster v1.1 OJ Reeves (@TheColonial)
9998 =====================================================
10099 [+] Mode : dir
101100 [+] Url/Domain : http://buffered.io/
113112 ```
114113 $ ./gobuster -u http://buffered.io/ -w words.txt -v
115114
116 =====================================================
117 Gobuster v1.0 (DIR support by OJ Reeves @TheColonial)
118 (DNS support by Peleus @0x42424242)
115 Gobuster v1.1 OJ Reeves (@TheColonial)
119116 =====================================================
120117 [+] Mode : dir
121118 [+] Url/Domain : http://buffered.io/
132129 ```
133130 Example showing content length:
134131 ```
135 =====================================================
136 Gobuster v1.0 (DIR support by OJ Reeves @TheColonial)
137 (DNS support by Peleus @0x42424242)
132 $ ./gobuster -u http://buffered.io/ -w words.txt -l
133
134 Gobuster v1.1 OJ Reeves (@TheColonial)
138135 =====================================================
139136 [+] Mode : dir
140137 [+] Url/Domain : http://buffered.io/
141138 [+] Threads : 10
142139 [+] Wordlist : /tmp/words
143140 [+] Status codes : 301,302,307,200,204
141 [+] Show length : true
144142 =====================================================
145143 /contact (Status: 301)
146144 /posts (Status: 301)
165163 ```
166164 $ ./gobuster -m dns -w subdomains.txt -u google.com
167165
168 =====================================================
169 Gobuster v1.0 (DIR support by OJ Reeves @TheColonial)
170 (DNS support by Peleus @0x42424242)
166 Gobuster v1.1 OJ Reeves (@TheColonial)
171167 =====================================================
172168 [+] Mode : dns
173169 [+] Url/Domain : google.com
198194 ```
199195 $ ./gobuster -m dns -w subdomains.txt -u google.com -i
200196
201 =====================================================
202 Gobuster v1.0 (DIR support by OJ Reeves @TheColonial)
203 (DNS support by Peleus @0x42424242)
197 Gobuster v1.1 OJ Reeves (@TheColonial)
204198 =====================================================
205199 [+] Mode : dns
206200 [+] Url/Domain : google.com
228222 Found: mail.google.com [216.58.220.101, 2404:6800:4006:801::2005]
229223 =====================================================
230224 ```
225 Base domain validation warning when the base domain fails to resolve. This is a warning rather than a failure in case the user fat-fingers while typing the domain.
226 ```
227 $ ./gobuster -m dns -w subdomains.txt -u yp.to -i
228
229 Gobuster v1.1 OJ Reeves (@TheColonial)
230 =====================================================
231 [+] Mode : dns
232 [+] Url/Domain : yp.to
233 [+] Threads : 10
234 [+] Wordlist : /tmp/test.txt
235 =====================================================
236 [!] Unable to validate base domain: yp.to
237 Found: cr.yp.to [131.155.70.11, 131.155.70.13]
238 =====================================================
239 ```
231240
232241 ### License
233242
235244
236245 ### Thanks
237246
238 See the THANKS file.
247 See the THANKS file for people who helped out.
+7
-4
THANKS less more
0 g0tmi1k
1 peleus
2 UID1K
3 averagesecurityguy
0 @0x42424242 - initial DNS support
1 @averagesecurityguy - quiet mode support
2 @g0tmi1k - content length, wordlist and command line parsing fixes
3 @justinsteven - HTTP basic auth support
4 @kevinnz - custom user agent support
5 @viaMorgoth - base domain validation for DNS mode
6 @UID1K - DNS wildcard check support
+87
-23
main.go less more
99 // to native code is also appealing.
1010 //
1111 // Run: gobuster -h
12 //
13 // Please see THANKS file for contributors.
14 // Please see LICENSE file for license details.
15 //
1216 //----------------------------------------------------
1317
1418 import (
1620 "crypto/tls"
1721 "flag"
1822 "fmt"
23 "golang.org/x/crypto/ssh/terminal"
1924 "io/ioutil"
2025 "net"
2126 "net/http"
2429 "strconv"
2530 "strings"
2631 "sync"
32 "syscall"
2733 "unicode/utf8"
2834 )
2935
4854 // Contains State that are read in from the command
4955 // line when the program is invoked.
5056 type State struct {
51 Threads int
52 Wordlist string
53 Url string
57 Client *http.Client
5458 Cookies string
59 Expanded bool
5560 Extensions []string
56 StatusCodes IntSet
57 Verbose bool
58 UseSlash bool
5961 FollowRedirect bool
6062 IncludeLength bool
61 ShowIPs bool
62 Quiet bool
63 Mode string
6364 NoStatus bool
64 Expanded bool
65 Mode string
66 ProxyUrl *url.URL
67 Setup SetupFunc
65 Password string
6866 Printer PrintResultFunc
6967 Processor ProcessorFunc
70 Client *http.Client
68 ProxyUrl *url.URL
69 Quiet bool
70 Setup SetupFunc
71 ShowIPs bool
72 StatusCodes IntSet
73 Threads int
74 Url string
75 UseSlash bool
76 UserAgent string
77 Username string
78 Verbose bool
79 Wordlist string
7180 }
7281
7382 type RedirectHandler struct {
111120
112121 if cookie != "" {
113122 req.Header.Set("Cookie", cookie)
123 }
124
125 if s.UserAgent != "" {
126 req.Header.Set("User-Agent", s.UserAgent)
127 }
128
129 if s.Username != "" {
130 req.SetBasicAuth(s.Username, s.Password)
114131 }
115132
116133 resp, err := s.Client.Do(req)
166183 flag.StringVar(&codes, "s", "200,204,301,302,307", "Positive status codes (dir mode only)")
167184 flag.StringVar(&s.Url, "u", "", "The target URL or Domain")
168185 flag.StringVar(&s.Cookies, "c", "", "Cookies to use for the requests (dir mode only)")
186 flag.StringVar(&s.Username, "U", "", "Username for Basic Auth (dir mode only)")
187 flag.StringVar(&s.Password, "P", "", "Password for Basic Auth (dir mode only)")
169188 flag.StringVar(&extensions, "x", "", "File extension(s) to search for (dir mode only)")
189 flag.StringVar(&s.UserAgent, "a", "", "Set the User-Agent string (dir mode only)")
170190 flag.StringVar(&proxy, "p", "", "Proxy to use for requests [http(s)://host:port] (dir mode only)")
171191 flag.BoolVar(&s.Verbose, "v", false, "Verbose output (errors)")
172192 flag.BoolVar(&s.ShowIPs, "i", false, "Show IP addresses (dns mode only)")
173193 flag.BoolVar(&s.FollowRedirect, "r", false, "Follow redirects")
174 flag.BoolVar(&s.Quiet, "q", false, "Don't print the banner")
194 flag.BoolVar(&s.Quiet, "q", false, "Don't print the banner and other noise")
175195 flag.BoolVar(&s.Expanded, "e", false, "Expanded mode, print full URLs")
176196 flag.BoolVar(&s.NoStatus, "n", false, "Don't print status codes")
177197 flag.BoolVar(&s.IncludeLength, "l", false, "Include the length of the body in the output (dir mode only)")
178198 flag.BoolVar(&s.UseSlash, "f", false, "Append a forward-slash to each directory request (dir mode only)")
179199
180200 flag.Parse()
201
202 Banner(&s)
181203
182204 switch strings.ToLower(s.Mode) {
183205 case "dir":
241263 }
242264 }
243265
266 // prompt for password if needed
267 if valid && s.Username != "" && s.Password == "" {
268 fmt.Printf("[?] Auth Password: ")
269 passBytes, err := terminal.ReadPassword(int(syscall.Stdin))
270
271 // print a newline to simulate the newline that was entered
272 // this means that formatting/printing after doesn't look bad.
273 fmt.Println("")
274
275 if err == nil {
276 s.Password = string(passBytes)
277 } else {
278 panic("Auth username given but reading of password failed")
279 }
280 }
281
244282 if valid {
245283 var proxyUrlFunc func(*http.Request) (*url.URL, error)
246284 proxyUrlFunc = http.ProxyFromEnvironment
288326 panic("Failed to open wordlist")
289327 }
290328
291 Banner(s)
329 ShowConfig(s)
292330
293331 if s.Setup(s) == false {
294332 Ruler(s)
342380 // Lazy reading of the wordlist line by line
343381 scanner := bufio.NewScanner(wordlist)
344382 for scanner.Scan() {
345 word := scanner.Text()
346
347 // Skip "comment" lines
348 if strings.HasPrefix(word, "#") == false {
383 word := strings.TrimSpace(scanner.Text())
384
385 // Skip "comment" (starts with #), as well as empty lines
386 if !strings.HasPrefix(word, "#") && len(word) > 0 {
349387 wordChan <- word
350388 }
351389 }
361399 // Resolve a subdomain that probably shouldn't exist
362400 _, err := net.LookupHost("bba1b18d-50f8-4f1d-8295-c861445ed7f5." + s.Url)
363401 if err == nil {
364 fmt.Println("Wildcard DNS found.")
402 fmt.Println("[-] Wildcard DNS found.")
365403 return false
366404 }
405
406 if !s.Quiet {
407 // Provide a warning if the base domain doesn't resolve (in case of typo)
408 _, err = net.LookupHost(s.Url)
409 if err != nil {
410 // Not an error, just a warning. Eg. `yp.to` doesn't resolve, but `cr.py.to` does!
411 fmt.Println("[!] Unable to validate base domain:", s.Url)
412 }
413 }
414
367415 return true
368416 }
369417
500548 }
501549
502550 fmt.Println("")
551 fmt.Println("Gobuster v1.1 OJ Reeves (@TheColonial)")
503552 Ruler(state)
504 fmt.Println("Gobuster v1.0 (DIR support by OJ Reeves @TheColonial)")
505 fmt.Println(" (DNS support by Peleus @0x42424242)")
506 Ruler(state)
553 }
554
555 func ShowConfig(state *State) {
556 if state.Quiet {
557 return
558 }
507559
508560 if state != nil {
509561 fmt.Printf("[+] Mode : %s\n", state.Mode)
522574 fmt.Printf("[+] Cookies : %s\n", state.Cookies)
523575 }
524576
577 if state.UserAgent != "" {
578 fmt.Printf("[+] User Agent : %s\n", state.UserAgent)
579 }
580
581 if state.IncludeLength {
582 fmt.Printf("[+] Show length : true\n")
583 }
584
585 if state.Username != "" {
586 fmt.Printf("[+] Auth User : %s\n", state.Username)
587 }
588
525589 if len(state.Extensions) > 0 {
526590 fmt.Printf("[+] Extensions : %s\n", strings.Join(state.Extensions, ","))
527591 }