gobuster v3.3 releases: Directory/file & DNS busting tool
Gobuster is a tool used to brute-force:
- URIs (directories and files) in web sites.
- DNS subdomains (with wildcard support).
- Virtual Host names on target web servers.
- Open Amazon S3 buckets
Oh dear God.. WHY!?
Because I wanted:
- … something that didn’t have a fat Java GUI (console FTW).
- … to build something that just worked on the command line.
- … something that did not do recursive brute force.
- … something that allowed me to brute force folders and multiple extensions at once.
- … something that compiled to native on multiple platforms.
- … something that was faster than an interpreted script (such as Python).
- … something that didn’t require a runtime.
- … use something that was good with concurrency (hence Go).
- … to build something in Go that wasn’t totally useless.
- Support TLS client certificates / mtls
- support loading extensions from file
- support fuzzing POST body, HTTP headers and basic auth
- new option to not canonicalize header names
go get github.com/OJ/gobuster
gobuster now has external dependencies, and so they need to be pulled in first:
gobuster $ go get && go build
This will create a gobuster binary for you. If you want to install it in the $GOPATH/bin folder you can run:
gobuster $ go install
Running as a script
gobuster$ go run main.go <parameters>
Show IP sample run goes like this:
Copyright 2015 OJ