How to use the command gobuster (with examples)

How to use the command gobuster (with examples)

Gobuster is a command-line tool that brute-forces hidden paths on web servers and more. It is widely used for web application penetration testing and vulnerability assessments. Gobuster offers various modes to discover directories, subdomains, virtual hosts, and more.

Use case 1: Discover directories and files that match in the wordlist

Code:

gobuster dir --url https://example.com/ --wordlist path/to/file

Motivation: The motivation behind using this example is to discover hidden directories and files on a web server. This can be useful for finding unprotected or misconfigured endpoints that may lead to sensitive information exposure or potential vulnerabilities.

Explanation:

  • gobuster dir: specifies the gobuster mode as directory bruteforcing.
  • --url https://example.com/: sets the target URL to https://example.com/ .
  • --wordlist path/to/file: specifies the path to the wordlist file containing the directory and file names to be checked.

Example output:

/.hta (Status: 403)
/.htpasswd (Status: 403)
/admin (Status: 301)
/index.html (Status: 200)
/robots.txt (Status: 200)

Use case 2: Discover subdomains

Code:

gobuster dns --domain example.com --wordlist path/to/file

Motivation: The motivation behind using this example is to enumerate subdomains of a target domain. This can help in identifying potentially vulnerable or misconfigured subdomains that could be exploited for unauthorized access.

Explanation:

  • gobuster dns: specifies the gobuster mode as DNS bruteforcing.
  • --domain example.com: sets the target domain to example.com.
  • --wordlist path/to/file: specifies the path to the wordlist file containing the subdomain names to be checked.

Example output:

admin.example.com (Status: 200)
dev.example.com (Status: 403)
staging.example.com (Status: 200)
test.example.com (Status: 301)

Use case 3: Discover Amazon S3 buckets

Code:

gobuster s3 --wordlist path/to/file

Motivation: The motivation behind using this example is to discover publicly accessible Amazon S3 buckets. This can help in identifying potential data leakage or misconfigured S3 buckets that may expose sensitive information.

Explanation:

  • gobuster s3: specifies the gobuster mode as S3 bucket bruteforcing.
  • --wordlist path/to/file: specifies the path to the wordlist file containing the possible bucket names to be checked.

Example output:

example-bucket1 (Status: 403)
example-bucket2 (Status: 200)
example-bucket3 (Status: 200)

Use case 4: Discover other virtual hosts on the server

Code:

gobuster vhost --url https://example.com/ --wordlist path/to/file

Motivation: The motivation behind using this example is to identify other virtual hosts hosted on the same server. This can help in detecting shared hosting misconfigurations, which may allow unauthorized access to other websites hosted on the same server.

Explanation:

  • gobuster vhost: specifies the gobuster mode as virtual host bruteforcing.
  • --url https://example.com/: sets the target URL for virtual host scanning to https://example.com/ .
  • --wordlist path/to/file: specifies the path to the wordlist file containing the possible virtual hostnames to be checked.

Example output:

site1.example.com (Status: 403)
site2.example.com (Status: 200)
site3.example.com (Status: 403)

Use case 5: Fuzz the value of a parameter

Code:

gobuster fuzz --url https://example.com/?parameter=FUZZ --wordlist path/to/file

Motivation: The motivation behind using this example is to fuzz test a specific parameter value in a URL. This can help in identifying potential injection or misconfiguration vulnerabilities related to that parameter.

Explanation:

  • gobuster fuzz: specifies the gobuster mode as parameter fuzzing.
  • --url https://example.com/?parameter=FUZZ: sets the target URL with the FUZZ placeholder where the parameter value will be replaced.
  • --wordlist path/to/file: specifies the path to the wordlist file containing the possible values to be fuzzed.

Example output:

https://example.com/?parameter=admin (Status: 200)
https://example.com/?parameter=user (Status: 403)
https://example.com/?parameter=guest (Status: 200)

Use case 6: Fuzz the name of a parameter

Code:

gobuster fuzz --url https://example.com/?FUZZ=value --wordlist path/to/file

Motivation: The motivation behind using this example is to fuzz test the name of a parameter in a URL. This can help in discovering hidden or undocumented parameters that could be potentially abused for unauthorized access or injection attacks.

Explanation:

  • gobuster fuzz: specifies the gobuster mode as parameter name fuzzing.
  • --url https://example.com/?FUZZ=value: sets the target URL with the FUZZ placeholder where the parameter name will be replaced.
  • --wordlist path/to/file: specifies the path to the wordlist file containing the possible parameter names to be fuzzed.

Example output:

https://example.com/?admin=value (Status: 200)
https://example.com/?user=value (Status: 403)
https://example.com/?guest=value (Status: 200)

Conclusion:

Gobuster is a powerful command-line tool for discovering hidden paths, subdomains, virtual hosts, and more on web servers. With its various modes and extensive wordlist support, it helps in identifying potential vulnerabilities and misconfigurations in web applications. By using the examples provided, users can maximize the effectiveness of gobuster in their web application penetration testing and vulnerability assessment efforts.

Related Posts

How to use the command 'docker logs' (with examples)

How to use the command 'docker logs' (with examples)

The ‘docker logs’ command is used to print the logs of a container.

Read More
Using the `kubectl` Command (with examples)

Using the `kubectl` Command (with examples)

List information about a resource with more details kubectl get pod|service|deployment|ingress|.

Read More
Docker Pull Command (with examples)

Docker Pull Command (with examples)

Introduction The docker pull command is used to download Docker images from a registry.

Read More