目录文件DNSVHost暴力破解工具：Gobuster

目录/文件/DNS/VHost暴力破解工具：Gobu

                                                                                        ┌──(root㉿kali)-[~]
└─# gobuster help
Usage:
  gobuster [command]
 
Available Commands:
  dir         Uses directory/file enumeration mode
  dns         Uses DNS subdomain enumeration mode
  fuzz        Uses fuzzing mode
  help        Help about any command
  s3          Uses aws bucket enumeration mode
  version     shows the current version
  vhost       Uses VHOST enumeration mode
 
Flags:
      --delay duration    Time each thread waits between requests (e.g. 1500ms)
  -h, --help              help for gobuster
      --no-error          Don't display errors
  -z, --no-progress       Don't display progress
  -o, --output string     Output file to write results to (defaults to stdout)
  -p, --pattern string    File containing replacement patterns
  -q, --quiet             Don't print the banner and other noise
  -t, --threads int       Number of concurrent threads (default 10)
  -v, --verbose           Verbose output (errors)
  -w, --wordlist string   Path to the wordlist
 
Use "gobuster [command] --help" for more information about a command.
 

可用模式

• dir - 经典目录暴力破解模式

• dns - DNS子域暴力破解模式

• vhost - 虚拟主机强制模式（与DNS不同！）

内置帮助

• gobuster help - 输出顶级帮助。

• gobuster help - 输出特定于该模式的帮助 。

使用字典

可以通过向-w选项应用字典传递到gobuster中：

hashcat -a 3 --stdout ?l | gobuster dir -u https://mysite.com -w -

dir模式

┌──(root㉿kali)-[~]
└─# gobuster dir -u http://114.67.175.224:17682/  -w /usr/share/wordlists/dirb/common.txt
===============================================================
Gobuster v3.1.0
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@firefart)
===============================================================
[+] Url:                     http://114.67.175.224:17682/
[+] Method:                  GET
[+] Threads:                 10
[+] Wordlist:                /usr/share/wordlists/dirb/common.txt
[+] Negative Status codes:   404
[+] User Agent:              gobuster/3.1.0
[+] Timeout:                 10s
===============================================================
2022/05/03 20:32:41 Starting gobuster in directory enumeration mode
===============================================================
/.git/HEAD            (Status: 200) [Size: 23]
/.hta                 (Status: 403) [Size: 282]
/.htpasswd            (Status: 403) [Size: 282]
/.htaccess            (Status: 403) [Size: 282]
/index.html           (Status: 200) [Size: 139]
/server-status        (Status: 403) [Size: 282]
                                               
===============================================================
2022/05/03 20:33:01 Finished
===============================================================
         

dns 模式

gobuster dns -d mysite.com -t 50 -w common-names.txt

vhost 模式

gobuster vhost -u https://mysite.com -w common-vhosts.txt