Website reconnaissance: Web reconnaissance tools # 1 – Gobuster

Tram Ho

0. Web reconnaissance

Reconnaissance (or Information Gathering or Enumeration) is the first step of penetration testing (pentest), in which the goal is to find as much information as possible about the pentest Website.
In this Recon step, to be efficient, accurate, and save time and effort, the use of built-in tools or self-writing tools is required.
Today I will introduce to you one tool I use recently: Gobuster

Note: Wordlist you can search and download for free on the internet to use.

1. Introduction and installation

A powerful and new tool, preferred on Kali Linux, written in Golang and updated regularly. Gobuster is a tool used to brute force URLs on websites and DNS subdomains. You can view the full source code here.

To install, in Kali Linux, type: apt-get install gobuster

2. Use

Gobuster provides 3 main mode options: DIR, DNS and vHOST
In this article we will learn about the main, commonly used and useful options.

2.1. Dir mode: Scan the URLs of websites according to wordlist

To display the options in this mode, type: gobuster dir -h

We will consider the following command, which will also be a general, basic command used when you use Gobuster:

gobuster dir -u -w /home/vt103/wordlist/common.txt -l -t 30 -e -x php -o

  • is the address of 1 machine on , you can visit the website, register and play it
  • common.txt is the wordlist file I use, it has about 5000 words

And this is the result:

Let’s take a look at the options used:

dir: mode is selected
-u: the URL
-w: address of wordlist file in our device
-l: Print the length body of the response received
-t: number of threads used, default is 10
-e: used to print the result as a whole URL
-x: add an extension to brute force, for example -x php: add .php manually after URL requests
-o: print the results to a file for easy use later, the default will print to / home / because we call gobuster right at / home /

Some other options:

-U: username for website with Basic Authen
-P: password for websites with Basic Authen
-c: assign a cookie to the request
-s: assign HTTP status codes accepted, default is 200,204,301,302,307,401,403
-r: follow redirects

Based on the results of brute-force URLs above, we have the correct URL and the direction of this machine:

2.2 DNS mode: Scan the DNS subdomains of websites

To display the options in this mode, type: gobuster dns -h

The meaning of the options will be slightly different from the dir mode above. We will consider the following statement:

gobuster dns -d -w home / vt103 / wordlist / common.txt -t 30 -i -o dnsrecon.txt


-d: only domain name, no http: // or https: //
-w: address of wordlist file in our device
-t: Some threads are used, the default is 10
-i: display the target IP address
-o: print the result as a .txt file

And here is the result, how many of these do you already know? :

2.3 vHost mode: Scan vHost of website

To display the options in this mode, you type: gobuster vhost -h

This is a mode I rarely use, and even on gitub introduced by Gobuster, this mode is introduced quite sketchy. Readers can install and try it for themselves.

Github example: gobuster vhost -u -w common-vhosts.txt

3. Conclusion

Reconnaissance requires the use of a lot of different tools and information channels. Gobuster deserves to be in the “arsenal” of anyone who works on CyberSec because of its speed and efficiency. Happy Hacking!

Share the news now

Source : Viblo