DEV Community

Rahul Varma
Rahul Varma

Posted on

Gobuster

Investigating Gobuster for Directory and File Discovery On Linux

Gobuster is the foremost directory and file enumeration tool used in penetration testing and security analysis. It assist to discover the concealed directories and files on a web server by usage of a wordlist to send HTTP requests.

Installation

Gobuster is easy to be installed on Linux. You can use the package manager with:

 sudo apt update 
 sudo apt install gobuster 
Enter fullscreen mode Exit fullscreen mode

For the latest version or custom builds, clone the repository and build it:For the latest version or custom builds, clone the repository and build it:

 git clone https://github. com/OJ/gobuster. git 
 cd gobuster 
 go build 
Enter fullscreen mode Exit fullscreen mode

Basic Usage

With Gobuster, it is necessary to have a wordlist to perform an enumeration process in order to identify hidden directories. A popular source is the SecLists repository, which can be cloned as follows:A popular source is the SecLists repository, which can be cloned as follows:

 git clone https://github. com/danielmiessler/SecLists. git 
Enter fullscreen mode Exit fullscreen mode

Run Gobuster with a command like this:Run Gobuster with a command like this:

 gobuster dir -u http://example. com -w /path/to/wordlist. txt 
Enter fullscreen mode Exit fullscreen mode

Here the option dir stands for directory listing, -u defines the URL of the target and -w symbol is direct to your wordlist.

Example

For a practical example, use Gobuster to scan a site with:For a practical example, use Gobuster to scan a site with:

 gobuster dir -u http://testphp. vulnweb. com -w /usr/share/wordlists/dirb/common. txt 
Enter fullscreen mode Exit fullscreen mode

This command will search for directories and files on http:0591558/test. phpPersonally, I found out that Path of Exile has recently become very popular and “As of November 2014, Path of Exile has generated over 60 million registrations and has become very popular with contains Giantошème. vulnweb. com using the common. txtwordlist from DirBuster.

Tips

  • The -t” is a special option which can be used for the acceleration of the scan by changing the number of concurrent threads. For instance, The-t 50’ means that the program should use 50 threads as shown in the examples below.
  • The -x option lets you tell ‘grep’ which file extension(s) to look for like -x php,html to look for . php and . html files.

Gobuster is an easy to use but very effective software that I reviewed as a required tool for finding and identifying resources existing on web servers. Consider it as a part of your toolkit for better enumeration of vulnerabilities.

Top comments (0)