KCN

Kaldei's Cybersecurity Notes

GOBUSTER

A directory, file, DNS and vhost busting tool, written in Go.

https://github.com/OJ/gobuster

Files and Folders Fuzz

gobuster dir -u http://[TARGET_IP]:[TARGET_PORT] -w myWordList -x php,txt,html
Search files.
gobuster dir -u http://[TARGET_IP]:[TARGET_PORT] -w myWordList
Search folders.

Flags

-u http://[TARGET_IP]:[TARGET_PORT]
Target folders.
-x php,txt,html
Target files.
-w myWordList
Wordlist.
-b 403,302
Exclude some code from response.
-U myUser
Username.
-P myPass
Password.

-e
Print the full URLs in your console.
-p [TARGET_IP]
Proxy to use for requests.
-c <http cookies>
Specify a cookie for simulating your auth.