gobuster, fuff, wfuzz,feroxbuster i prefere gobuster :) Daniel I have to say a big thank you for every tutorial I fell in love with cyber security thanks to you and Wes Brian
I really like how there is such a great variety of tools to choose from. They all have their pros and cons and one tool might perform better than the others in certain circumstances. 👍 (we all have our favorites though 😁) So cool to hear that Wes and I got you into cybersecurity too!
Yes, if you want gobuster to search for .php or .xml or other file extensions, then you need to pass it the -x flag and list the extensions you want it to look for like -x php,xml,txt,pdf
Thanks for the insights, RSVV! Gobuster also does a whole lot more than just web dir fuzzing, so it's got that going for it as well. I didn't mention that in the video because I was just looking to compare the dir fuzzers, but it probably will influence someone's decision at the end of the day.
Is it really faster if you need to run the command 2 or 3 times because it didn't automagically add the correct options. Also feroxbusters automagics may be the reason it is running slower. Can you force it to add the options run by gobuster instead of it testing then adding them?
NAME time - time a simple command or give resource usage SYNOPSIS time [options] command [arguments...] DESCRIPTION The time command runs the specified program command with the given arguments. When command finishes, time writes a message to standard error giving timing statistics about this program run. These statistics consist of (i) the elapsed real time between invocation and termination, (ii) the user CPU time (the sum of the tms_utime and tms_cutime values in a struct tms as returned by times(2)), and (iii) the system CPU time (the sum of the tms_stime and tms_cstime values in a struct tms as returned by times(2)). Note: some shells (e.g., bash(1)) have a built-in time command that provides similar information on the usage of time and possibly other resources. To ac‐ cess the real command, you may need to specify its pathname (something like /usr/bin/time).😊
Hey Barry, thanks so much for watching and for commenting! 👍 I ran each tool 3 times and then calculated the average time it took for each, which literally took about 10 minutes 😅 I figured that was plenty of prep for this little "science experiment" LOL. So, basically I just thought of the idea, thought it would be fun, and went with the first things that popped into my head about how to make it work 😁. As far as forcing the gobuster options onto feroxbuster. The problem was that Juice Shop was returning 200 status codes for non-existent URLs, so if I wanted gobuster to run, I decided ignore the length. And since that's what feroxbuster was doing "automagically", it seemed to me that it was close enough to an "apples-to-apples" comparison for my liking. Again, 10 minutes of prepping for a fun video (that I filmed on my lunch break 😁). At the end of the day this was really all just for fun, and wasn't really meant to be taken as "hard proof" that one was objectively better than the other (even though that was the impetus of the video), but instead was more about me formulating an opinion and hoping that it would expose some folks to a couple of great tools. I sincerely apologize if I didn't make that clear enough. Thanks again and have a great day!
I just forgot about the time command. I don't really use the time command all that often, so date was just the first thing that popped into my head and I feel like it was sufficient for my needs. I know that I made a big deal about the tools not calculating the time for me, but that was just me being a jackass because it makes me laugh. 🤪
They do tend to frown on that kind of thing, don't they. That's why I use my neighbor's wifi 🤣 (*disclaimer* This is a joke and not intended to be taken seriously. I do not condone the illegal use of technology. FOR THE LOVE OF ALL THAT IS HOLY, CAN'T A MAN JUST MAKE A JOKE WITHOUT THE FEAR OF LEGAL REPERCUSSIONS!?!?!?! Sorry. I got a little carried away. )