Fuzzing around my School friends Corporate Website and discovering vulnerabilities

gobuster kali tool

Disclaimer: Use this tool only when required and take a written permission of the client/friend whom you wanna target/enumerate with. This tool is written in Go Lang and is very powerful in it’s own ways.

Gobuster is a tool used to brute-force URIs including directories and files as well as DNS subdomains.

After enumeration we come to this:

Installed size: 7.23 MB
How to install: sudo apt install gobuster

root@kali:~# gobuster -h
  gobuster [command]

Available Commands:
  dir         Uses directory/file enumeration mode
  dns         Uses DNS subdomain enumeration mode
  fuzz        Uses fuzzing mode
  help        Help about any command
  s3          Uses aws bucket enumeration mode
  version     shows the current version
  vhost       Uses VHOST enumeration mode

      --delay duration    Time each thread waits between requests (e.g. 1500ms)
  -h, --help              help for gobuster
      --no-error          Don't display errors
  -z, --no-progress       Don't display progress
  -o, --output string     Output file to write results to (defaults to stdout)
  -p, --pattern string    File containing replacement patterns
  -q, --quiet             Don't print the banner and other noise
  -t, --threads int       Number of concurrent threads (default 10)
  -v, --verbose           Verbose output (errors)
  -w, --wordlist string   Path to the wordlist

Use "gobuster [command] --help" for more information about a command.

Further digging around the Rabbit Hole...

And more using the flags etc...

Finding the mail port open and then recon over that!

This can be further investigated using some offensive security tricks, lemme know down below of what's going on your mind.
Happy Cr@ck1ng!

By Akash Angle

I am a Full time Linux user who has quit using Windows for unknown reasons, making my life truly open source.

0 0 votes
Article Rating
Notify of
Inline Feedbacks
View all comments
Would love your thoughts, please comment.x