Gobuster – Directory and DNS Busting Tool

Gobuster is a command line tool written in Go, This tool will allow penetration tester to perform brute-force against the target and have some valuable information available online. some of the benefits with using this tool is brute-forcing folders and extensions simultaneously, possible to compile on multiple platforms, works faster than interpreted scripts (such as Python), does not require a run-time environment.

Gobuster - Directory and DNS Busting Tool

Gobuster – Directory and DNS Busting Tool

When you will use this tool you will find 2 different mode. DNS mode and this will allow you find subdomains according to a predefined watch-list you create. the second mode directory mode and the tool called dir. DIR mode have larger options that include:

  • -a – specify a user agent string to send in the request header.
  • -c – use this to specify any cookies that you might need (simulating auth).
  • -e – specify extended mode that renders the full URL.
  • -f – append / for directory brute forces.
  • -k – Skip verification of SSL certificates.
  • -l – show the length of the response.
  • -n – “no status” mode, disables the output of the result’s status code.
  • -o – specify a file name to write the output to.
  • -p – specify a proxy to use for all requests (scheme much match the URL scheme).
  • -r – follow redirects.
  • -s – comma-separated set of the list of status codes to be deemed a “positive” (default: 200,204,301,302,307).
  • -x – list of extensions to check for, if any.
  • -P – HTTP Authorization password (Basic Auth only, prompted if missing).
  • -U – HTTP Authorization username (Basic Auth only).
  • -to – HTTP timeout. Examples: 10s, 100ms, 1m (default: 10s).

All of the described options make the user easily control the attack and test the target. The usual obstacles that may face penetration tester is different security modules on the network such as WAF, Firewalls and IDS/IPS so customizing user agent , scan settings and timeout will help into bypassing many of the protection measures.

You can read more and download this tool over here: https://github.com/OJ/

Notify of
Inline Feedbacks
View all comments