GoBuster is a versatile enumeration tool for domains and websites. This guide shall give an overview on how to use GoBuster.
GoBuster Homepage: https://github.com/OJ/gobuster
Table of Contents
Directory Scanning
Almost every website consists of multiple pages and directories. Let’s take the Pentesterlab website as an example. The landing page is located at https://pentesterlab.com/. If I want to browse the available exercises I get sent to https://pentesterlab.com/exercises. The Bootcamp page is located at https://pentesterlab.com/bootcamp.
These are all pages that are publicly linked and intended for anyone to view. But what about pages that should not be visible to everyone? For example a login page to the admin panel or a misconfigured directory containing confidential information? Maybe an unreleased feature with vulnerabilities?
This is where GoBuster comes in handy. GoBuster is a tool that can automatically scan web servers for pages and directories by going through a wordlist and testing each entry against the server.
An example:
gobuster dir -w wordlist --url https://mywebsite.com
You want to scan https://mywebsite.com and your wordlist contains the following entries:
- login
- contact
- secret
- uploads
GoBuster will try to access:
https://mywebsite.com/login
https://mywebsite.com/contact
https://mywebsite.com/secret
https://mywebsite.com/uploads
Every site that GoBuster can successfully access will be added to the result.
DNS Subdomain Scanning
GoBuster can also enumerate subdomains the same way it can with directories. Some domains use subdomains to differentiate their services, for example:
mail.google.com
docs.google.com
calendar.google.com
If you want to enumerate subdomains you can do DNS scanning with GoBuster.
gobuster dns -d mywebsite.com -w wordlist
Doing this for google.com returns the following output:
┌──(kali㉿kali)-[~]
└─$ gobuster dns -d google.com -w /usr/share/wordlists/subdomains-100.txt
===============================================================
Gobuster v3.3
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@firefart)
===============================================================
[+] Domain: google.com
[+] Threads: 10
[+] Timeout: 1s
[+] Wordlist: /usr/share/wordlists/subdomains-100.txt
===============================================================
2022/12/05 15:28:45 Starting gobuster in DNS enumeration mode
===============================================================
Found: mail.google.com
Found: www.google.com
Found: smtp.google.com
Found: ns1.google.com
Found: ns2.google.com
Found: m.google.com
Found: blog.google.com
Found: ns.google.com
Found: admin.google.com
Found: ns3.google.com
Found: news.google.com
Found: vpn.google.com
Found: support.google.com
Found: mobile.google.com
Found: docs.google.com
Found: calendar.google.com
Found: web.google.com
Found: email.google.com
Found: images.google.com
Found: video.google.com
Found: api.google.com
Found: ns4.google.com
Found: dns.google.com
Found: search.google.com
Found: chat.google.com
Found: wap.google.com
Found: ads.google.com
Found: sites.google.com
Found: apps.google.com
Found: download.google.com
Found: store.google.com
Found: files.google.com
Found: sms.google.com
Found: ipv4.google.com
===============================================================
2022/12/05 15:28:47 Finished
===============================================================