Investigating Gobuster for Directory and File Discovery On Linux
Gobuster is the foremost directory and file enumeration tool used in penetration testing and security analysis. It assist to discover the concealed directories and files on a web server by usage of a wordlist to send HTTP requests.
Installation
Gobuster is easy to be installed on Linux. You can use the package manager with:
sudo apt update
sudo apt install gobuster
For the latest version or custom builds, clone the repository and build it:For the latest version or custom builds, clone the repository and build it:
git clone https://github. com/OJ/gobuster. git
cd gobuster
go build
Basic Usage
With Gobuster, it is necessary to have a wordlist to perform an enumeration process in order to identify hidden directories. A popular source is the SecLists repository, which can be cloned as follows:A popular source is the SecLists repository, which can be cloned as follows:
git clone https://github. com/danielmiessler/SecLists. git
Run Gobuster with a command like this:Run Gobuster with a command like this:
gobuster dir -u http://example. com -w /path/to/wordlist. txt
Here the option dir stands for directory listing, -u defines the URL of the target and -w symbol is direct to your wordlist.
Example
For a practical example, use Gobuster to scan a site with:For a practical example, use Gobuster to scan a site with:
gobuster dir -u http://testphp. vulnweb. com -w /usr/share/wordlists/dirb/common. txt
This command will search for directories and files on http:0591558/test. phpPersonally, I found out that Path of Exile has recently become very popular and “As of November 2014, Path of Exile has generated over 60 million registrations and has become very popular with contains Giantошème. vulnweb. com
using the common. txt
wordlist from DirBuster.
Tips
- The -t” is a special option which can be used for the acceleration of the scan by changing the number of concurrent threads. For instance, The-t 50’ means that the program should use 50 threads as shown in the examples below.
- The -x option lets you tell ‘grep’ which file extension(s) to look for like -x php,html to look for . php and . html files.
Gobuster is an easy to use but very effective software that I reviewed as a required tool for finding and identifying resources existing on web servers. Consider it as a part of your toolkit for better enumeration of vulnerabilities.
Top comments (0)