Zum Inhalt

Gobuster Directory/File Brute Forcer Cheat Sheet

generieren

Überblick

Gobuster ist ein Werkzeug, das verwendet wird, um URIs (Regisseuren und Dateien) in Web-Sites, DNS-Subdomains, virtuelle Host-Namen auf Ziel-Webservern und öffnen Amazon S3 Buckets. Geschrieben in Go, es ist schnell, effizient, und unterstützt mehrere Betriebsmodi für umfassende Web-Anwendung Aufklärung.

ZEIT Warnung: Dieses Tool ist nur für autorisierte Penetrationstests und Sicherheitsbewertungen gedacht. Stellen Sie sicher, dass Sie eine ordnungsgemäße Autorisierung vor der Verwendung gegen jedes Ziel haben.

Installation

Zur Installation

```bash

Install via Go

go install github.com/OJ/gobuster/v3@latest

Verify installation

gobuster version ```_

Installation des Paketmanagers

```bash

Ubuntu/Debian

sudo apt update sudo apt install gobuster

Arch Linux

sudo pacman -S gobuster

macOS with Homebrew

brew install gobuster

Kali Linux (pre-installed)

gobuster --help ```_

Manuelle Installation

```bash

Download latest release

wget https://github.com/OJ/gobuster/releases/download/v3.6.0/gobuster_Linux_x86_64.tar.gz tar -xzf gobuster_Linux_x86_64.tar.gz sudo mv gobuster /usr/local/bin/

Make executable

sudo chmod +x /usr/local/bin/gobuster ```_

Docker Installation

```bash

Pull Docker image

docker pull gobuster/gobuster

Run with Docker

docker run --rm gobuster/gobuster --help ```_

Basisnutzung

Befehlsstruktur

```bash

Basic syntax

gobuster [mode] [options]

Get help

gobuster --help gobuster [mode] --help

Check version

gobuster version ```_

Verfügbare Moden

| | Mode | Description | | | --- | --- | | | dir | Directory/file enumeration mode | | | | dns | DNS subdomain enumeration mode | | | | fuzz | Fuzzing mode | | | | s3 | Amazon S3 bucket enumeration | | | | gcs | Google Cloud Storage enumeration | | | | tftp | TFTP enumeration mode | | | | vhost | Virtual host enumeration mode | |

Verzeichnis und Dateiaufzählung

Grundverzeichnis Brute Force

```bash

Basic directory enumeration

gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt

With specific extensions

gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -x php,html,txt

Multiple extensions

gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -x php,html,txt,js,css

Custom status codes

gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -s 200,204,301,302,307,401,403 ```_

Erweiterte Verzeichnisoptionen

```bash

Increase threads for faster scanning

gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -t 50

Add delay between requests

gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -d 100ms

Follow redirects

gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -r

Include length in output

gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -l

Quiet mode (only show found)

gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -q ```_

Authentication und Header

```bash

Basic authentication

gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -U username -P password

Custom headers

gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -H "Authorization: Bearer token"

Multiple headers

gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -H "X-Forwarded-For: 127.0.0.1" -H "User-Agent: CustomAgent"

Cookies

gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -c "PHPSESSID=abc123; auth=token" ```_

Proxy und SSL Optionen

```bash

Use proxy

gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -p http://127.0.0.1:8080

Skip SSL verification

gobuster dir -u https://target.com -w /usr/share/wordlists/dirb/common.txt -k

Custom timeout

gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt --timeout 30s

Custom user agent

gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -a "Mozilla/5.0 (Custom Agent)" ```_

DNS Subdomain Enumeration

Grundlegende DNS-Enumeration

```bash

Basic subdomain enumeration

gobuster dns -d target.com -w /usr/share/wordlists/SecLists/Discovery/DNS/subdomains-top1million-5000.txt

Show IP addresses

gobuster dns -d target.com -w /usr/share/wordlists/SecLists/Discovery/DNS/subdomains-top1million-5000.txt -i

Custom resolver

gobuster dns -d target.com -w /usr/share/wordlists/SecLists/Discovery/DNS/subdomains-top1million-5000.txt -r 8.8.8.8

Multiple resolvers

gobuster dns -d target.com -w /usr/share/wordlists/SecLists/Discovery/DNS/subdomains-top1million-5000.txt -r 8.8.8.8,1.1.1.1 ```_

Erweiterte DNS-Optionen

```bash

Increase threads

gobuster dns -d target.com -w /usr/share/wordlists/SecLists/Discovery/DNS/subdomains-top1million-5000.txt -t 50

Wildcard detection

gobuster dns -d target.com -w /usr/share/wordlists/SecLists/Discovery/DNS/subdomains-top1million-5000.txt --wildcard

Custom timeout

gobuster dns -d target.com -w /usr/share/wordlists/SecLists/Discovery/DNS/subdomains-top1million-5000.txt --timeout 5s

Output to file

gobuster dns -d target.com -w /usr/share/wordlists/SecLists/Discovery/DNS/subdomains-top1million-5000.txt -o subdomains.txt ```_

Virtuelle Hostaufzählung

Grundlegende VHost Aufzählung

```bash

Basic virtual host enumeration

gobuster vhost -u http://target.com -w /usr/share/wordlists/SecLists/Discovery/DNS/subdomains-top1million-5000.txt

Append domain

gobuster vhost -u http://target.com -w /usr/share/wordlists/SecLists/Discovery/DNS/subdomains-top1million-5000.txt --append-domain

Custom domain

gobuster vhost -u http://192.168.1.100 -w /usr/share/wordlists/SecLists/Discovery/DNS/subdomains-top1million-5000.txt -d target.com ```_

Erweiterte VHost Optionen

```bash

Filter by status code

gobuster vhost -u http://target.com -w /usr/share/wordlists/SecLists/Discovery/DNS/subdomains-top1million-5000.txt -s 200,302

Exclude status codes

gobuster vhost -u http://target.com -w /usr/share/wordlists/SecLists/Discovery/DNS/subdomains-top1million-5000.txt -b 404,403

Custom headers

gobuster vhost -u http://target.com -w /usr/share/wordlists/SecLists/Discovery/DNS/subdomains-top1million-5000.txt -H "Authorization: Bearer token" ```_

Fuzzing-Modus

Basic Fuzzing

```bash

Basic fuzzing with FUZZ keyword

gobuster fuzz -u http://target.com/FUZZ -w /usr/share/wordlists/dirb/common.txt

Multiple FUZZ positions

gobuster fuzz -u http://target.com/FUZZ/FUZZ2 -w /usr/share/wordlists/dirb/common.txt

Custom extensions in fuzzing

gobuster fuzz -u http://target.com/FUZZ.php -w /usr/share/wordlists/dirb/common.txt ```_

Fortgeschrittene Fuzzing

```bash

Exclude specific responses

gobuster fuzz -u http://target.com/FUZZ -w /usr/share/wordlists/dirb/common.txt --exclude-length 1234

Filter by response size

gobuster fuzz -u http://target.com/FUZZ -w /usr/share/wordlists/dirb/common.txt -s 200 --exclude-length 0

POST data fuzzing

gobuster fuzz -u http://target.com/login -w /usr/share/wordlists/dirb/common.txt -d "username=admin&password;=FUZZ" ```_

Amazon S3 Bucket Enumeration

Basis S3 Aufzählung

```bash

Basic S3 bucket enumeration

gobuster s3 -w /usr/share/wordlists/dirb/common.txt

Custom region

gobuster s3 -w /usr/share/wordlists/dirb/common.txt -r us-west-2

Maximum keys to list

gobuster s3 -w /usr/share/wordlists/dirb/common.txt -m 1000 ```_

Erweiterte S3 Optionen

```bash

Increase threads

gobuster s3 -w /usr/share/wordlists/dirb/common.txt -t 50

Output to file

gobuster s3 -w /usr/share/wordlists/dirb/common.txt -o s3_buckets.txt

Quiet mode

gobuster s3 -w /usr/share/wordlists/dirb/common.txt -q ```_

Google Cloud Speicherzählung

Grundlegende GCS-Enumeration

```bash

Basic Google Cloud Storage enumeration

gobuster gcs -w /usr/share/wordlists/dirb/common.txt

Maximum keys to list

gobuster gcs -w /usr/share/wordlists/dirb/common.txt -m 1000

Increase threads

gobuster gcs -w /usr/share/wordlists/dirb/common.txt -t 50 ```_

Gemeinsame Wortlisten

Beliebte Wordlists

```bash

SecLists (comprehensive collection)

/usr/share/wordlists/SecLists/Discovery/Web-Content/directory-list-2.3-medium.txt /usr/share/wordlists/SecLists/Discovery/Web-Content/common.txt /usr/share/wordlists/SecLists/Discovery/Web-Content/big.txt

DirBuster wordlists

/usr/share/wordlists/dirb/common.txt /usr/share/wordlists/dirb/big.txt /usr/share/wordlists/dirb/small.txt

Custom wordlists for specific technologies

/usr/share/wordlists/SecLists/Discovery/Web-Content/CMS/wordpress.txt /usr/share/wordlists/SecLists/Discovery/Web-Content/CMS/drupal.txt /usr/share/wordlists/SecLists/Discovery/Web-Content/apache.txt ```_

Erstellen von benutzerdefinierten Wordlisten

```bash

Combine multiple wordlists

cat /usr/share/wordlists/dirb/common.txt /usr/share/wordlists/dirb/big.txt|sort -u > custom_wordlist.txt

Generate wordlist from website

cewl http://target.com -w custom_wordlist.txt

Technology-specific wordlist

echo -e "admin\nadministrator\nlogin\ndashboard\napi\nv1\nv2\ntest\ndev" > custom_dirs.txt ```_

Ausgabe und Reporting

Ausgabeformate

```bash

Save to file

gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -o results.txt

JSON output

gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -o results.json --format json

Append to existing file

gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt >> results.txt ```_

Verbose Ausgang

```bash

Verbose mode

gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -v

Show progress

gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt --progress

No progress bar

gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt --no-progress ```_

Erweiterte Techniken

Multi-Target Scanning

```bash

Scan multiple targets

for target in $(cat targets.txt); do echo "Scanning $target" gobuster dir -u $target -w /usr/share/wordlists/dirb/common.txt -o "$\\{target//\//_\\}_results.txt" done

Parallel scanning

parallel -j 5 "gobuster dir -u \\{\\} -w /usr/share/wordlists/dirb/common.txt -o \\{//\\}results.txt" :::: targets.txt ```

Recursive Scanning

```bash

Manual recursive scanning

| gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt | grep "Status: 200" | awk '\\{print $1\\}' > found_dirs.txt |

Scan found directories

while read dir; do gobuster dir -u "http://target.com$dir" -w /usr/share/wordlists/dirb/common.txt done < found_dirs.txt ```_

Begrenzung der Evasion

```bash

Slow scanning to avoid rate limits

gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -t 1 -d 1s

Random delay

gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -d 500ms-2s

Rotate user agents

gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -a "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36" ```_

Integration mit anderen Tools

Integration von Burp Suite

```bash

Use Burp as proxy

gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -p http://127.0.0.1:8080

Export Burp findings to wordlist

From Burp: Target > Site map > Right-click > Copy URLs

Process URLs to create custom wordlist

```_

Nmap Integration

```bash

Scan web ports first

nmap -p 80,443,8080,8443 target.com --open -oG web_ports.txt

Extract open ports and scan

| grep "80/open\ | 443/open\ | 8080/open\ | 8443/open" web_ports.txt | awk '\\{print $2\\}' | while read host; do | gobuster dir -u "http://$host" -w /usr/share/wordlists/dirb/common.txt done ```_

Nucles Integration

```bash

Run gobuster first, then nuclei on found directories

gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -q|grep "Status: 200" > found_paths.txt

Run nuclei on found paths

nuclei -l found_paths.txt -t /path/to/nuclei-templates/ ```_

Automatisierungsskripte

Umfassendes Web Enumeration Script

```bash

!/bin/bash

TARGET=$1 OUTPUT_DIR="gobuster_results_$(date +%Y%m%d_%H%M%S)"

if [ -z "$TARGET" ]; then echo "Usage: $0 " exit 1 fi

mkdir -p $OUTPUT_DIR

echo "[+] Starting comprehensive web enumeration for $TARGET"

Directory enumeration with common extensions

echo "[+] Running directory enumeration..." gobuster dir -u $TARGET -w /usr/share/wordlists/SecLists/Discovery/Web-Content/directory-list-2.3-medium.txt -x php,html,txt,js,css,xml,json -t 50 -o "$OUTPUT_DIR/directories.txt"

Common file enumeration

echo "[+] Running common file enumeration..." gobuster dir -u $TARGET -w /usr/share/wordlists/SecLists/Discovery/Web-Content/common.txt -x php,html,txt,js,css,xml,json,bak,old,tmp -t 50 -o "$OUTPUT_DIR/files.txt"

Admin panel enumeration

echo "[+] Running admin panel enumeration..." gobuster dir -u $TARGET -w /usr/share/wordlists/SecLists/Discovery/Web-Content/CMS/wordpress.txt -t 50 -o "$OUTPUT_DIR/admin.txt"

API enumeration

echo "[+] Running API enumeration..." gobuster dir -u $TARGET -w /usr/share/wordlists/SecLists/Discovery/Web-Content/api/api-endpoints.txt -t 50 -o "$OUTPUT_DIR/api.txt"

Subdomain enumeration (if domain provided)

if [[ $TARGET =~ ^https?://([^/]+) ]]; then DOMAIN=$\\{BASH_REMATCH[1]\\} echo "[+] Running subdomain enumeration for $DOMAIN..." gobuster dns -d $DOMAIN -w /usr/share/wordlists/SecLists/Discovery/DNS/subdomains-top1million-5000.txt -t 50 -o "$OUTPUT_DIR/subdomains.txt" fi

echo "[+] Enumeration complete. Results saved in $OUTPUT_DIR/" ```_

Multi-Extension Scanner

```bash

!/bin/bash

TARGET=$1 WORDLIST="/usr/share/wordlists/dirb/common.txt"

Common web extensions

EXTENSIONS=("php" "html" "htm" "txt" "js" "css" "xml" "json" "asp" "aspx" "jsp" "do" "action" "cgi" "pl" "py" "rb" "bak" "old" "tmp" "log")

for ext in "$\\{EXTENSIONS[@]\\}"; do echo "[+] Scanning for .$ext files..." gobuster dir -u $TARGET -w $WORDLIST -x $ext -t 30 -q|grep "Status: 200" done ```_

Recursive Directory Scanner

```bash

!/bin/bash

TARGET=$1 WORDLIST="/usr/share/wordlists/dirb/common.txt" MAX_DEPTH=3 CURRENT_DEPTH=0

scan_directory() \\{ local url=$1 local depth=$2

if [ $depth -gt $MAX_DEPTH ]; then
    return
fi

echo "[+] Scanning $url (depth: $depth)"

# Scan current directory

| gobuster dir -u "$url" -w $WORDLIST -t 30 -q | grep "Status: 200" | while read line; do | found_path=$(echo $line|awk '\\{print $1\\}') full_url="$url$found_path"

    echo "Found: $full_url"

    # If it's a directory, scan recursively
    if [[ $found_path == */ ]]; then
        scan_directory "$full_url" $((depth + 1))
    fi
done

\\}

scan_directory $TARGET 0 ```_

Leistungsoptimierung

Gewinde und Geschwindigkeit

```bash

Optimal thread count (usually 20-50)

gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -t 30

Adjust timeout for slow servers

gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt --timeout 10s

Disable progress bar for better performance

gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt --no-progress ```_

Speicherverwaltung

```bash

For large wordlists, use streaming

gobuster dir -u http://target.com -w /usr/share/wordlists/SecLists/Discovery/Web-Content/directory-list-2.3-big.txt -t 20

Monitor memory usage

watch -n 1 'ps aux|grep gobuster' ```_

Fehlerbehebung

Gemeinsame Themen

```bash

SSL certificate issues

gobuster dir -u https://target.com -w /usr/share/wordlists/dirb/common.txt -k

Connection timeout

gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt --timeout 30s

Rate limiting

gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -t 1 -d 1s

DNS resolution issues

gobuster dns -d target.com -w /usr/share/wordlists/SecLists/Discovery/DNS/subdomains-top1million-5000.txt -r 8.8.8.8 ```_

Debug Mode

```bash

Enable debug output

gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt --debug

Verbose output

gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -v ```_

Best Practices

Strategie der Aufklärung

  1. *Start mit gemeinsamen Verzeichnissen: Verwenden Sie kleine, gemeinsame Wortlisten zuerst
  2. *Technologiespezifische Aufzählung: Verwenden Sie CMS-spezifische Wortlisten, wenn zutreffend
  3. ** Erweiterungszählung*: Immer relevante Dateierweiterungen einschließen
  4. *Rekursives Scannen: Scan gefundene Verzeichnisse für tiefere Aufzählungen
  5. *Begrenzte Sensibilisierung: Passen Sie Gewinde und Verzögerungen, um die Erkennung zu vermeiden

Stealth Überlegungen

```bash

Slow and stealthy scanning

gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -t 1 -d 2s -a "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36"

Use proxy for anonymity

gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -p http://proxy:8080

Random user agent rotation

gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -a "$(shuf -n1 user_agents.txt)" ```_

Ressourcen

--

*Dieses Betrügereiblatt bietet eine umfassende Referenz für die Verwendung von Gobuster. Stellen Sie immer sicher, dass Sie eine ordnungsgemäße Berechtigung haben, bevor Sie Web-Anwendung Sicherheitstests durchführen. *