gobuster Possible bug in vhost mode when website is behind cloudflare

Possible bug in vhost mode when website is behind cloudflare

Open erev0s opened this issue 4 years ago • 2 comments

When in vhost mode and run against a website which is NOT behind cloudflare then everything is fine. When I put the website behind cloudflare though

er@erev0s:~$ gobuster vhost -u erev0s.com -w awesome_wordlist.txt -v
===============================================================
Gobuster v3.0.1
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@_FireFart_)
===============================================================
[+] Url:          http://erev0s.com
[+] Threads:      10
[+] Wordlist:     awesome_wordlist.txt
[+] User Agent:   gobuster/3.0.1
[+] Verbose:      true
[+] Timeout:      10s
===============================================================
2020/02/02 21:57:42 Starting gobuster
===============================================================
Found: sgdfsd.erev0s.com (Status: 530) [Size: 3671]
Found: agsfdg.erev0s.com (Status: 530) [Size: 3671]
Found: hi.erev0s.com (Status: 530) [Size: 3659]
Found: fgsdfg.erev0s.com (Status: 530) [Size: 3671]
Found: www.erev0s.com (Status: 301) [Size: 338]
===============================================================
2020/02/02 21:57:42 Finished
===============================================================

As you can see it reports everything as found as Cloudflare returns status 530.

Maybe this is not classified as a bug, as it may not be considered as a problem with the code but rather you did not include the specific http code. Maybe you could include similar flags like in the dir mode so there are whitelisting/blacklisting status code capabilities to the vhost as well.

thank you for this awesome tool & keep up the great work