Reemo Blog
260 words
1 minutes
[Web] Basic Web crack tools
2023-11-23
Buster
Security
/
Buster
/
Web

Table of Contents#

  1. Gobuster
  2. Wfuzz
  3. Fuzz

[Web] gobuster#

Directory/File, DNS and VHost busting tool written in Go.

https://cybersecbits.com/gobuster-finding-web-files-and-directories
https://github.com/OJ/gobuster

For finding:

  • Files
  • Directories
  • Subdomains

Mode options#

  • dir: Directory / File enumeration mode (For finding html / php / static content …)
  • dns: DNS subdomain enumeration mode (For subdomain e.g. www.example.com, mail.example.com)
  • vhost: VHOST enumeration mode (For vhost e.g. www.example.com, mail.example.com)
  • fuzz: fuzzing mode for parameter (For test parameter e.g. https://example.com?FUZZ=test)
  • s3: fuzzing aws bucket enumeration mode (For destination)

Dir mode#

Basic usage#

gobuster dir -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -u 10.10.103.116 

gobuster dir -w ~/wordlists/shortlist.txt -u https://buffered.io

With Cookies#

gobuster dir -w ~/wordlists/shortlist.txt -u https://buffered.io -c 'session=123456'

Specific .html and .php#

gobuster dir -w ~/wordlists/shortlist.txt -u https://buffered.io -x .php,.html

DNS mode#

You may set up the /etc/hosts with e.g. 103.43.132.43 hello.io before buste the DNS

Basic usage#

gobuster dns -d thetoppers.htb -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt

gobuster dns -d google.com -w /usr/share/wordlists/dirbuster/subdomains.txt

Shows ip#

gobuster dns -d google.com -w ~/wordlists/subdomains.txt -i

Vhost mode#

Basic usage#

gobuster vhost -u https://mysite.com -w common-vhosts.txt

Fuzz Mode#

Basic usage#

gobuster fuzz -u https://example.com?FUZZ=test -w parameter-names.txt

[Web] wfuzz#

Similar to gobuster

Using the word FUZZ as the variables

Guess the file / folder, ignore 404#

wfuzz -z file,/usr/share/wordlists/wfuzz/general/medium.txt http://10.129.158.135/FUZZ

Guess the file / folder#

wfuzz -z file,/usr/share/wordlists/wfuzz/general/medium.txt --hc 404 http://10.129.158.135/FUZZ

Guess sub domain#

wfuzz -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -H "Host: FUZZ.thetoppers.htb" --sc 302 http://thetoppers.htb/

[Web] ffuf#

Fast web fuzzer written in Go https://github.com/ffuf/ffuf

Basic usage#

Buste a file / dir#

ffuf -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -u https://target/FUZZ

Buste a Query#

ffuf -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -u https://target/script.php?FUZZ=test_value

Buste a Query#

ffuf -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -u https://target/script.php?FUZZ=test_value

Buste a POST data#

  • -fc: filtering out the 401 responses
ffuf -w /path/to/postdata.txt -X POST -d "username=admin\&password=FUZZ" -u https://target/login.php -fc 401

Buste a POST JSON data#

-w: word list path -X: HTTP Method -H: Headers -d: Data -fr: Match all responses not containing text “error”

ffuf -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -u https://example.org/ -X POST -H "Content-Type: application/json" -d '{"name": "FUZZ", "anotherkey": "anothervalue"}' -fr "error"
[Python] Annotations to typescript developers
[Hash] Basic hash crack tools