Vhost not working as expected

OJ / gobuster

Directory/File, DNS and VHost busting tool written in Go

Apache License 2.0

10.11k stars 1.2k forks source link

Vhost not working as expected #489

Open cyberhunter69 opened 7 months ago

cyberhunter69 commented 7 months ago

Hello,

The gobuster vhost mode is not woking properly in the gobuster v3.6. The command I put is : gobuster vhost --url http://webenum.thm -w /usr/share/wordlists/seclists/Discovery/DNS/subdomains-top1million-5000.txt In the wordlist there are 2 values that are true and the expected output is this :

Screenshot 2024-03-08 155521

But the output I have is this : Screenshot 2024-03-31 184402

Please note that the website is in my /etc/hosts with the IP address and the website works fine in firefox and with the other mode (dir) it works perfectly well but with vhost and dns modes it doesn't find any results.

Thank you in advance for your responses.

firefart commented 7 months ago

I guess you are missing the -append-domain and —domain switch. Without this the plain word from the wordlist will be sent in the host header which could explain the 400s. I’m planning to make this the default setting in the next version as it causes a lot of confusion

Aggelos11 commented 4 months ago

I guess you are missing the -append-domain and —domain switch. Without this the plain word from the wordlist will be sent in the host header which could explain the 400s. I’m planning to make this the default setting in the next version as it causes a lot of confusion

So what the correct command would look like ? Please show us in detail because this make the tool not reliable for vhost enumeration

mijnog commented 4 months ago

gobuster vhost -u http://webenum.thm -w subdomains-top1million-5000.txt --append-domain

Damn, I spent hours trying to figure this one out and earlier I even saw append domain as set to false when the scan ran, but I told myself, if the devs set that to default for vhosts, it must be for a reason. I'm kicking myself for not simply asking myself what if I change that option, makes sense right you're appending the domain to the prefix. But really, it should be default, unless there's a good reason not to have it as such.

mijnog commented 4 months ago

But anyway thank you for making such a cool tool, wish I could be a gigachad like you and code such intricate tools. I'm only at the level where I'm figuring out how to use these tools. One day...

hreluz commented 2 months ago

I was having the same issue @mijnog , so apparently with the append domain option you will get something like:

admin.webenum.thm
test.webenum.thm

without the append domain option you will get:

http://webenum.thm/admin
http://webenum.thm/test