Tips & Tricks

Scan web servers for hidden content with GoBuster

by |Published

GoBuster is a versatile enumeration tool for domains and websites. This guide shall give an overview on how to use GoBuster.

GoBuster Homepage: https://github.com/OJ/gobuster

Directory Scanning

Almost every website consists of multiple pages and directories. Let’s take the Pentesterlab website as an example. The landing page is located at https://pentesterlab.com/. If I want to browse the available exercises I get sent to https://pentesterlab.com/exercises. The Bootcamp page is located at https://pentesterlab.com/bootcamp.

These are all pages that are publicly linked and intended for anyone to view. But what about pages that should not be visible to everyone? For example a login page to the admin panel or a misconfigured directory containing confidential information? Maybe an unreleased feature with vulnerabilities?

This is where GoBuster comes in handy. GoBuster is a tool that can automatically scan web servers for pages and directories by going through a wordlist and testing each entry against the server.

An example:

gobuster dir -w wordlist --url https://mywebsite.com

You want to scan https://mywebsite.com and your wordlist contains the following entries:

- login
- contact
- secret
- uploads

GoBuster will try to access:

 https://mywebsite.com/login
 https://mywebsite.com/contact
 https://mywebsite.com/secret
 https://mywebsite.com/uploads

Every site that GoBuster can successfully access will be added to the result.

DNS Subdomain Scanning

GoBuster can also enumerate subdomains the same way it can with directories. Some domains use subdomains to differentiate their services, for example:

mail.google.com
docs.google.com
calendar.google.com

If you want to enumerate subdomains you can do DNS scanning with GoBuster.

gobuster dns -d mywebsite.com -w wordlist

Doing this for google.com returns the following output:

┌──(kali㉿kali)-[~]
└─$ gobuster dns -d google.com -w /usr/share/wordlists/subdomains-100.txt 
===============================================================
Gobuster v3.3
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@firefart)
===============================================================
[+] Domain:     google.com
[+] Threads:    10
[+] Timeout:    1s
[+] Wordlist:   /usr/share/wordlists/subdomains-100.txt
===============================================================
2022/12/05 15:28:45 Starting gobuster in DNS enumeration mode
===============================================================
Found: mail.google.com
Found: www.google.com

Found: smtp.google.com

Found: ns1.google.com

Found: ns2.google.com

Found: m.google.com

Found: blog.google.com

Found: ns.google.com

Found: admin.google.com

Found: ns3.google.com

Found: news.google.com

Found: vpn.google.com

Found: support.google.com

Found: mobile.google.com

Found: docs.google.com

Found: calendar.google.com

Found: web.google.com

Found: email.google.com

Found: images.google.com

Found: video.google.com

Found: api.google.com

Found: ns4.google.com

Found: dns.google.com

Found: search.google.com

Found: chat.google.com

Found: wap.google.com

Found: ads.google.com

Found: sites.google.com

Found: apps.google.com

Found: download.google.com

Found: store.google.com

Found: files.google.com

Found: sms.google.com

Found: ipv4.google.com
                                                                                                                                                                                                                                                                                                                         
===============================================================
2022/12/05 15:28:47 Finished
===============================================================

You may also like

Leave a comment

Your email address will not be published. Required fields are marked *

Consent Management Platform by Real Cookie Banner