Zum Inhalt

Gobuster Directory/File Brute Forcer Cheat Sheet

generieren

Überblick

Gobuster ist ein Werkzeug, das verwendet wird, um URIs (Regisseuren und Dateien) in Web-Sites, DNS-Subdomains, virtuelle Host-Namen auf Ziel-Webservern und öffnen Amazon S3 Buckets. Geschrieben in Go, es ist schnell, effizient, und unterstützt mehrere Betriebsmodi für umfassende Web-Anwendung Aufklärung.

ZEIT Warnung: Dieses Tool ist nur für autorisierte Penetrationstests und Sicherheitsbewertungen gedacht. Stellen Sie sicher, dass Sie eine ordnungsgemäße Autorisierung vor der Verwendung gegen jedes Ziel haben.

Installation

Zur Installation

```bash

Install via Go

go install github.com/OJ/gobuster/v3@latest

Verify installation

gobuster version ```_

Installation des Paketmanagers

```bash

Ubuntu/Debian

sudo apt update sudo apt install gobuster

Arch Linux

sudo pacman -S gobuster

macOS with Homebrew

brew install gobuster

Kali Linux (pre-installed)

gobuster --help ```_

Manuelle Installation

```bash

Download latest release

wget https://github.com/OJ/gobuster/releases/download/v3.6.0/gobuster_Linux_x86_64.tar.gz tar -xzf gobuster_Linux_x86_64.tar.gz sudo mv gobuster /usr/local/bin/

Make executable

sudo chmod +x /usr/local/bin/gobuster ```_

Docker Installation

```bash

Pull Docker image

docker pull gobuster/gobuster

Run with Docker

docker run --rm gobuster/gobuster --help ```_

Basisnutzung

Befehlsstruktur

```bash

Basic syntax

gobuster [mode] [options]

Get help

gobuster --help gobuster [mode] --help

Check version

gobuster version ```_

Verfügbare Moden

Mode Description
dir Directory/file enumeration mode
dns DNS subdomain enumeration mode
fuzz Fuzzing mode
s3 Amazon S3 bucket enumeration
gcs Google Cloud Storage enumeration
tftp TFTP enumeration mode
vhost Virtual host enumeration mode

Verzeichnis und Dateiaufzählung

Grundverzeichnis Brute Force

```bash

Basic directory enumeration

gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt

With specific extensions

gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -x php,html,txt

Multiple extensions

gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -x php,html,txt,js,css

Custom status codes

gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -s 200,204,301,302,307,401,403 ```_

Erweiterte Verzeichnisoptionen

```bash

Increase threads for faster scanning

gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -t 50

Add delay between requests

gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -d 100ms

Follow redirects

gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -r

Include length in output

gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -l

Quiet mode (only show found)

gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -q ```_

Authentication und Header

```bash

Basic authentication

gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -U username -P password

Custom headers

gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -H "Authorization: Bearer token"

Multiple headers

gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -H "X-Forwarded-For: 127.0.0.1" -H "User-Agent: CustomAgent"

Cookies

gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -c "PHPSESSID=abc123; auth=token" ```_

Proxy und SSL Optionen

```bash

Use proxy

gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -p http://127.0.0.1:8080

Skip SSL verification

gobuster dir -u https://target.com -w /usr/share/wordlists/dirb/common.txt -k

Custom timeout

gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt --timeout 30s

Custom user agent

gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -a "Mozilla/5.0 (Custom Agent)" ```_

DNS Subdomain Enumeration

Grundlegende DNS-Enumeration

```bash

Basic subdomain enumeration

gobuster dns -d target.com -w /usr/share/wordlists/SecLists/Discovery/DNS/subdomains-top1million-5000.txt

Show IP addresses

gobuster dns -d target.com -w /usr/share/wordlists/SecLists/Discovery/DNS/subdomains-top1million-5000.txt -i

Custom resolver

gobuster dns -d target.com -w /usr/share/wordlists/SecLists/Discovery/DNS/subdomains-top1million-5000.txt -r 8.8.8.8

Multiple resolvers

gobuster dns -d target.com -w /usr/share/wordlists/SecLists/Discovery/DNS/subdomains-top1million-5000.txt -r 8.8.8.8,1.1.1.1 ```_

Erweiterte DNS-Optionen

```bash

Increase threads

gobuster dns -d target.com -w /usr/share/wordlists/SecLists/Discovery/DNS/subdomains-top1million-5000.txt -t 50

Wildcard detection

gobuster dns -d target.com -w /usr/share/wordlists/SecLists/Discovery/DNS/subdomains-top1million-5000.txt --wildcard

Custom timeout

gobuster dns -d target.com -w /usr/share/wordlists/SecLists/Discovery/DNS/subdomains-top1million-5000.txt --timeout 5s

Output to file

gobuster dns -d target.com -w /usr/share/wordlists/SecLists/Discovery/DNS/subdomains-top1million-5000.txt -o subdomains.txt ```_

Virtuelle Hostaufzählung

Grundlegende VHost Aufzählung

```bash

Basic virtual host enumeration

gobuster vhost -u http://target.com -w /usr/share/wordlists/SecLists/Discovery/DNS/subdomains-top1million-5000.txt

Append domain

gobuster vhost -u http://target.com -w /usr/share/wordlists/SecLists/Discovery/DNS/subdomains-top1million-5000.txt --append-domain

Custom domain

gobuster vhost -u http://192.168.1.100 -w /usr/share/wordlists/SecLists/Discovery/DNS/subdomains-top1million-5000.txt -d target.com ```_

Erweiterte VHost Optionen

```bash

Filter by status code

gobuster vhost -u http://target.com -w /usr/share/wordlists/SecLists/Discovery/DNS/subdomains-top1million-5000.txt -s 200,302

Exclude status codes

gobuster vhost -u http://target.com -w /usr/share/wordlists/SecLists/Discovery/DNS/subdomains-top1million-5000.txt -b 404,403

Custom headers

gobuster vhost -u http://target.com -w /usr/share/wordlists/SecLists/Discovery/DNS/subdomains-top1million-5000.txt -H "Authorization: Bearer token" ```_

Fuzzing-Modus

Basic Fuzzing

```bash

Basic fuzzing with FUZZ keyword

gobuster fuzz -u http://target.com/FUZZ -w /usr/share/wordlists/dirb/common.txt

Multiple FUZZ positions

gobuster fuzz -u http://target.com/FUZZ/FUZZ2 -w /usr/share/wordlists/dirb/common.txt

Custom extensions in fuzzing

gobuster fuzz -u http://target.com/FUZZ.php -w /usr/share/wordlists/dirb/common.txt ```_

Fortgeschrittene Fuzzing

```bash

Exclude specific responses

gobuster fuzz -u http://target.com/FUZZ -w /usr/share/wordlists/dirb/common.txt --exclude-length 1234

Filter by response size

gobuster fuzz -u http://target.com/FUZZ -w /usr/share/wordlists/dirb/common.txt -s 200 --exclude-length 0

POST data fuzzing

gobuster fuzz -u http://target.com/login -w /usr/share/wordlists/dirb/common.txt -d "username=admin&password=FUZZ" ```_

Amazon S3 Bucket Enumeration

Basis S3 Aufzählung

```bash

Basic S3 bucket enumeration

gobuster s3 -w /usr/share/wordlists/dirb/common.txt

Custom region

gobuster s3 -w /usr/share/wordlists/dirb/common.txt -r us-west-2

Maximum keys to list

gobuster s3 -w /usr/share/wordlists/dirb/common.txt -m 1000 ```_

Erweiterte S3 Optionen

```bash

Increase threads

gobuster s3 -w /usr/share/wordlists/dirb/common.txt -t 50

Output to file

gobuster s3 -w /usr/share/wordlists/dirb/common.txt -o s3_buckets.txt

Quiet mode

gobuster s3 -w /usr/share/wordlists/dirb/common.txt -q ```_

Google Cloud Speicherzählung

Grundlegende GCS-Enumeration

```bash

Basic Google Cloud Storage enumeration

gobuster gcs -w /usr/share/wordlists/dirb/common.txt

Maximum keys to list

gobuster gcs -w /usr/share/wordlists/dirb/common.txt -m 1000

Increase threads

gobuster gcs -w /usr/share/wordlists/dirb/common.txt -t 50 ```_

Gemeinsame Wortlisten

Beliebte Wordlists

```bash

SecLists (comprehensive collection)

/usr/share/wordlists/SecLists/Discovery/Web-Content/directory-list-2.3-medium.txt /usr/share/wordlists/SecLists/Discovery/Web-Content/common.txt /usr/share/wordlists/SecLists/Discovery/Web-Content/big.txt

DirBuster wordlists

/usr/share/wordlists/dirb/common.txt /usr/share/wordlists/dirb/big.txt /usr/share/wordlists/dirb/small.txt

Custom wordlists for specific technologies

/usr/share/wordlists/SecLists/Discovery/Web-Content/CMS/wordpress.txt /usr/share/wordlists/SecLists/Discovery/Web-Content/CMS/drupal.txt /usr/share/wordlists/SecLists/Discovery/Web-Content/apache.txt ```_

Erstellen von benutzerdefinierten Wordlisten

```bash

Combine multiple wordlists

cat /usr/share/wordlists/dirb/common.txt /usr/share/wordlists/dirb/big.txt|sort -u > custom_wordlist.txt

Generate wordlist from website

cewl http://target.com -w custom_wordlist.txt

Technology-specific wordlist

echo -e "admin\nadministrator\nlogin\ndashboard\napi\nv1\nv2\ntest\ndev" > custom_dirs.txt ```_

Ausgabe und Reporting

Ausgabeformate

```bash

Save to file

gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -o results.txt

JSON output

gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -o results.json --format json

Append to existing file

gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt >> results.txt ```_

Verbose Ausgang

```bash

Verbose mode

gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -v

Show progress

gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt --progress

No progress bar

gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt --no-progress ```_

Erweiterte Techniken

Multi-Target Scanning

```bash

Scan multiple targets

for target in $(cat targets.txt); do echo "Scanning $target" gobuster dir -u \(target -w /usr/share/wordlists/dirb/common.txt -o "\)\\{target//\//_\\}_results.txt" done

Parallel scanning

parallel -j 5 "gobuster dir -u \\{\\} -w /usr/share/wordlists/dirb/common.txt -o \\{//\\}results.txt" :::: targets.txt ```

Recursive Scanning

```bash

Manual recursive scanning

gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt|grep "Status: 200"|awk '\\{print $1\\}' > found_dirs.txt

Scan found directories

while read dir; do gobuster dir -u "http://target.com$dir" -w /usr/share/wordlists/dirb/common.txt done < found_dirs.txt ```_

Begrenzung der Evasion

```bash

Slow scanning to avoid rate limits

gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -t 1 -d 1s

Random delay

gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -d 500ms-2s

Rotate user agents

gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -a "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36" ```_

Integration mit anderen Tools

Integration von Burp Suite

```bash

Use Burp as proxy

gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -p http://127.0.0.1:8080

Export Burp findings to wordlist

From Burp: Target > Site map > Right-click > Copy URLs

Process URLs to create custom wordlist

```_

Nmap Integration

```bash

Scan web ports first

nmap -p 80,443,8080,8443 target.com --open -oG web_ports.txt

Extract open ports and scan

grep "80/open|443/open|8080/open|8443/open" web_ports.txt|awk '\\{print \(2\\\\}'|while read host; do gobuster dir -u "http://\)host" -w /usr/share/wordlists/dirb/common.txt done ```_

Nucles Integration

```bash

Run gobuster first, then nuclei on found directories

gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -q|grep "Status: 200" > found_paths.txt

Run nuclei on found paths

nuclei -l found_paths.txt -t /path/to/nuclei-templates/ ```_

Automatisierungsskripte

Umfassendes Web Enumeration Script

```bash

!/bin/bash

TARGET=\(1 OUTPUT_DIR="gobuster_results_\)(date +%Y%m%d_%H%M%S)"

if [ -z "$TARGET" ]; then echo "Usage: $0 " exit 1 fi

mkdir -p $OUTPUT_DIR

echo "[+] Starting comprehensive web enumeration for $TARGET"

Directory enumeration with common extensions

echo "[+] Running directory enumeration..." gobuster dir -u \(TARGET -w /usr/share/wordlists/SecLists/Discovery/Web-Content/directory-list-2.3-medium.txt -x php,html,txt,js,css,xml,json -t 50 -o "\)OUTPUT_DIR/directories.txt"

Common file enumeration

echo "[+] Running common file enumeration..." gobuster dir -u \(TARGET -w /usr/share/wordlists/SecLists/Discovery/Web-Content/common.txt -x php,html,txt,js,css,xml,json,bak,old,tmp -t 50 -o "\)OUTPUT_DIR/files.txt"

Admin panel enumeration

echo "[+] Running admin panel enumeration..." gobuster dir -u \(TARGET -w /usr/share/wordlists/SecLists/Discovery/Web-Content/CMS/wordpress.txt -t 50 -o "\)OUTPUT_DIR/admin.txt"

API enumeration

echo "[+] Running API enumeration..." gobuster dir -u \(TARGET -w /usr/share/wordlists/SecLists/Discovery/Web-Content/api/api-endpoints.txt -t 50 -o "\)OUTPUT_DIR/api.txt"

Subdomain enumeration (if domain provided)

if [[ \(TARGET =~ ^https?://([^/]+) ]]; then DOMAIN=\)\\{BASH_REMATCH[1]\\} echo "[+] Running subdomain enumeration for $DOMAIN..." gobuster dns -d \(DOMAIN -w /usr/share/wordlists/SecLists/Discovery/DNS/subdomains-top1million-5000.txt -t 50 -o "\)OUTPUT_DIR/subdomains.txt" fi

echo "[+] Enumeration complete. Results saved in $OUTPUT_DIR/" ```_

Multi-Extension Scanner

```bash

!/bin/bash

TARGET=$1 WORDLIST="/usr/share/wordlists/dirb/common.txt"

Common web extensions

EXTENSIONS=("php" "html" "htm" "txt" "js" "css" "xml" "json" "asp" "aspx" "jsp" "do" "action" "cgi" "pl" "py" "rb" "bak" "old" "tmp" "log")

for ext in "\(\\\\{EXTENSIONS[@]\\\\}"; do echo "[+] Scanning for .\)ext files..." gobuster dir -u $TARGET -w $WORDLIST -x $ext -t 30 -q|grep "Status: 200" done ```_

Recursive Directory Scanner

```bash

!/bin/bash

TARGET=$1 WORDLIST="/usr/share/wordlists/dirb/common.txt" MAX_DEPTH=3 CURRENT_DEPTH=0

scan_directory() \\{ local url=\(1 local depth=\)2

if [ $depth -gt $MAX_DEPTH ]; then
    return
fi

echo "[+] Scanning $url (depth: $depth)"

# Scan current directory
gobuster dir -u "$url" -w $WORDLIST -t 30 -q|grep "Status: 200"|while read line; do
    found_path=$(echo $line|awk '\\\\{print $1\\\\}')
    full_url="$url$found_path"

    echo "Found: $full_url"

    # If it's a directory, scan recursively
    if [[ $found_path == */ ]]; then
        scan_directory "$full_url" $((depth + 1))
    fi
done

\\}

scan_directory $TARGET 0 ```_

Leistungsoptimierung

Gewinde und Geschwindigkeit

```bash

Optimal thread count (usually 20-50)

gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -t 30

Adjust timeout for slow servers

gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt --timeout 10s

Disable progress bar for better performance

gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt --no-progress ```_

Speicherverwaltung

```bash

For large wordlists, use streaming

gobuster dir -u http://target.com -w /usr/share/wordlists/SecLists/Discovery/Web-Content/directory-list-2.3-big.txt -t 20

Monitor memory usage

watch -n 1 'ps aux|grep gobuster' ```_

Fehlerbehebung

Gemeinsame Themen

```bash

SSL certificate issues

gobuster dir -u https://target.com -w /usr/share/wordlists/dirb/common.txt -k

Connection timeout

gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt --timeout 30s

Rate limiting

gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -t 1 -d 1s

DNS resolution issues

gobuster dns -d target.com -w /usr/share/wordlists/SecLists/Discovery/DNS/subdomains-top1million-5000.txt -r 8.8.8.8 ```_

Debug Mode

```bash

Enable debug output

gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt --debug

Verbose output

gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -v ```_

Best Practices

Strategie der Aufklärung

  1. **Start mit gemeinsamen Verzeichnissen*: Verwenden Sie kleine, gemeinsame Wortlisten zuerst
  2. **Technologiespezifische Aufzählung*: Verwenden Sie CMS-spezifische Wortlisten, wenn zutreffend
  3. ** Erweiterungszählung*: Immer relevante Dateierweiterungen einschließen
  4. **Rekursives Scannen*: Scan gefundene Verzeichnisse für tiefere Aufzählungen
  5. **Begrenzte Sensibilisierung*: Passen Sie Gewinde und Verzögerungen, um die Erkennung zu vermeiden

Stealth Überlegungen

```bash

Slow and stealthy scanning

gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -t 1 -d 2s -a "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36"

Use proxy for anonymity

gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -p http://proxy:8080

Random user agent rotation

gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -a "$(shuf -n1 user_agents.txt)" ```_

Ressourcen

--

*Dieses Betrügereiblatt bietet eine umfassende Referenz für die Verwendung von Gobuster. Stellen Sie immer sicher, dass Sie eine ordnungsgemäße Berechtigung haben, bevor Sie Web-Anwendung Sicherheitstests durchführen. *