CTR DOCs DEEP DIVE

Gobuster: Directory & File Brute-Forcing

Gobuster is a command-line tool used for brute-forcing URIs (directories and files), DNS subdomains, and virtual host names on web servers. It's a fundamental tool for web application reconnaissance, helping penetration testers discover hidden content and potential attack vectors that are not linked from the visible website.

Core Modes of Operation

While Gobuster has several modes, the two most commonly used are `dir` for directory/file discovery and `dns` for subdomain enumeration.

Directory & File Brute-Forcing (`dir` mode)

This mode uses a wordlist to rapidly make HTTP requests to a target server, trying to guess the names of directories and files. A successful guess is typically identified by a non-404 HTTP status code.

# Basic command to find directories
gobuster dir -u http://example.com -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt

# Command to find specific file types (e.g., PHP admin panels)
gobuster dir -u http://example.com -w /path/to/wordlist.txt -x .php,.bak,.config

Subdomain Enumeration (`dns` mode)

In this mode, Gobuster uses a wordlist to guess potential subdomains of a target domain, sending DNS queries for each guess (e.g., `admin.example.com`, `api.example.com`).

# Basic command to find subdomains
gobuster dns -d example.com -w /path/to/subdomains.txt

Defensive Measures:

Rate Limiting: Configure your web server or firewall to temporarily block IP addresses that make an excessive number of requests in a short period.
Web Application Firewall (WAF): A WAF can be configured with rulesets to detect and block common scanning tools like Gobuster based on their request patterns.
Minimize Information Disclosure: Avoid using common or guessable names for sensitive directories or files (e.g., `/admin`, `/backup`, `/config`).
Monitoring & Alerting: Monitor server logs for a high volume of 404 errors originating from a single IP address and set up alerts for such activity.

Resources and Further Reading

Official Gobuster GitHub Repository - The source code, official documentation, and release files.
Gobuster on Kali Linux Tools - An overview provided by the Kali Linux project.
HackTricks: Web Enumeration - A detailed guide on web enumeration techniques, which heavily features tools like Gobuster.