---

gobusterをmacosにインストールして使う

---

概要

更新履歴

• 2024/02/29　初版

目次

• 概要
• 更新履歴
• 目次
• はじめに
• インストール
• 調査の実施
• ウェブサイトのURIを調査
• ターゲットウェブサーバー上のバーチャルホスト名
• DNSサブドメイン（ワイルドカード対応）

はじめに

• このドキュメントはブルートフォースツールであるgobusterをmacOSにインストールして使ってみる手順を記録したものである．
• なお，このドキュメントは普段通り作ったけど操作ミスで消えちゃったので手抜きで．
• gobusterには次のような機能がある．
  
• ウェブサイトのURI（ディレクトリとファイル）。
• DNSサブドメイン（ワイルドカード対応）。
• ターゲットウェブサーバー上のバーチャルホスト名
• オープンAmazon S3バケット
• Google Cloudのオープンバケット
• TFTPサーバー

インストール

• 今回はHomeBrewでインストールした．


$ brew info gobuster🆑
==> gobuster: stable 3.6.0 (bottled)
Directory/file & DNS busting tool written in Go
https://github.com/OJ/gobuster
/usr/local/Cellar/gobuster/3.6.0 (8 files, 8.4MB) *
  Poured from bottle using the formulae.brew.sh API on 2024-02-29 at 12:42:24
From: https://github.com/Homebrew/homebrew-core/blob/HEAD/Formula/g/gobuster.rb
License: Apache-2.0
==> Dependencies
Build: go ✘
==> Caveats
Bash completion has been installed to:
  /usr/local/etc/bash_completion.d
==> Analytics
install: 384 (30 days), 1,135 (90 days), 4,854 (365 days)
install-on-request: 384 (30 days), 1,135 (90 days), 4,854 (365 days)
build-error: 0 (30 days)
$

調査の実施

• いくつかのオプションを使って調査を実施．
• 今回の調査対象は，次のような違法薬物販売サイトと思われるサイト．

ウェブサイトのURIを調査

• ディレクトリを捜査する．
• ディレクトリの捜査に使うwordlistはdirbで入手したものを利用．
  


$ gobuster dir -u https://valsheet-pl.com/ -w /Users/ujpadmin/bin/dirb/dirb222/wordlists/common.txt🆑
===============================================================
Gobuster v3.6
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@firefart)
===============================================================
[+] Url:                     https://valsheet-pl.com/
[+] Method:                  GET
[+] Threads:                 10
[+] Wordlist:                /Users/ujpadmin/bin/dirb/dirb222/wordlists/common.txt
[+] Negative Status codes:   404
[+] User Agent:              gobuster/3.6
[+] Timeout:                 10s
===============================================================
Starting gobuster in directory enumeration mode
===============================================================
/.git/HEAD            (Status: 403) [Size: 199]
/.htpasswd            (Status: 403) [Size: 199]
/.htaccess            (Status: 403) [Size: 199]
/.config              (Status: 403) [Size: 199]
/.hta                 (Status: 403) [Size: 199]
/.svn/entries         (Status: 403) [Size: 199]
/_vti_bin/_vti_aut/author.dll (Status: 403) [Size: 199]
/_vti_bin/shtml.dll   (Status: 403) [Size: 199]
/_vti_bin/_vti_adm/admin.dll (Status: 403) [Size: 199]
/akeeba.backend.log   (Status: 403) [Size: 199]
/awstats.conf         (Status: 403) [Size: 199]
/cgi-bin              (Status: 301) [Size: 240] [--> https://valsheet-pl.com/cgi-bin/]
/cgi-bin/             (Status: 403) [Size: 199]
/config               (Status: 302) [Size: 0] [--> http://valsheet-pl.com:2222]
/css                  (Status: 301) [Size: 236] [--> https://valsheet-pl.com/css/]
/development.log      (Status: 403) [Size: 199]
/favicon.ico          (Status: 200) [Size: 4286]
/global.asax          (Status: 403) [Size: 199]
/global.asa           (Status: 403) [Size: 199]
/img                  (Status: 301) [Size: 236] [--> https://valsheet-pl.com/img/]
/index.html           (Status: 200) [Size: 27282]
/js                   (Status: 301) [Size: 235] [--> https://valsheet-pl.com/js/]
/main.mdb             (Status: 403) [Size: 199]
/php.ini              (Status: 403) [Size: 199]
/phpmyadmin           (Status: 301) [Size: 243] [--> https://valsheet-pl.com/phpmyadmin/]🈁
/phpMyAdmin           (Status: 301) [Size: 243] [--> https://valsheet-pl.com/phpMyAdmin/]
/pma                  (Status: 301) [Size: 236] [--> https://valsheet-pl.com/pma/]
/production.log       (Status: 403) [Size: 199]
/server-info          (Status: 401) [Size: 381]
/server-status        (Status: 403) [Size: 199]
/spamlog.log          (Status: 403) [Size: 199]
/thumbs.db            (Status: 403) [Size: 199]
/Thumbs.db            (Status: 403) [Size: 199]
/web.config           (Status: 403) [Size: 199]
/webmail              (Status: 301) [Size: 240] [--> https://valsheet-pl.com/webmail/]🈁
/WS_FTP.LOG           (Status: 403) [Size: 199]
Progress: 4614 / 4615 (99.98%)
===============================================================
Finished
===============================================================
$

• いくつか見つかったページにアクセスしてみる．
• まずはphpMyAdminのページ．

• 次にWebmail．
  

• 実際に存在し，アクセスできた．

ターゲットウェブサーバー上のバーチャルホスト名

• 次に，vhostを調査．この調査結果はDNSとは異なるものになる．


$ gobuster vhost -u https://valsheet-pl.com/ -w /Users/ujpadmin/bin/dirb/dirb222/wordlists/common.txt🆑
===============================================================
Gobuster v3.6
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@firefart)
===============================================================
[+] Url:             https://valsheet-pl.com/
[+] Method:          GET
[+] Threads:         10
[+] Wordlist:        /Users/ujpadmin/bin/dirb/dirb222/wordlists/common.txt
[+] User Agent:      gobuster/3.6
[+] Timeout:         10s
[+] Append Domain:   false
===============================================================
Starting gobuster in VHOST enumeration mode
===============================================================
[ERROR] Get "https://valsheet-pl.com/": http: invalid Host header
Found: ~adm Status: 400 [Size: 226]
Found: ~admin Status: 400 [Size: 226]
Found: ~administrator Status: 400 [Size: 226]
Found: ~amanda Status: 400 [Size: 226]
Found: ~apache Status: 400 [Size: 226]
Found: ~bin Status: 400 [Size: 226]
Found: ~ftp Status: 400 [Size: 226]
Found: ~guest Status: 400 [Size: 226]
Found: ~http Status: 400 [Size: 226]
Found: ~httpd Status: 400 [Size: 226]
Found: ~log Status: 400 [Size: 226]
Found: ~logs Status: 400 [Size: 226]
Found: ~lp Status: 400 [Size: 226]
Found: ~mail Status: 400 [Size: 226]
Found: ~nobody Status: 400 [Size: 226]
Found: ~operator Status: 400 [Size: 226]
Found: ~root Status: 400 [Size: 226]
Found: ~sys Status: 400 [Size: 226]
Found: ~sysadm Status: 400 [Size: 226]
Found: ~sysadmin Status: 400 [Size: 226]
Found: ~test Status: 400 [Size: 226]
Found: ~tmp Status: 400 [Size: 226]
Found: ~user Status: 400 [Size: 226]
Found: ~webmaster Status: 400 [Size: 226]
Found: ~www Status: 400 [Size: 226]
Found: 0 Status: 400 [Size: 226]
^C
[!] Keyboard interrupt detected, terminating.
Progress: 192 / 4615 (4.16%)
===============================================================
Finished
===============================================================
$

DNSサブドメイン（ワイルドカード対応）

• DNS情報からサブドメインを捜査する．

$ gobuster dns -d valsheet-pl.com -w /Users/ujpadmin/bin/dirb/dirb222/wordlists/common.txt🆑
===============================================================
Gobuster v3.6
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@firefart)
===============================================================
[+] Domain:     valsheet-pl.com
[+] Threads:    10
[+] Timeout:    1s
[+] Wordlist:   /Users/ujpadmin/bin/dirb/dirb222/wordlists/common.txt
===============================================================
Starting gobuster in DNS enumeration mode
===============================================================
Found: ac.valsheet-pl.com

Found: cp.valsheet-pl.com

Found: ftp.valsheet-pl.com

Found: mail.valsheet-pl.com

Found: pop.valsheet-pl.com

Found: smtp.valsheet-pl.com

Progress: 4166 / 4615 (90.27%)^C
[!] Keyboard interrupt detected, terminating.
Progress: 4206 / 4615 (91.14%)
===============================================================
Finished
===============================================================
$

• -tオプションを指定するとスレッド数(同時処理数)を上げることができる．
• デフォルトでは10でREADME.mdでは50となっている．
• ただし同時処理数を上げることでルータの最大NAT数の上限を超える可能性があ流ので実行には注意する．