首页 > 其他分享 >GOBUSTER - 目录/文件和DNS爆破工具。

GOBUSTER - 目录/文件和DNS爆破工具。

时间:2023-08-01 16:34:16浏览次数:49  
标签:google 爆破 gobuster GOBUSTER 27 2018 DNS Found com


github:https://github.com/OJ/gobuster

常用命令行选项

  • -fw - 使用通配符结果强制处理域。
  • -np - 隐藏进度输出。
  • -m <mode>- 使用哪种模式,dir或者dns(默认:) dir
  • -q - 禁用横幅/下划线输出。
  • -t <threads>- 要运行的线程数(默认值:) 10
  • -u <url/domain> - 完整URL(包括方案)或基本域名。
  • -v - 详细输出(显示所有结果)。
  • -w <wordlist>- 用于暴力强制的wordlist的路径(-用于stdin)。

dns模式的命令行选项

  • -cn - 显示CNAME记录(不能与'-i'选项一起使用)。
  • -i - 显示结果的所有IP地址。

dir模式的命令行选项

  • -a <user agent string> - 指定要在请求标头中发送的用户代理字符串。
  • -c <http cookies> - 使用它来指定您可能需要的任何cookie(模拟身份验证)。
  • -e - 指定呈现完整URL的扩展模式。
  • -f- 附加/目录暴力。
  • -k - 跳过SSL证书的验证。
  • -l - 显示响应的长度。
  • -n - “无状态”模式,禁用结果状态代码的输出。
  • -o <file> - 指定要将输出写入的文件名。
  • -p <proxy url> - 指定用于所有请求的代理(方案与URL方案非常匹配)。
  • -r - 按照重定向。
  • -s <status codes>- 逗号分隔的状态代码列表集合被视为“正面”(默认值:) 200,204,301,302,307
  • -x <extensions> - 要检查的扩展名列表(如果有)。
  • -P <password> - HTTP授权密码(仅限基本身份验证,如果缺少则提示)。
  • -U <username> - HTTP授权用户名(仅限基本身份验证)。
  • -to <timeout> - HTTP超时。示例:10s,100ms,1m(默认值:10s)。

建造

由于此工具是用Go编写的,因此您需要安装Go语言/编译器/等。有关安装和设置的完整详细信息,请访问Go语言网站。安装后,您有两个选择。

编译

gobuster 现在有外部依赖,所以他们需要先被拉入:

gobuster $ go get && go build

这将为您创建gobuster二进制文件。如果要将其安装在$GOPATH/bin可以运行的文件夹中:

gobuster $ go install

如果您已经拥有所有依赖项,则可以使用构建脚本:

  • make- 为当前Go配置构建(即运行go build)。
  • make windows- 为Windows构建32位和64位二进制文件,并将它们写入build子文件夹。
  • make linux- 为linux构建32位和64位二进制文件,并将它们写入build子文件夹。
  • make darwin- 为darwin构建32位和64位二进制文件,并将它们写入build子文件夹。
  • make all- 为所有平台和体系结构构建,并将生成的二进制文件写入build子文件夹。
  • make clean- 清除build子文件夹。
  • make test - 运行测试。

作为脚本运行

gobuster $ go run main.go <parameters>

通过STDIN进行单词列表

生词能够管道输送到gobuster通过stdin通过提供--w选项:

hashcat -a 3 --stdout ?l | gobuster -u https://mysite.com -w -

注意:如果-w选项与STDIN的管道同时指定,则会显示错误,程序将终止。

例子

dir 模式

命令行可能如下所示:

$ gobuster -u https://mysite.com/path/to/folder -c 'session=123456' -t 50 -w common-files.txt -x .php,.html

默认选项如下所示:

$ gobuster -u https://buffered.io -w ~/wordlists/shortlist.txt

=====================================================
Gobuster v2.0.1              OJ Reeves (@TheColonial)
=====================================================
[+] Mode         : dir
[+] Url/Domain   : https://buffered.io/
[+] Threads      : 10
[+] Wordlist     : /home/oj/wordlists/shortlist.txt
[+] Status codes : 200,204,301,302,307,403
[+] Timeout      : 10s
=====================================================
2018/08/27 11:49:43 Starting gobuster
=====================================================
/categories (Status: 301)
/contact (Status: 301)
/posts (Status: 301)
/index (Status: 200)
=====================================================
2018/08/27 11:49:44 Finished
=====================================================

禁用状态代码的默认选项如下所示:

$ gobuster -u https://buffered.io -w ~/wordlists/shortlist.txt -n

=====================================================
Gobuster v2.0.1              OJ Reeves (@TheColonial)
=====================================================
[+] Mode         : dir
[+] Url/Domain   : https://buffered.io/
[+] Threads      : 10
[+] Wordlist     : /home/oj/wordlists/shortlist.txt
[+] Status codes : 200,204,301,302,307,403
[+] No status    : true
[+] Timeout      : 10s
=====================================================
2018/08/27 11:50:18 Starting gobuster
=====================================================
/categories
/contact
/index
/posts
=====================================================
2018/08/27 11:50:18 Finished
=====================================================

详细输出如下所示:

$ gobuster -u https://buffered.io -w ~/wordlists/shortlist.txt -v

=====================================================
Gobuster v2.0.1              OJ Reeves (@TheColonial)
=====================================================
[+] Mode         : dir
[+] Url/Domain   : https://buffered.io/
[+] Threads      : 10
[+] Wordlist     : /home/oj/wordlists/shortlist.txt
[+] Status codes : 200,204,301,302,307,403
[+] Verbose      : true
[+] Timeout      : 10s
=====================================================
2018/08/27 11:50:51 Starting gobuster
=====================================================
Missed: /alsodoesnotexist (Status: 404)
Found: /index (Status: 200)
Missed: /doesnotexist (Status: 404)
Found: /categories (Status: 301)
Found: /posts (Status: 301)
Found: /contact (Status: 301)
=====================================================
2018/08/27 11:50:51 Finished
=====================================================

显示内容长度的示例:

$ gobuster -u https://buffered.io -w ~/wordlists/shortlist.txt -l

=====================================================
Gobuster v2.0.1              OJ Reeves (@TheColonial)
=====================================================
[+] Mode         : dir
[+] Url/Domain   : https://buffered.io/
[+] Threads      : 10
[+] Wordlist     : /home/oj/wordlists/shortlist.txt
[+] Status codes : 200,204,301,302,307,403
[+] Show length  : true
[+] Timeout      : 10s
=====================================================
2018/08/27 11:51:16 Starting gobuster
=====================================================
/categories (Status: 301) [Size: 178]
/posts (Status: 301) [Size: 178]
/contact (Status: 301) [Size: 178]
/index (Status: 200) [Size: 51759]
=====================================================
2018/08/27 11:51:17 Finished
=====================================================

安静的输出,状态禁用和扩展模式看起来像这样(“grep模式”):

$ gobuster -u https://buffered.io -w ~/wordlists/shortlist.txt -q -n -e
https://buffered.io/index
https://buffered.io/contact
https://buffered.io/posts
https://buffered.io/categories

dns 模式

命令行可能如下所示:

$ gobuster -m dns -u mysite.com -t 50 -w common-names.txt

正常的样本运行如下:

$ gobuster -m dns -w ~/wordlists/subdomains.txt -u google.com

=====================================================
Gobuster v2.0.1              OJ Reeves (@TheColonial)
=====================================================
[+] Mode         : dns
[+] Url/Domain   : google.com
[+] Threads      : 10
[+] Wordlist     : /home/oj/wordlists/subdomains.txt
=====================================================
2018/08/27 11:54:20 Starting gobuster
=====================================================
Found: chrome.google.com
Found: ns1.google.com
Found: admin.google.com
Found: www.google.com
Found: m.google.com
Found: support.google.com
Found: translate.google.com
Found: cse.google.com
Found: news.google.com
Found: music.google.com
Found: mail.google.com
Found: store.google.com
Found: mobile.google.com
Found: search.google.com
Found: wap.google.com
Found: directory.google.com
Found: local.google.com
Found: blog.google.com
=====================================================
2018/08/27 11:54:20 Finished
=====================================================

显示IP示例运行如下:

$ gobuster -m dns -w ~/wordlists/subdomains.txt -u google.com -i

=====================================================
Gobuster v2.0.1              OJ Reeves (@TheColonial)
=====================================================
[+] Mode         : dns
[+] Url/Domain   : google.com
[+] Threads      : 10
[+] Wordlist     : /home/oj/wordlists/subdomains.txt
=====================================================
2018/08/27 11:54:54 Starting gobuster
=====================================================
Found: www.google.com [172.217.25.36, 2404:6800:4006:802::2004]
Found: admin.google.com [172.217.25.46, 2404:6800:4006:806::200e]
Found: store.google.com [172.217.167.78, 2404:6800:4006:802::200e]
Found: mobile.google.com [172.217.25.43, 2404:6800:4006:802::200b]
Found: ns1.google.com [216.239.32.10, 2001:4860:4802:32::a]
Found: m.google.com [172.217.25.43, 2404:6800:4006:802::200b]
Found: cse.google.com [172.217.25.46, 2404:6800:4006:80a::200e]
Found: chrome.google.com [172.217.25.46, 2404:6800:4006:802::200e]
Found: search.google.com [172.217.25.46, 2404:6800:4006:802::200e]
Found: local.google.com [172.217.25.46, 2404:6800:4006:80a::200e]
Found: news.google.com [172.217.25.46, 2404:6800:4006:802::200e]
Found: blog.google.com [216.58.199.73, 2404:6800:4006:806::2009]
Found: support.google.com [172.217.25.46, 2404:6800:4006:802::200e]
Found: wap.google.com [172.217.25.46, 2404:6800:4006:802::200e]
Found: directory.google.com [172.217.25.46, 2404:6800:4006:802::200e]
Found: translate.google.com [172.217.25.46, 2404:6800:4006:802::200e]
Found: music.google.com [172.217.25.46, 2404:6800:4006:802::200e]
Found: mail.google.com [172.217.25.37, 2404:6800:4006:802::2005]
=====================================================
2018/08/27 11:54:55 Finished
=====================================================

基域无法解析时的基本域验证警告。如果用户在键入域时发胖,则这是一个警告而不是失败。

$ gobuster -m dns -w ~/wordlists/subdomains.txt -u yp.to -i

=====================================================
Gobuster v2.0.1              OJ Reeves (@TheColonial)
=====================================================
[+] Mode         : dns
[+] Url/Domain   : yp.to
[+] Threads      : 10
[+] Wordlist     : /home/oj/wordlists/subdomains.txt
=====================================================
2018/08/27 11:56:43 Starting gobuster
=====================================================
2018/08/27 11:56:53 [-] Unable to validate base domain: yp.to
Found: cr.yp.to [131.193.32.108, 131.193.32.109]
=====================================================
2018/08/27 11:56:53 Finished
=====================================================

还可以正确检测到通配符DNS:

$ gobuster -m dns -w ~/wordlists/subdomains.txt -u 0.0.1.xip.io        

=====================================================
Gobuster v2.0.1              OJ Reeves (@TheColonial)
=====================================================
[+] Mode         : dns
[+] Url/Domain   : 0.0.1.xip.io
[+] Threads      : 10
[+] Wordlist     : /home/oj/wordlists/subdomains.txt
=====================================================
2018/08/27 12:13:48 Starting gobuster
=====================================================
2018/08/27 12:13:48 [-] Wildcard DNS found. IP address(es): 1.0.0.0
2018/08/27 12:13:48 [!] To force processing of Wildcard DNS, specify the '-fw' switch.
=====================================================
2018/08/27 12:13:48 Finished
=====================================================

如果用户想要强制处理具有通配符条目的域,请使用-fw

$ gobuster -m dns -w ~/wordlists/subdomains.txt -u 0.0.1.xip.io -fw

=====================================================
Gobuster v2.0.1              OJ Reeves (@TheColonial)
=====================================================
[+] Mode         : dns
[+] Url/Domain   : 0.0.1.xip.io
[+] Threads      : 10
[+] Wordlist     : /home/oj/wordlists/subdomains.txt
=====================================================
2018/08/27 12:13:51 Starting gobuster
=====================================================
2018/08/27 12:13:51 [-] Wildcard DNS found. IP address(es): 1.0.0.0
Found: 127.0.0.1.xip.io
Found: test.127.0.0.1.xip.io
=====================================================
2018/08/27 12:13:53 Finished
=====================================================

标签:google,爆破,gobuster,GOBUSTER,27,2018,DNS,Found,com
From: https://blog.51cto.com/u_14008060/6923901

相关文章

  • centos修改dns地址
    1、CentOS6.5设置静态IP、网关、配置DNS,解决ping不通外网问题2、Centos中IP与DNS手动设置方法3、主机无线上网,自动获取DNS,虚拟机上centos是桥接模式。DNS怎么设置CentOS6.5设置静态IP、网关、配置DNS,解决ping不通外网问题1、总结:上网配置好了之后,仍旧不能ping通外网......
  • DNS部署与安全
    1.DNS提供域名解析服务2.域名组成 www.主机名+sina.com.cn域名“主机名.域名”称为完全限定域名,主机名可以变,域名全球唯一www.baidu.com.  "."是根域,根域下的com是一级域名,类推下面的。DNS端口TCP/UDP53DNS解析种类:递归解析与迭代解析(方式) 客户机指向的服务器叫......
  • How to disable Windows 10 DNS Cache services
    HiAdithya,DisableDNSClientthroughregistry:GotoHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache,LocatetheStartregistrykeyandchangeitsvaluefrom2(Automatic)to4(Disabled)DisableDNSclientthroughcommandline:REGadd......
  • 主机名解析过程:Hosts文件 | DNS | windows查看DNS缓存 | 隐患
    摘要目的:本文以linux虚拟机和Windows为例,来介绍一下主机名解析过程主机名解析不完全是靠DNS一、基本概念主机名:比如www.baidu.com、hadoop100等等1.Hosts文件hosts文件是一个文本文件,用来记录IP和Hostname(主机名)的映射关系在Windows和linux里面都有Windows:C:\Wi......
  • ARP欺骗和DNS欺骗实现流程
    ARP欺骗和DNS欺骗实现流程场景:实现ARP欺骗攻击机:kali目标机:winxp1.  查看目标机ip地址,mac地址和网关地址,winxp命令行输入ipconfig/all得到ip地址192.168.21.131mac地址00-0C-29-F5-85-21网关地址192.168.21.2查看kali攻击机ip地址和mac地址,kali命令行输入ifconfi......
  • CentOS7 DNS 设置
    CentOS7,手工设置/etc/resolv.conf里的DNS,重启网络服务,系统会重新覆盖,一般采用以下办法修改DNS配置。1.使用命令行工具nmcli设置#显示当前网络连接nmcliconnectionshowNAMEUUIDTYPEDEVICEcni0ac5d429e-cbc2-......
  • DNS解析常见问题:如何为网站配置负载均衡?
    DNS解析常见问题:如何为网站配置负载均衡?早期的互联网应用,由于用户流量比较小,业务逻辑也比较简单,往往一个单服务器就能满足负载需求。随着现在互联网的流量越来越大,系统功能也越来越复杂,单台服务器就算将性能优化得再好,也不足以支撑太大流量的访问压力了,这个时候就需要使用多台机器,......
  • 1.2 架构DNS服务器使用的软件及它们的比较、特点
    架构DNS服务器使用的软件及它们的比较、特点DNS(DomainNameSystem)是互联网中用于将域名转换为IP地址的系统。在构建架构DNS服务器时,选择合适的软件是非常重要的。本文将介绍几种常见的架构DNS服务器软件,并对它们进行比较和特点分析。1.BINDBIND(BerkeleyInternetNameDomain)......
  • Docker自建DNS服务器
    www.yuansredevsecops.top1.搭建搭建依然使⽤docker,安装前请安装好docker的运⾏时环境。 #创建⼀个持久化存放⽂件的⽬录 mkdir-p/opt/docker/bind #使⽤容器创建应⽤ dockerrun--namebind-d--restart=always\ --publish53:53/tcp--publish53:53/udp--publ......
  • coredns的扩展配置
    1CoreDNS的默认配置Corefile:|.:53{errorsloghealth{lameduck15s}readykubernetes{{.ClusterDomain}}in-addr.arpaip6.arpa{podsverifiedfallthroughin-addr.arpai......