gobuster icon indicating copy to clipboard operation
gobuster copied to clipboard

Published 20 hours ago verified publisher icon OJ

Feature Request: basic auth bruteforce on FUZZ mode

Open tiyeuse opened this issue 3 years ago • 2 comments

Currently gobuster can't bruteforce basic HTTP basic authentication easily (or I missed the option somewhere ?). With little improvements on the FUZZ mode, maybe this can be done with such a command line :

$ gobuster fuzz -u https://target.com/admin -U admin -P FUZZ -w passwords.txt

It will interpret the FUZZ word on the password option for HTTP basic auth.

tiyeuse avatar Dec 09 '21 15:12 tiyeuse

It seems to me it would make more sense to implement this as a new plugin so it would look something more like

gobuster auth -u https://target.com/admin -U admin -w passwords.txt

monomonedula avatar Dec 23 '21 16:12 monomonedula

Like Wfuzz, I find it very handy to put the keyword FUZZ anywhere I want and just fuzz it without adding new plugins for each action.

tiyeuse avatar Jan 06 '22 13:01 tiyeuse

this is now implemented on the dev branch

firefart avatar Oct 22 '22 20:10 firefart