Gobuster Review Tools

Introduction and credit

Before I start to review the tools, I would like to give credit to OJ Reeves and Christian Mehlmauer for Gobuster tools.

Gobuster is been used for Bruteforce Dir, Vhost and DNS of the target’s domain which will provide the attacker on the information on the website.

For those who don’t have Gobuster installed in their machine, below are the instruction that can be followed to ensure the tools installed in the machine.

Installation of Gobuster

Mac OS Installation

To install gobuster on Mac OS machine, the user will have to run brew for the installation. The user can read here on brew installation on Mac OS.

Firstly, open the Terminal base and type the command brew install go buster and will have wait for it to be completed. The progress to be complete is normally depending on the internet connection.

The screenshot above is taken to show that it was successfully completed using the brew command. In my case, it just takes around a few minutes to fully installed on the machine.

Kali Linux Operating System

For those are using Kali Linux Operating System, you can use the command as below

sudo apt-get install gobuster

Once it has been completely installed on the machine, you can run the command gobuster and the interface will appear something like follows:

Usage of Gobuster.

Some of the people outside there should aware of the command gobuster -u <ip address/url address> -w /usr/share/wordlists/dirb/common.txt However, those commands are not been used anymore in gobuster where they have modified to a new command which is slightly different from the old commands.

The new commands can be used as shown below:

gobuster dir -u <ip address/url address> -w /usr/share/wordlists/dirb/common.txt –wildcard

Due to testing progress, it will take a few minutes for it to complete. For any user to understand what the status code is can look at the information that i will share.

HTTP Status Code

Source: Wikipedia

  • 200 (Means the website is OK!)
  • 204 (Means that website can be accessed but there will be no content available)
  • 301 ( Means that the website address have been redirecting or moved permanently from the previous address)
  • 302 ( Means that the website have been moved back to the previous address)
  • 307 ( Means that the website is temporarily moved to the different url)
  • 401 ( Means that unauthorized user can’t be able to access the website)
  • 403 ( Means that the website have been blacklist to the public)

Source: Gobuster and Brew

Reference and Credit: OJ Reeves and Christian Mehlmauer

Author: Wan Ariff

He brings with him working experience in Information Security filed which specializing in Penetration Testing and Digital Forensic. His passion is more to IT Security

Leave a Reply

Your email address will not be published. Required fields are marked *