0

A website allocates random file names to uploads and I am trying to enumerate through the folder that the files are uploaded to using Gobuster.

I know the extension of my file type, but not the file name. Is there a way to invoke the -x flag to look for file extensions without invoking the -w flag? Or some way to invoke the -w flag to search for every file?

Normally you would use:

gobuster dir -u [URL]/uploads -w [wordlist] -x [extension]

I tried this but it didn't work:

gobuster dir -u [URL]/uploads -x [extension]

Is there a way to invoke a wildcard in the -w flag?

gobuster dir -u [URL]/uploads -w [wildcard_to_cover_all_files?] -x [extension]
Improve this question
2
  • -w very clearly is the path to the wordlist file, so there would be no "wildcard" possibility there. Gobuster isn't a "fuzzing" brute force tool that can try random combinations. It uses a pre-defined list. So, this isn't the right tool for what you want. Why do you want to stick to Gobuster? Commented Sep 26, 2023 at 10:03
  • @schroeder I use a combination of gobuster, ffuf and dirb for my enumeration. If you have any other recommendations I'm all ears - always happy to learn about new tools. I didn't think it was possible to do this with gobuster but I wanted to check in case I was missing something. Commented Oct 2, 2023 at 1:45

0

Reset to default

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.