Comprehensive Guide to Gobuster Tool

Hello Friend!! Today we are going demontrate URLs and DNS brute force attack for extracting Directtories and files from inside URLs and subdomains from DNS by using “Gobuster-tool”.

Table of Content

  • Introuction & Installation
  • Using Wordlist for Directory Brute-Force
  • Obtaining Full Path for a directory or file
  • Hide Status Code
  • Verbose Mode
  • Identify Content Length
  • Disable Banner
  • User-Agent Mode
  • Obtain Result with Specify Status Code
  • Timeout
  • Appending Forward slash
  • Saving Output Result inside Text File
  • Enumerating Directory with Specific Extension List
  • Follow Redirect
  • HTTP AUTHORIZATION (-u username: password)
  • DNS Mode
  • Set Threads Number
  • Obtain Subdomain IPs
  • Force Processing Brute Force
  • Hide Process of Extracting
  • Extracting CNAME Records

Introuction & Installation

Gobuster is a tool used to brute-force on URIs (directories and files) in web sites and DNS subdomains. Gobuster can be downloaded through apt- repository and thus execute following command for installing it.

When it will get installed, you can interact with it and can perceive all available option with the help of following command.

gobuster -h

Common Parameters

  • -fw – force processing of a domain with wildcard results.
  • -np – hide the progress output.
  • -m <mode> – which mode to use, either dir or dns (default: dir).
  • -q – disables banner/underline output.
  • -t <threads> – number of threads to run (default: 10).
  • -u <url/domain> – full URL (including scheme), or base domain name.
  • -v – verbose output (show all results).
  • -w <wordlist> – path to the wordlist used for brute forcing (use – for stdin).

Dir mode Parameter

  • -a <user agent string> – specify a user agent string to send in the request header.
  • -c <http cookies> – use this to specify any cookies that you might need (simulating auth).
  • -e – specify extended mode that renders the full URL.
  • -f – append / for directory brute forces.
  • -k – Skip verification of SSL certificates.
  • -l – show the length of the response.
  • -n – “no status” mode, disables the output of the result’s status code.
  • -o <file> – specify a file name to write the output to.
  • -p <proxy url> – specify a proxy to use for all requests (scheme much match the URL scheme).
  • -r – follow redirects.
  • -s <status codes> – comma-separated set of the list of status codes to be deemed a “positive” (default: 200,204,301,302,307).
  • -x <extensions> – list of extensions to check for, if any.
  • -P <password> – HTTP Authorization password (Basic Auth only, prompted if missing).
  • -U <username> – HTTP Authorization username (Basic Auth only).
  • -to <timeout> – HTTP timeout. Examples: 10s, 100ms, 1m (default: 10s).

DNS mode Parameters

  • -cn – show CNAME records (cannot be used with ‘-i’ option).
  • -i – show all IP addresses for the result.

Using Wordlist for Directory Brute-Force

You can use -w option for using a particular wordlist, for example common.txt or medium.txt to launch a brute-force attack for extracting web directories or files from inside the target URL.

The above command will dump the all possible files and directories with the help of common.txt wordlist.

Obtaining Full Path for a directory or file

Using -e option provides more significant result, as it Prints complete URL when extract any file or directories.

You can compare the following output result from the previous result.

Hide Status Code

Using -n Option “no status” mode, it print the output of the result’s without displaying the status code.

The above command will dump the all possible files and directory without displaying their status code.

                                                  

Verbose Mode

Using -v option – it enables verbose parameter and make brute-force attack vigorously on each file or directory.

As you can observe from the following option that, this time it has dump the result including status 404 for missing directories or files.

Identify Content Length

Using -l option enables content-length parameter which display size of response. The Content-Length header is a number denoting and the exact byte length of the HTTP body for extracted file or directory.

Disable Banner

Gobuster always add banner to specify brief introduction of applied options while launching brute force attack. By using -q option we can disable the banner to hide additional information.

From given below image, you can perceive the difference between last output results and in the current result.

User-Agent Mode

Using -a option enables User-Agent mode to specify a user agent string to send in the request header for extracting directories and files from inside the target URL.

Obtain Result with Specify Status Code

Using -s Option, enables the status code for specific value such 302, 200, 403, and 404 and so on to obtain certain request pages.

From the given below image, you can take reference for the output result obtained for above commands.