📌 Gobuster
[ Gobuster]
: webserver의 디렉터리나 파일들을 스캔할 수 있으며 해당 사이트의 DNS부속 서버도 스캔 할 수 있는 도구이다.
(kali)
더보기
──(kali㉿kali)-[~]
└─$ cd /usr
┌──(kali㉿kali)-[/usr]
└─$ ls
bin i686-w64-mingw32 lib lib64 local share x86_64-w64-mingw32
games include lib32 libexec sbin src x86_64-w64-mingw32ucrt
┌──(kali㉿kali)-[/usr]
└─$ cd share
┌──(kali㉿kali)-[/usr/share]
└─$ ls
accountsservice gstreamer-1.0 pipewire
aclocal gtk-3.0 pixmaps
alsa gtk-4.0 pkgconfig
alsa-card-profile gtk-doc plasma
amass gtksourceview-3.0 plymouth
apache2 gtksourceview-4 pocketsphinx
apparmor-features gtksourceview-5 pocl
application-registry guymager polkit-1
applications gvfs poppler
apport gvm postgresql
apps gvmd postgresql-common
apt-file hashcat powershell-empire
arp-scan hashcat-utils ppp
aspell hash-identifier proj
atril help publicsuffix
autopsy hunspell pulseaudio
avahi hydra python
awk i18n python3
backgrounds icons python3-pycparser
base-files icu python-apt
base-passwd ieee-data python-babel-localedata
bash-completion ike-scan python-odf
binfmts ImageMagick-6 python-tables
blueman images python-tinycss2-common
bug impacket python-wheels
build-essential inetsim qt5
burpsuite info qt5ct
ca-certificates initramfs-tools qt6
ca-certificates-java ipp-usb qt6ct
caja iproute2 qtchooser
catfish iptables qterminal
cffi-wheels iso-codes qtermwidget5
cherrytree java radare2
chromium javascript rdesktop
cmake java-wrappers readline
color john recon-ng
colord kali-defaults responder
color-schemes kali-menu ri
command-not-found kali-themes rsync
commix kali-undercover rubygems-integration
common-licenses keyrings ruby-mime-types-data
consolefonts keyutils runit
console-setup kismet sakis3g
consoletrans kismet-capture-common samba
creddump7 konsole sass
crunch ladspa screen
cryptsetup laudanum sddm
davtest legion set
dbd libaudio2 sgml
dbus-1 libc-bin sgml-base
debconf libdbi-perl sgml-data
debhelper libdrm skipfish
debianutils libffado2 smartmontools
defaults libgcrypt20 snmp
desktop-base libimage-exiftool-perl sounds
desktop-directories libinput spa-0.2
dict liblouis speech-dispatcher
dictionaries-common libmysofa sphinx_rtd_theme
dirb libthai spiderfoot
dirbuster libwacom spike
directfb-1.7.7 lightdm sqlmap
distro-info lightdm-gtk-greeter-settings ssl-cert
djvu lintian strongswan
dns locale system-config-printer
dnsenum luajit-2.1 systemd
dnsmap macchanger systemtap
dnsmasq-base magicrescue system-tools-backends-2.0
dnsrecon man tabset
doc mariadb tasksel
doc-base matplotlib tcltk
dotnet maven-repo terminfo
dpkg menu tex-common
drirc.d metainfo texlive
dsniff metasploit-framework texmf
easy-rsa mfx themes
emacs mime thumbnailers
emacsen-common mime-info Thunar
enchant-2 mingw-w64 tilix
enum4linux misc tsk
et mobile-broadband-provider-info ucf
ettercap ModemManager unicode
exploitdb mozilla unicorn-magic
faraday mysql-common unix-privesc-check
fern-wifi-cracker nano usb_modeswitch
figlet ncrack util-linux
file netpbm vboot
firebird3.0-common nfs-common vim
firefox-esr nginx vpnc-scripts
fish nikto vulkan
fontconfig nmap wallpapers
fonts nodejs webshells
fonts-droid-fallback nsis weevely
fonts-firacode numpy3 wfuzz
fonts-font-awesome offsec-awae-wheels whatweb
fonts-hack onboard windows-binaries
freetds openal windows-resources
gcc opensc wireplumber
GConf openssh wireshark
gdal openvas wordlists
gdb open-vm-tools X11
gdm openvpn xdg-desktop-portal
GeoIP orca xfce4
gettext os-prober xfce4-panel-profiles
ghostscript p11-kit xfwm4
git-core pam xgreeters
gitweb pam-configs xml
glade parole xml-core
glib-2.0 paster_templates xrdp
glvnd pdfid xsessions
gnome-background-properties perl yelp
gnome-control-center perl5 yelp-xsl
gnome-system-tools perl-openssl-defaults zoneinfo
gnupg php8.2-common zsh
graphviz php8.2-mysql zsh-autosuggestions
groff php8.2-opcache zsh-syntax-highlighting
grub php8.2-readline
gst-plugins-base pipal
┌──(kali㉿kali)-[/usr/share]
└─$ cd wordlists
┌──(kali㉿kali)-[/usr/share/wordlists]
└─$ ls
amass dirbuster fasttrack.txt john.lst metasploit rockyou.txt.gz wfuzz
dirb dnsmap.txt fern-wifi legion nmap.lst sqlmap.txt wifite.txt
┌──(kali㉿kali)-[/usr/share/wordlists]
└─$ cd dirb
┌──(kali㉿kali)-[/usr/share/wordlists/dirb]
└─$ ls
big.txt common.txt extensions_common.txt mutations_common.txt small.txt stress
catala.txt euskera.txt indexes.txt others spanish.txt vulns
┌──(kali㉿kali)-[/usr/share/wordlists/dirb]
└─$ cat common.txt
.bash_history
.bashrc
.cache
.config
.cvs
.cvsignore
.forward
.git/HEAD
.history
.hta
.htaccess
.htpasswd
.listing
.listings
.mysql_history
.passwd
.perf
.profile
.rhosts
.sh_history
.ssh
.subversion
.svn
.svn/entries
.swf
.web
@
_
_adm
_admin
_ajax
_archive
_assets
_backup
_baks
_borders
_cache
_catalogs
_code
_common
_conf
_config
_css
_data
_database
_db_backups
_derived
_dev
_dummy
_files
_flash
_fpclass
_images
_img
_inc
_include
_includes
_install
_js
_layouts
_lib
_media
_mem_bin
_mm
_mmserverscripts
_mygallery
_net
_notes
_old
_overlay
_pages
_private
_reports
_res
_resources
_scriptlibrary
[ 웹 서버 디렉터리 스캔 ]
┌──(kali㉿kali)-[~]
└─$ gobuster dir -u http://(해당 URL) -w /usr/share/wordlists/dirb/common.txt
u: URL을 적는다.
w: 사전파일을 적는다.
-t : 동시에 보낼 스레드 개수 ( 안적을 시 기본 10개)
더보기
┌──(kali㉿kali)-[~]
└─$ gobuster dir -u http://(해당 URL) -w /usr/share/wordlists/dirb/common.txt
===============================================================
Gobuster v3.6
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@firefart)
===============================================================
[+] Url: http://megabank.store
[+] Method: GET
[+] Threads: 10
[+] Wordlist: /usr/share/wordlists/dirb/common.txt
[+] Negative Status codes: 404
[+] User Agent: gobuster/3.6
[+] Timeout: 10s
===============================================================
Starting gobuster in directory enumeration mode
===============================================================
/.git/HEAD (Status: 200) [Size: 23]
/.hta (Status: 403) [Size: 279]
/.htpasswd (Status: 403) [Size: 279]
/.htaccess (Status: 403) [Size: 279]
/account (Status: 301) [Size: 318] [--> http://(해당 URL)/account/]
/api (Status: 301) [Size: 314] [--> http://(해당 URL)/api/]
/css (Status: 301) [Size: 314] [--> http://(해당 URL)/css/]
/index.php (Status: 200) [Size: 3009]
/javascript (Status: 301) [Size: 321] [--> http://(해당 URL)/javascript/]
/server-status (Status: 403) [Size: 279]
/transfer (Status: 301) [Size: 319] [--> http://(해당 URL)e/transfer/]
Progress: 4614 / 4615 (99.98%)
===============================================================
Finished
< 요약 >
- URL: http://(해당 URL)
- HTTP 메서드: GET
- 워드리스트: /usr/share/wordlists/dirb/common.txt
- 스레드 수: 10
- 상태 코드: 404 제외
- 확장 모드: true (확장된 파일명도 검색)
Status 200:
- http://(해당 URL)/.git/HEAD (200): 이 경로는 존재하며 접근 가능합니다. .git 디렉토리는 Git 저장소 메타데이터가 포함되어 있어, 정보 유출의 위험 있다.
- http://(해당 URL)/index.php (200): 이 경로도 존재하며, 일반적으로 웹 애플리케이션의 진입점이 될 수 있습니다.
리다이렉션 경로: /account, /api, /css, /javascript, /transfer와 같은 리다이렉션 경로가 존재. 이들은 추가적인 경로에서 공격을 시도할 수 있는 기회를 제공. 만약 이러한 경로에서 CSRF(Cross-Site Request Forgery)나 XSS(Cross-Site Scripting) 취약점이 존재한다면, 공격자가 세션 하이재킹 또는 사용자 정보를 탈취할 수 있다.
/git/HEAD: Git 리포지토리의 정보가 노출
[ 파일 확장자 지정 탐색]
┌──(kali㉿kali)-[~]
└─$ gobuster dir -u http://(해당 URL) -w /usr/share/wordlists/dirb/common.txt -x php,html,txt
'project' 카테고리의 다른 글
| 프로젝트 (bank - 웹 모의해킹 / OWASP Zap 사용) (0) | 2024.10.23 |
|---|---|
| project프로젝트 (bank 모의해킹 - 웹 모의해킹 / BEEF 사용) (0) | 2024.10.21 |
| 프로젝트 (bank - 데이터베이스 모의해킹/ sqlmap활용) (0) | 2024.10.15 |
| 프로젝트 (bank 취약점 분석 / nmap 활용) (0) | 2024.10.15 |
| 프로젝트 (bank 취약점 분석 / DIRB, NIKTO, Burp suite) (0) | 2024.10.11 |