Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Potential third mode: mixed #34

Closed
johnnyDEP opened this issue Oct 17, 2016 · 1 comment
Closed

Potential third mode: mixed #34

johnnyDEP opened this issue Oct 17, 2016 · 1 comment

Comments

@johnnyDEP
Copy link

I was thinking how neat it would be if you could have a third brute mode (mixed?) that combined the dns and directory brute. Just a thought but something like you pass a main top level domain, dns wordlist, and a web dir/file list. Then as gobuster discovers subdomains it kicks off a web dir brute, maybe after a quick check for port 80/443. I could have a go at working up a pull request for this if you like...
@OJ
Copy link
Owner

OJ commented Oct 18, 2016

Thanks for the suggestion @johnnyDEP, but the answer is an emphatic "no" :)

I'm not keen on this because:

  • This invokes a spray and pray attitude, which isn't really the way I do assessments.
  • It involves the concern of filtering results, or compartmentalising them, which totally ruins the concurrency aspect.
  • It would rely on the addition of a pipeline of events that would be painful to tie together.

There are other reasons that are more opinion than fact, so I'll keep them to myself. But in short, I don't really think I would like gobuster to head in this direction.

I do appreciate the suggestion though.

Cheers!
OJ

@OJ OJ closed this as completed Oct 18, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@OJ @johnnyDEP