Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Gobuster pre-pending http:// when -u designation specifies an alternate port #39

Closed
Ohmjones opened this issue Jan 22, 2017 · 3 comments
Closed

Gobuster pre-pending http:// when -u designation specifies an alternate port #39

Ohmjones opened this issue Jan 22, 2017 · 3 comments

Comments

@Ohmjones
Copy link

Ohmjones commented Jan 22, 2017
edited by OJ

So, I looked to see if this was already addressed but didn't seem to be. Hope this was not an oversight on my end...

I am currently writing a script that, based off of nmap output will send the standard 80/443 port designation as well as any proxied http/https designations (i.e. 8080 or 8443) to gobuster. However, even when using gobuster -u syntax I receive this error:

Gobuster v1.2                OJ Reeves (@TheColonial)
=====================================================
[-] Unable to connect: http://10.10.10.10:443/

I was curious if there was a way to force gobuster to take the http:// or https:// off and still have it query the URI by just navigating 10.10.10.10:443/dirtest/ or 10.10.10.10:10000/dirtest/, etc....

I realize this might cause issues with certain web technologies, where it requires the http:// or https:// designation - so I'm starting to wonder if maybe it's my script that's causing this...
@OJ
Copy link
Owner

OJ commented Jan 24, 2017

Hi @Ohmjones,

Thanks for reaching out. I'm not seeing any issues here at all. If I am reading you correctly, you're saying you're having issues mixing scheme and port, right? Scheme has to be specified behind the scenes, and if you don't, it assumes http (it's rather dumb, check it here.

I've done tests here, and it looks like it behaves correctly when you give it the right scheme, regardless of the port.

$ $ echo 'test' | gobuster -u https://192.168.1.7:8443/ -t 1

Gobuster v1.2                OJ Reeves (@TheColonial)
=====================================================
[+] Mode         : dir
[+] Url/Domain   : https://192.168.1.7:8443/
[+] Threads      : 1
[+] Wordlist     : stdin (pipe)
[+] Status codes : 200,204,301,302,307
=====================================================
=====================================================
$ echo 'test' | gobuster -u http://127.0.0.1:443/ -t 1

Gobuster v1.2                OJ Reeves (@TheColonial)
=====================================================
[+] Mode         : dir
[+] Url/Domain   : http://127.0.0.1:443/
[+] Threads      : 1
[+] Wordlist     : stdin (pipe)
[+] Status codes : 200,204,301,302,307
=====================================================
=====================================================

The only "enhancement" I can see is that if the port that's specified is 443, then we default to https instead.

Would that be sufficient?

@Ohmjones
Copy link
Author

Sure, it could definitely save some headaches - That said, I figured it was my script.
Once I got some decent dictionary usage into my script it seemed to eliminate the issue for me on my end but I did have to ensure that gobuster was receiving the http or https specification I gave it.

i.e. "gobuster -u http://" + urlfromscript + " -w " + worldlist

either way, great script and I definitely think that recognizing the standard implementations might help some users with brevity.

@OJ
Copy link
Owner

OJ commented Jan 27, 2017

How does this look?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@OJ @Ohmjones