Wiki » History » Version 4
Emanuele, 11/06/2019 03:24 PM
| 1 | 1 | Emanuele | h1. SRLabs Gobuster |
|---|---|---|---|
| 2 | |||
| 3 | SRL_Gobuster is a tool used to brute-force and perform web tests: |
||
| 4 | |||
| 5 | * URIs (directories and files) in web sites. |
||
| 6 | |||
| 7 | Compared to the original version it adds the following features: |
||
| 8 | |||
| 9 | * Enhanced _False Positives_ detection. |
||
| 10 | * Integration with _Nikto_ tests wordlist. |
||
| 11 | |||
| 12 | The wordlist we used is a enhanced version of the test list used by _Nikto_. |
||
| 13 | |||
| 14 | h2. Common Command line options |
||
| 15 | |||
| 16 | * `-fw` - force processing of a domain with wildcard results. |
||
| 17 | * `-np` - hide the progress output. |
||
| 18 | * `-q` - disables banner/underline output. |
||
| 19 | * `-t <threads>` - number of threads to run (default: `10`). |
||
| 20 | * `-u <url/domain>` - full URL (including scheme), or base domain name. |
||
| 21 | * `-v` - verbose output (show all results). |
||
| 22 | * `-w <wordlist>` - path to the nikto tests wordlist used for brute forcing. |
||
| 23 | * `-V` - path to the nikto variable file. |
||
| 24 | * `-v` - show verbose output. |
||
| 25 | * `-k` - Skip verification of SSL certificates. |
||
| 26 | * `-a <user agent string>` - specify a user agent string to send in the request header. |
||
| 27 | * `-c <http cookies>` - use this to specify any cookies that you might need (simulating auth). |
||
| 28 | * `-oj <path>` - output file for JSON export. |
||
| 29 | * `-o <file>` - specify a file name to write the output to. |
||
| 30 | * `-p <proxy url>` - specify a proxy to use for all requests (scheme much match the URL scheme). |
||
| 31 | * `-P <password>` - HTTP Authorization password (Basic Auth only, prompted if missing). |
||
| 32 | * `-U <username>` - HTTP Authorization username (Basic Auth only). |
||
| 33 | * `-to <timeout>` - HTTP timeout. Examples: 10s, 100ms, 1m (default: 10s). |
||
| 34 | |||
| 35 | |||
| 36 | h2. Building |
||
| 37 | |||
| 38 | Since this tool is written in [Go](https://golang.org/) you need install the Go language/compiler/etc. Full details of installation and set up can be found [on the Go language website](https://golang.org/doc/install). Once installed you have two options. |
||
| 39 | |||
| 40 | h2. Compiling |
||
| 41 | |||
| 42 | 2 | Emanuele | First of all we need to clone srl_gobuster: |
| 43 | |||
| 44 | <pre> |
||
| 45 | git clone https://opensource.srlabs.de:/git/srl_gobuster.git |
||
| 46 | </pre> |
||
| 47 | |||
| 48 | 1 | Emanuele | _gobuster_ now has external dependencies, and so they need to be pulled in first: |
| 49 | |||
| 50 | <pre> |
||
| 51 | 3 | Emanuele | gobuster $ cd $srl_gobuster_directory |
| 52 | 4 | Emanuele | gobuster $ export GOPATH=$(pwd); go get; go build |
| 53 | 1 | Emanuele | </pre> |
| 54 | |||
| 55 | This will create a `gobuster` binary for you. If you want to install it in the `$GOPATH/bin` folder you can run: |
||
| 56 | |||
| 57 | <pre> |
||
| 58 | gobuster $ go install |
||
| 59 | </pre> |
||
| 60 | |||
| 61 | If you have all the dependencies already, you can make use of the build scripts: |
||
| 62 | * `make` - builds for the current Go configuration (ie. runs `go build`). |
||
| 63 | * `make windows` - builds 32 and 64 bit binaries for windows, and writes them to the `build` subfolder. |
||
| 64 | * `make linux` - builds 32 and 64 bit binaries for linux, and writes them to the `build` subfolder. |
||
| 65 | * `make darwin` - builds 32 and 64 bit binaries for darwin, and writes them to the `build` subfolder. |
||
| 66 | * `make all` - builds for all platforms and architectures, and writes the resulting binaries to the `build` subfolder. |
||
| 67 | * `make clean` - clears out the `build` subfolder. |
||
| 68 | * `make test` - runs the tests. |
||
| 69 | |||
| 70 | h2. Running as a script |
||
| 71 | |||
| 72 | <pre> |
||
| 73 | gobuster $ go run main.go <parameters> |
||
| 74 | </pre> |
||
| 75 | |||
| 76 | |||
| 77 | h2. Examples |
||
| 78 | |||
| 79 | Command line might look like this: |
||
| 80 | |||
| 81 | <pre> |
||
| 82 | $ ./srl_gobuster -k -w ./db_test.txt -V db_variables -u https://example.com |
||
| 83 | |||
| 84 | ===================================================== |
||
| 85 | Gobuster v.srlabs.2.0.1 (OJ Reeves @TheColonial) |
||
| 86 | Modified in SRLabs by Emanuele Vineti |
||
| 87 | ===================================================== |
||
| 88 | [+] Url/Domain : https://example.com/ |
||
| 89 | [+] Threads : 10 |
||
| 90 | [+] Wordlist : db_test.txt |
||
| 91 | ===================================================== |
||
| 92 | 2019/11/01 11:59:27 Starting gobuster |
||
| 93 | ===================================================== |
||
| 94 | Found: /.sh_history (Status: 200) [Size: 28] |
||
| 95 | Found: /kboard/ (Status: 200) [Size: 5] |
||
| 96 | Found: /users.json (Status: 200) [Size: 3] |
||
| 97 | Progress: 24034 / 24034 (100.00%) |
||
| 98 | ===================================================== |
||
| 99 | 2019/11/01 12:02:31 Results |
||
| 100 | ===================================================== |
||
| 101 | ----------------------------------------------------- |
||
| 102 | - Test Code: 000016 |
||
| 103 | - Description: KBoard Forum 0.3.0 and prior have a security problem in forum_edit_post.php, forum_post.php and forum_reply.php |
||
| 104 | ----------------------------------------------------- |
||
| 105 | |||
| 106 | [*] uri: "/kboard/", status: "200" len: 5, body: "Test " |
||
| 107 | |||
| 108 | ----------------------------------------------------- |
||
| 109 | - Test Code: 007211 |
||
| 110 | - Description: This might be interesting... |
||
| 111 | ----------------------------------------------------- |
||
| 112 | |||
| 113 | [*] uri: "/users.json", status: "200" len: 3, body: "12 " |
||
| 114 | |||
| 115 | ----------------------------------------------------- |
||
| 116 | - Test Code: home_directory |
||
| 117 | - Description: Gobuster classic tests |
||
| 118 | ----------------------------------------------------- |
||
| 119 | |||
| 120 | [*] uri: ".sh_history", status: "200" len: 28, body: "curl test.com ping test.com " |
||
| 121 | |||
| 122 | ===================================================== |
||
| 123 | 2019/11/01 12:02:31 Finished |
||
| 124 | ===================================================== |
||
| 125 | </pre> |
||
| 126 | |||
| 127 | Quiet output, with status disabled and expanded mode looks like this ("grep mode"): |
||
| 128 | |||
| 129 | <pre> |
||
| 130 | $ ./srl_gobuster -k -w ./db_test.txt -V db_variables -u https://example.com -q |
||
| 131 | https://example.com/kboard/ |
||
| 132 | https://example.com/users.json |
||
| 133 | https://example.com/.sh_history |
||
| 134 | </pre> |