工具介紹

Gobuster這款工具基于Go編程語言開發(fā)，廣大研究人員可使用該工具來對(duì)目錄、文件、DNS和VHost等對(duì)象進(jìn)行暴力破解攻擊。目前，該工具剛剛發(fā)布了最新的Gobuster v3.0.1版本。

Gobuster可爆破的對(duì)象包括：

1、目標(biāo)站點(diǎn)中的URI（目錄或文件）；

2、DNS子域名（支持通配符）；

3、目標(biāo)Web服務(wù)器的虛擬主機(jī)名（VHost）；

工具優(yōu)勢(shì)

1、沒有使用臃腫的Java GUI，工具基于FTW控制臺(tái)實(shí)現(xiàn)；

2、可直接在命令行工具中執(zhí)行；

3、不會(huì)執(zhí)行遞歸爆破；

4、允許測(cè)試人員同時(shí)對(duì)目標(biāo)文件夾以及多種擴(kuò)展進(jìn)行爆破；

5、跨平臺(tái)支持；

6、運(yùn)行速度比解釋型腳本的運(yùn)行速度快；

7、不需要運(yùn)行時(shí)環(huán)境；

8、并發(fā)性支持；

Gobuster v3.0.1新特性

1、引入了新的命令行選項(xiàng)；

2、性能優(yōu)化，網(wǎng)絡(luò)連接更穩(wěn)定；

3、新增VHost名爆破支持；

4、可提供自定義的HTTP頭；

工具可選模式

dir：傳統(tǒng)的目錄爆破模式；

dns：DNS子域名爆破模式；

vhost：虛擬主機(jī)爆破模式；

內(nèi)置幫助菜單

gobuster help：輸出完整的幫助信息

gobuster help <mode>：輸出指定模塊的幫助信息

dns模式幫助

Usage:

gobuster dns [flags]

Flags:

d, --domain string ?????The target domain

h, --help ??????????????help for dns

r, --resolver string ???Use custom DNS server (format server.com or server.com:port)

c, --showcname ?????????Show CNAME records (cannot be used with '-i' option)

i, --showips ???????????Show IP addresses

? ?--timeout duration ??DNS resolver timeout (default 1s)

? ?--wildcard ??????????Force continued operation when wildcard found

中文翻譯：

d, --domain string 目標(biāo)域 h, --help dns 幫助 r, --resolver string 使用自定義 DNS 服務(wù)器（格式 server.com 或 server.com:port） c, --showcname 顯示 CNAME 記錄（不能與 '-i' 選項(xiàng)一起使用） i, --showips 顯示 IP 地址 --timeout 持續(xù)時(shí)間 DNS 解析器超時(shí)（默認(rèn) 1 秒） --wildcard 找到通配符時(shí)強(qiáng)制繼續(xù)操作

Global Flags:

z, --noprogress ???????Don't display progress

o, --output string ????Output file to write results to (defaults to stdout)

q, --quiet ????????????Don't print the banner and other noise

t, --threads int ??????Number of concurrent threads (default 10)

??????--delay duration ???Time each thread waits between requests (e.g. 1500ms)

v, --verbose ??????????Verbose output (errors)

w, --wordlist string ??Path to the wordlist

中文翻譯：

z, --noprogress 不顯示進(jìn)度 o, --output string 要將結(jié)果寫入的輸出文件（默認(rèn)為 stdout） q, --quiet 不打印橫幅和其他噪音 t, --threads int 并發(fā)線程數(shù)（默認(rèn) 10） --delay duration 每個(gè)線程在請(qǐng)求之間等待的時(shí)間（例如 1500 毫秒） v, --verbose 詳細(xì)輸出（錯(cuò)誤） w, --wordlist string 詞表的路徑

dir模式選項(xiàng)

Usage:

gobuster dir [flags]

Flags:

f, --addslash ?????????????????????Append / to each request

c, --cookies string ???????????????Cookies to use for the requests

e, --expanded ?????????????????????Expanded mode, print full URLs

x, --extensions string ????????????File extension(s) to search for

r, --followredirect ???????????????Follow redirects

H, --headers stringArray ??????????Specify HTTP headers, -H 'Header1: val1' -H 'Header2: val2'

h, --help ?????????????????????????help for dir

l, --includelength ????????????????Include the length of the body in the output

k, --insecuressl ??????????????????Skip SSL certificate verification

n, --nostatus ?????????????????????Don't print status codes

P, --password string ??????????????Password for Basic Auth

p, --proxy string ?????????????????Proxy to use for requests [http(s)://host:port]

s, --statuscodes string ???????????Positive status codes (will be overwritten with statuscodesblacklist if set) (default "200,204,301,302,307,401,403")

b, --statuscodesblacklist string ??Negative status codes (will override statuscodes if set)

??????--timeout duration ?????????????HTTP Timeout (default 10s)

u, --url string ???????????????????The target URL

a, --useragent string ?????????????Set the User-Agent string (default "gobuster/3.0.1")

U, --username string ??????????????Username for Basic Auth

??????--wildcard ?????????????????????Force continued operation when wildcard found

中文翻譯：

f, --addslash 將 / 附加到每個(gè)請(qǐng)求 c, --cookies string 用于請(qǐng)求的 Cookie e, --expanded 展開模式，打印完整網(wǎng)址 x, --extensions string 要搜索的文件擴(kuò)展名 r, --followredirect 跟隨重定向 H, --headers stringArray 指定 HTTP 標(biāo)頭，-H 'Header1: val1' -H 'Header2: val2' h, --help 幫助目錄 l, --includelength 在輸出中包含正文的長(zhǎng)度 k, --insecuressl 跳過 SSL 證書驗(yàn)證 n, --nostatus 不打印狀態(tài)碼 P, --password string 基本身份驗(yàn)證的密碼 p, --proxy string 用于請(qǐng)求的代理 [http(s)://host:port] s, --statuscodes string 正狀態(tài)代碼（如果設(shè)置，將被狀態(tài)代碼黑名單覆蓋）（默認(rèn)“200,204,301,302,307,401,403”） b, --statuscodesblacklist string 否定狀態(tài)代碼（如果設(shè)置將覆蓋狀態(tài)代碼） --timeout duration HTTP 超時(shí)（默認(rèn) 10 秒） u, --url string 目標(biāo)網(wǎng)址 a, --useragent string 設(shè)置User-Agent字符串（默認(rèn)“gobuster/3.0.1”） U, --username string 基本身份驗(yàn)證的用戶名 --wildcard 找到通配符時(shí)強(qiáng)制繼續(xù)操作

Global Flags:

z, --noprogress ???????Don't display progress

o, --output string ????Output file to write results to (defaults to stdout)

q, --quiet ????????????Don't print the banner and other noise

t, --threads int ??????Number of concurrent threads (default 10)

??????--delay duration ???Time each thread waits between requests (e.g. 1500ms)

v, --verbose ??????????Verbose output (errors)

w, --wordlist string ??Path to the wordlist

中文翻譯：

z, --noprogress 不顯示進(jìn)度 o, --output string 要將結(jié)果寫入的輸出文件（默認(rèn)為 stdout） q, --quiet 不打印橫幅和其他噪音 t, --threads int 并發(fā)線程數(shù)（默認(rèn) 10） --delay duration 每個(gè)線程在請(qǐng)求之間等待的時(shí)間（例如 1500 毫秒） v, --verbose 詳細(xì)輸出（錯(cuò)誤） w, --wordlist string 詞表的路徑

vhost模式選項(xiàng)

Usage:

gobuster vhost [flags]

Flags:

c, --cookies string ???????Cookies to use for the requests

r, --followredirect ???????Follow redirects

H, --headers stringArray ??Specify HTTP headers, -H 'Header1: val1' -H 'Header2: val2'

h, --help ?????????????????help for vhost

k, --insecuressl ??????????Skip SSL certificate verification

P, --password string ??????Password for Basic Auth

p, --proxy string ?????????Proxy to use for requests [http(s)://host:port]

??????--timeout duration ?????HTTP Timeout (default 10s)

u, --url string ???????????The target URL

a, --useragent string ?????Set the User-Agent string (default "gobuster/3.0.1")

U, --username string ??????Username for Basic Auth

中文翻譯：

c, --cookies string 用于請(qǐng)求的 Cookie r, --followredirect 跟隨重定向 H, --headers stringArray 指定 HTTP 標(biāo)頭，-H 'Header1: val1' -H 'Header2: val2' h, --help 虛擬主機(jī)的幫助 k, --insecuressl 跳過 SSL 證書驗(yàn)證 P, --password string 基本身份驗(yàn)證的密碼 p, --proxy string 用于請(qǐng)求的代理 [http(s)://host:port] --timeout duration HTTP 超時(shí)（默認(rèn) 10 秒） u, --url string 目標(biāo)網(wǎng)址 a, --useragent string 設(shè)置User-Agent字符串（默認(rèn)“gobuster/3.0.1”） U, --username string 基本身份驗(yàn)證的用戶名

Global Flags:

z, --noprogress ???????Don't display progress

o, --output string ????Output file to write results to (defaults to stdout)

q, --quiet ????????????Don't print the banner and other noise

t, --threads int ??????Number of concurrent threads (default 10)

??????--delay duration ???Time each thread waits between requests (e.g. 1500ms)

v, --verbose ??????????Verbose output (errors)

w, --wordlist string ??Path to the wordlist

中文翻譯：

z, --noprogress 不顯示進(jìn)度 o, --output string 要將結(jié)果寫入的輸出文件（默認(rèn)為 stdout） q, --quiet 不打印橫幅和其他噪音 t, --threads int 并發(fā)線程數(shù)（默認(rèn) 10） --delay duration 每個(gè)線程在請(qǐng)求之間等待的時(shí)間（例如 1500 毫秒） v, --verbose 詳細(xì)輸出（錯(cuò)誤） w, --wordlist string 詞表的路徑

工具安裝

代碼發(fā)布

我們已經(jīng)將項(xiàng)目的源碼發(fā)布到了Gobuster的GitHub主頁，廣大用戶目前無需自行構(gòu)建項(xiàng)目代碼。

下載地址：【Releases頁面?zhèn)魉烷T】

使用“go get”

如果你已經(jīng)搭建好了Go環(huán)境，你就可以直接使用下列命令來下載和安裝Gobuster：

go get github.com/OJ/gobuster

源碼構(gòu)建

由于該工具采用Go語言開發(fā)，那么用戶首先就需要安裝Go語言環(huán)境和編譯器等等。關(guān)于Go環(huán)境的具體配置信息，可以參考Go語言的【官方網(wǎng)站】。

編譯

gobuster現(xiàn)在引入了外部依賴組件，所以我們需要先配置依賴組件：

go get && go build

該命令將會(huì)創(chuàng)建一份gobuster代碼，運(yùn)行下列命令即可在$GOPATH/bin目錄中安裝：

go install

配置好所有的依賴組件之后，我們就可以使用代碼構(gòu)建腳本了：

make - 使用當(dāng)前Go配置來構(gòu)建工具，例如“go build”；

make windows - 構(gòu)建32位或64位Windows程序，并將其寫入build子目錄；

make linux - 構(gòu)建32位或64位Linux程序，并將其寫入build子目錄；

make darwin - 構(gòu)建32位或64位Darwin程序，并將其寫入build子目錄；

make all - 構(gòu)建跨平臺(tái)程序，并將其寫入build子目錄；

make clean - 清理build子目錄；

make test - 運(yùn)行測(cè)試；

字典與STDIN

字典文件可以直接通過stdin嵌入到gobuster：

hashcat -a 3 --stdout ?l | gobuster dir -u https://mysite.com -w -

使用樣例

dir模式

命令行運(yùn)行：

gobuster dir -u https://mysite.com/path/to/folder -c 'session=123456' -t 50 -w common-files.txt -x .php,.html

默認(rèn)選項(xiàng)如下：

1. gobuster dir -u https://buffered.io -w ~/wordlists/shortlist.txt

2. ===============================================================

3. Gobuster v3.0.1

4. by OJ Reeves (@TheColonial) & Christian Mehlmauer (@_FireFart_)

5. ===============================================================

6. [+] Mode ? ? ? ? : dir

7. [+] Url/Domain ? : https://buffered.io/

8. [+] Threads ? ? ?: 10

9. [+] Wordlist ? ? : /home/oj/wordlists/shortlist.txt

10. [+] Status codes : 200,204,301,302,307,401,403

11. [+] User Agent ? : gobuster/3.0.1

12. [+] Timeout ? ? ?: 10s

13. ===============================================================

14. 2019/06/21 11:49:43 Starting gobuster

15. ===============================================================

16. /categories (Status: 301)

17. /contact (Status: 301)

18. /posts (Status: 301)

19. /index (Status: 200)

20. ===============================================================

21. 2019/06/21 11:49:44 Finished

22. ===============================================================

禁用狀態(tài)碼的默認(rèn)選項(xiàng)：

1. gobuster dir -u https://buffered.io -w ~/wordlists/shortlist.txt -n

2. ===============================================================

3. Gobuster v3.0.1

4. by OJ Reeves (@TheColonial) & Christian Mehlmauer (@_FireFart_)

5. ===============================================================

6. [+] Mode ? ? ? ? : dir

7. [+] Url/Domain ? : https://buffered.io/

8. [+] Threads ? ? ?: 10

9. [+] Wordlist ? ? : /home/oj/wordlists/shortlist.txt

10. [+] Status codes : 200,204,301,302,307,401,403

11. [+] User Agent ? : gobuster/3.0.1

12. [+] No status ? ?: true

13. [+] Timeout ? ? ?: 10s

14. ===============================================================

15. 2019/06/21 11:50:18 Starting gobuster

16. ===============================================================

17. /categories

18. /contact

19. /index

20. /posts

21. ===============================================================

22. 2019/06/21 11:50:18 Finished

23. ===============================================================

Verbose輸出：

1. gobuster dir -u https://buffered.io -w ~/wordlists/shortlist.txt -v

2. ===============================================================

3. Gobuster v3.0.1

4. by OJ Reeves (@TheColonial) & Christian Mehlmauer (@_FireFart_)

5. ===============================================================

6. [+] Mode ? ? ? ? : dir

7. [+] Url/Domain ? : https://buffered.io/

8. [+] Threads ? ? ?: 10

9. [+] Wordlist ? ? : /home/oj/wordlists/shortlist.txt

10. [+] Status codes : 200,204,301,302,307,401,403

11. [+] User Agent ? : gobuster/3.0.1

12. [+] Verbose ? ? ?: true

13. [+] Timeout ? ? ?: 10s

14. ===============================================================

15. 2019/06/21 11:50:51 Starting gobuster

16. ===============================================================

17. Missed: /alsodoesnotexist (Status: 404)

18. Found: /index (Status: 200)

19. Missed: /doesnotexist (Status: 404)

20. Found: /categories (Status: 301)

21. Found: /posts (Status: 301)

22. Found: /contact (Status: 301)

23. ===============================================================

24. 2019/06/21 11:50:51 Finished

25. ===============================================================

顯示內(nèi)容長(zhǎng)度：

1. gobuster dir -u https://buffered.io -w ~/wordlists/shortlist.txt -l

2. ===============================================================

3. Gobuster v3.0.1

4. by OJ Reeves (@TheColonial) & Christian Mehlmauer (@_FireFart_)

5. ===============================================================

6. [+] Mode ? ? ? ? : dir

7. [+] Url/Domain ? : https://buffered.io/

8. [+] Threads ? ? ?: 10

9. [+] Wordlist ? ? : /home/oj/wordlists/shortlist.txt

10. [+] Status codes : 200,204,301,302,307,401,403

11. [+] User Agent ? : gobuster/3.0.1

12. [+] Show length ?: true

13. [+] Timeout ? ? ?: 10s

14. ===============================================================

15. 2019/06/21 11:51:16 Starting gobuster

16. ===============================================================

17. /categories (Status: 301) [Size: 178]

18. /posts (Status: 301) [Size: 178]

19. /contact (Status: 301) [Size: 178]

20. /index (Status: 200) [Size: 51759]

21. ===============================================================

22. 2019/06/21 11:51:17 Finished

23. ===============================================================

dns模式

命令行運(yùn)行：

gobuster dns -d mysite.com -t 50 -w common-names.txt

運(yùn)行樣例：

1. gobuster dns -d google.com -w ~/wordlists/subdomains.txt

2. ===============================================================

3. Gobuster v3.0.1

4. by OJ Reeves (@TheColonial) & Christian Mehlmauer (@_FireFart_)

5. ===============================================================

6. [+] Mode ? ? ? ? : dns

7. [+] Url/Domain ? : google.com

8. [+] Threads ? ? ?: 10

9. [+] Wordlist ? ? : /home/oj/wordlists/subdomains.txt

10. ===============================================================

11. 2019/06/21 11:54:20 Starting gobuster

12. ===============================================================

13. Found: chrome.google.com

14. Found: ns1.google.com

15. Found: admin.google.com

16. Found: www.google.com

17. Found: m.google.com

18. Found: support.google.com

19. Found: translate.google.com

20. Found: cse.google.com

21. Found: news.google.com

22. Found: music.google.com

23. Found: mail.google.com

24. Found: store.google.com

25. Found: mobile.google.com

26. Found: search.google.com

27. Found: wap.google.com

28. Found: directory.google.com

29. Found: local.google.com

30. Found: blog.google.com

31. ===============================================================

32. 2019/06/21 11:54:20 Finished

33. ===============================================================

IP樣本運(yùn)行：

1. gobuster dns -d google.com -w ~/wordlists/subdomains.txt -i

2. ===============================================================

3. Gobuster v3.0.1

4. by OJ Reeves (@TheColonial) & Christian Mehlmauer (@_FireFart_)

5. ===============================================================

6. [+] Mode ? ? ? ? : dns

7. [+] Url/Domain ? : google.com

8. [+] Threads ? ? ?: 10

9. [+] Wordlist ? ? : /home/oj/wordlists/subdomains.txt

10. ===============================================================

11. 2019/06/21 11:54:54 Starting gobuster

12. ===============================================================

13. Found: www.google.com [172.217.25.36, 2404:6800:4006:802::2004]

14. Found: admin.google.com [172.217.25.46, 2404:6800:4006:806::200e]

15. Found: store.google.com [172.217.167.78, 2404:6800:4006:802::200e]

16. Found: mobile.google.com [172.217.25.43, 2404:6800:4006:802::200b]

17. Found: ns1.google.com [216.239.32.10, 2001:4860:4802:32::a]

18. Found: m.google.com [172.217.25.43, 2404:6800:4006:802::200b]

19. Found: cse.google.com [172.217.25.46, 2404:6800:4006:80a::200e]

20. Found: chrome.google.com [172.217.25.46, 2404:6800:4006:802::200e]

21. Found: search.google.com [172.217.25.46, 2404:6800:4006:802::200e]

22. Found: local.google.com [172.217.25.46, 2404:6800:4006:80a::200e]

23. Found: news.google.com [172.217.25.46, 2404:6800:4006:802::200e]

24. Found: blog.google.com [216.58.199.73, 2404:6800:4006:806::2009]

25. Found: support.google.com [172.217.25.46, 2404:6800:4006:802::200e]

26. Found: wap.google.com [172.217.25.46, 2404:6800:4006:802::200e]

27. Found: directory.google.com [172.217.25.46, 2404:6800:4006:802::200e]

28. Found: translate.google.com [172.217.25.46, 2404:6800:4006:802::200e]

29. Found: music.google.com [172.217.25.46, 2404:6800:4006:802::200e]

30. Found: mail.google.com [172.217.25.37, 2404:6800:4006:802::2005]

31. ===============================================================

32. 2019/06/21 11:54:55 Finished

33. ===============================================================

DNS通配符檢測(cè)：

1. gobuster dns -d 0.0.1.xip.io -w ~/wordlists/subdomains.txt

2. ===============================================================

3. Gobuster v3.0.1

4. by OJ Reeves (@TheColonial) & Christian Mehlmauer (@_FireFart_)

5. ===============================================================

6. [+] Mode ? ? ? ? : dns

7. [+] Url/Domain ? : 0.0.1.xip.io

8. [+] Threads ? ? ?: 10

9. [+] Wordlist ? ? : /home/oj/wordlists/subdomains.txt

10. ===============================================================

11. 2019/06/21 12:13:48 Starting gobuster

12. ===============================================================

13. 2019/06/21 12:13:48 [-] Wildcard DNS found. IP address(es): 1.0.0.0

14. 2019/06/21 12:13:48 [!] To force processing of Wildcard DNS, specify the '--wildcard' switch.

15. ===============================================================

16. 2019/06/21 12:13:48 Finished

17. ===============================================================

vhost模式

命令行運(yùn)行：

gobuster vhost -u https://mysite.com -w common-vhosts.txt

常規(guī)樣本運(yùn)行結(jié)果：

1. gobuster vhost -u https://mysite.com -w common-vhosts.txt

2. ===============================================================

3. Gobuster v3.0.1

4. by OJ Reeves (@TheColonial) & Christian Mehlmauer (@_FireFart_)

5. ===============================================================

6. [+] Url: ? ? ? ? ?https://mysite.com

7. [+] Threads: ? ? ?10

8. [+] Wordlist: ? ? common-vhosts.txt

9. [+] User Agent: ? gobuster/3.0.1

10. [+] Timeout: ? ? ?10s

11. ===============================================================

12. 2019/06/21 08:36:00 Starting gobuster

13. ===============================================================

14. Found: www.mysite.com

15. Found: piwik.mysite.com

16. Found: mail.mysite.com

17. ===============================================================

18. 2019/06/21 08:36:05 Finished

19. ===============================================================

項(xiàng)目地址

https://github.com/OJ/gobuster