You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I was thinking how neat it would be if you could have a third brute mode (mixed?) that combined the dns and directory brute. Just a thought but something like you pass a main top level domain, dns wordlist, and a web dir/file list. Then as gobuster discovers subdomains it kicks off a web dir brute, maybe after a quick check for port 80/443. I could have a go at working up a pull request for this if you like...
The text was updated successfully, but these errors were encountered:
Thanks for the suggestion @johnnyDEP, but the answer is an emphatic "no" :)
I'm not keen on this because:
This invokes a spray and pray attitude, which isn't really the way I do assessments.
It involves the concern of filtering results, or compartmentalising them, which totally ruins the concurrency aspect.
It would rely on the addition of a pipeline of events that would be painful to tie together.
There are other reasons that are more opinion than fact, so I'll keep them to myself. But in short, I don't really think I would like gobuster to head in this direction.
I was thinking how neat it would be if you could have a third brute mode (mixed?) that combined the dns and directory brute. Just a thought but something like you pass a main top level domain, dns wordlist, and a web dir/file list. Then as gobuster discovers subdomains it kicks off a web dir brute, maybe after a quick check for port 80/443. I could have a go at working up a pull request for this if you like...
The text was updated successfully, but these errors were encountered: