3.6

.github/workflows/docker.yml

@@ -0,0 +1,30 @@
+name: Build Docker Images
+
+on:
+  push:
+    branches:
+      - main
+  workflow_dispatch:
+  schedule:
+    - cron: "0 0 * * *"
+
+jobs:
+  Dockerhub:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - name: checkout sources
+        uses: actions/checkout@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+
+      - name: Build and push
+        uses: docker/build-push-action@v4
+        with:
+          push: true
+          tags: |
+            ghcr.io/OJ/gobuster:latest

.github/workflows/go.yml

@@ -6,10 +6,10 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        go: ["1.18", "1.19"]
+        go: ["1.18", "1.19", "stable"]
     steps:
       - name: Set up Go ${{ matrix.go }}
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@v4
         with:
           go-version: ${{ matrix.go }}
 

.github/workflows/golangci-lint.yml

@@ -7,9 +7,9 @@ jobs:
     steps:
       - uses: actions/[email protected]
 
-      - uses: actions/setup-go@v3
+      - uses: actions/setup-go@v4
         with:
-          go-version: "^1.19"
+          go-version: "stable"
 
       - name: golangci-lint
         uses: golangci/golangci-lint-action@v3

.github/workflows/release.yml

@@ -13,20 +13,23 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v3.3.0
+        uses: actions/checkout@v3.2.0
         with:
           fetch-depth: 0
+
       - name: Fetch all tags
         run: git fetch --force --tags
+
       - name: Set up Go
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@v4
         with:
-          go-version: 1.19
+          go-version: "stable"
+
       - name: Run GoReleaser
-        uses: goreleaser/goreleaser-action@v4
+        uses: goreleaser/goreleaser-action@v4.4.0
         with:
           distribution: goreleaser
           version: latest
-          args: release --rm-dist
+          args: release --clean
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.goreleaser.yaml

@@ -13,24 +13,33 @@ builds:
       - linux
       - windows
       - darwin
+
 archives:
   - format: tar.gz
+    # this name template makes the OS and Arch compatible with the results of uname.
+    name_template: >-
+      {{ .ProjectName }}_
+      {{- title .Os }}_
+      {{- if eq .Arch "amd64" }}x86_64
+      {{- else if eq .Arch "386" }}i386
+      {{- else }}{{ .Arch }}{{ end }}
+      {{- if .Arm }}v{{ .Arm }}{{ end }}
+    # use zip for windows archives
     format_overrides:
-      - goos: windows
-        format: zip
-    replacements:
-      darwin: Darwin
-      linux: Linux
-      windows: Windows
-      386: i386
-      amd64: x86_64
+    - goos: windows
+      format: zip
 checksum:
-  name_template: "checksums.txt"
+  name_template: 'checksums.txt'
 snapshot:
-  name_template: "{{ incpatch .Version }}-dev"
+  name_template: "{{ incpatch .Version }}-next"
 changelog:
   sort: asc
   filters:
     exclude:
-      - "^docs:"
-      - "^test:"
+      - '^docs:'
+      - '^test:'
+
+# The lines beneath this are called `modelines`. See `:help modeline`
+# Feel free to remove those if you don't want/use them.
+# yaml-language-server: $schema=https://goreleaser.com/static/schema.json
+# vim: set ts=2 sw=2 tw=0 fo=cnqoj

README.md

@@ -24,6 +24,13 @@ All funds that are donated to this project will be donated to charity. A full lo
 
 # Changes
 
+## 3.6
+
+- Wordlist offset parameter to skip x lines from the wordlist
+- prevent double slashes when building up an url in dir mode
+- allow for multiple values and ranges on `--exclude-length`
+- `no-fqdn` parameter on dns bruteforce to disable the use of the systems search domains. This should speed up the run if you have configured some search domains. [https://github.com/OJ/gobuster/pull/418](https://github.com/OJ/gobuster/pull/418)
+
 ## 3.5
 
 - Allow Ranges in status code and status code blacklist. Example: 200,300-305,404

cli/cmd/dir.go

@@ -7,7 +7,6 @@ import (
 
 	"github.com/OJ/gobuster/v3/cli"
 	"github.com/OJ/gobuster/v3/gobusterdir"
-	"github.com/OJ/gobuster/v3/helper"
 	"github.com/OJ/gobuster/v3/libgobuster"
 	"github.com/spf13/cobra"
 )
@@ -26,11 +25,13 @@ func runDir(cmd *cobra.Command, args []string) error {
 		return fmt.Errorf("error on creating gobusterdir: %w", err)
 	}
 
-	if err := cli.Gobuster(mainContext, globalopts, plugin); err != nil {
+	log := libgobuster.NewLogger(globalopts.Debug)
+	if err := cli.Gobuster(mainContext, globalopts, plugin, log); err != nil {
 		var wErr *gobusterdir.ErrWildcard
 		if errors.As(err, &wErr) {
 			return fmt.Errorf("%w. To continue please exclude the status code or the length", wErr)
 		}
+		log.Debugf("%#v", err)
 		return fmt.Errorf("error on running gobuster: %w", err)
 	}
 	return nil
@@ -69,7 +70,7 @@ func parseDirOptions() (*libgobuster.Options, *gobusterdir.OptionsDir, error) {
 		return nil, nil, fmt.Errorf("invalid value for extensions: %w", err)
 	}
 
-	ret, err := helper.ParseExtensions(pluginOpts.Extensions)
+	ret, err := libgobuster.ParseExtensions(pluginOpts.Extensions)
 	if err != nil {
 		return nil, nil, fmt.Errorf("invalid value for extensions: %w", err)
 	}
@@ -81,7 +82,7 @@ func parseDirOptions() (*libgobuster.Options, *gobusterdir.OptionsDir, error) {
 	}
 
 	if pluginOpts.ExtensionsFile != "" {
-		extensions, err := helper.ParseExtensionsFile(pluginOpts.ExtensionsFile)
+		extensions, err := libgobuster.ParseExtensionsFile(pluginOpts.ExtensionsFile)
 		if err != nil {
 			return nil, nil, fmt.Errorf("invalid value for extensions file: %w", err)
 		}
@@ -93,7 +94,7 @@ func parseDirOptions() (*libgobuster.Options, *gobusterdir.OptionsDir, error) {
 	if err != nil {
 		return nil, nil, fmt.Errorf("invalid value for status-codes: %w", err)
 	}
-	ret2, err := helper.ParseCommaSeparatedInt(pluginOpts.StatusCodes)
+	ret2, err := libgobuster.ParseCommaSeparatedInt(pluginOpts.StatusCodes)
 	if err != nil {
 		return nil, nil, fmt.Errorf("invalid value for status-codes: %w", err)
 	}
@@ -104,7 +105,7 @@ func parseDirOptions() (*libgobuster.Options, *gobusterdir.OptionsDir, error) {
 	if err != nil {
 		return nil, nil, fmt.Errorf("invalid value for status-codes-blacklist: %w", err)
 	}
-	ret3, err := helper.ParseCommaSeparatedInt(pluginOpts.StatusCodesBlacklist)
+	ret3, err := libgobuster.ParseCommaSeparatedInt(pluginOpts.StatusCodesBlacklist)
 	if err != nil {
 		return nil, nil, fmt.Errorf("invalid value for status-codes-blacklist: %w", err)
 	}
@@ -144,10 +145,15 @@ func parseDirOptions() (*libgobuster.Options, *gobusterdir.OptionsDir, error) {
 		return nil, nil, fmt.Errorf("invalid value for discover-backup: %w", err)
 	}
 
-	pluginOpts.ExcludeLength, err = cmdDir.Flags().GetIntSlice("exclude-length")
+	pluginOpts.ExcludeLength, err = cmdDir.Flags().GetString("exclude-length")
 	if err != nil {
-		return nil, nil, fmt.Errorf("invalid value for excludelength: %w", err)
+		return nil, nil, fmt.Errorf("invalid value for exclude-length: %w", err)
 	}
+	ret4, err := libgobuster.ParseCommaSeparatedInt(pluginOpts.ExcludeLength)
+	if err != nil {
+		return nil, nil, fmt.Errorf("invalid value for exclude-length: %w", err)
+	}
+	pluginOpts.ExcludeLengthParsed = ret4
 
 	return globalopts, pluginOpts, nil
 }
@@ -172,7 +178,7 @@ func init() {
 	cmdDir.Flags().Bool("hide-length", false, "Hide the length of the body in the output")
 	cmdDir.Flags().BoolP("add-slash", "f", false, "Append / to each request")
 	cmdDir.Flags().BoolP("discover-backup", "d", false, "Also search for backup files by appending multiple backup extensions")
-	cmdDir.Flags().IntSlice("exclude-length", []int{}, "exclude the following content length (completely ignores the status). Supply multiple times to exclude multiple sizes.")
+	cmdDir.Flags().String("exclude-length", "", "exclude the following content lengths (completely ignores the status). You can separate multiple lengths by comma and it also supports ranges like 203-206")
 
 	cmdDir.PersistentPreRun = func(cmd *cobra.Command, args []string) {
 		configureGlobalOptions()

cli/cmd/dir_test.go

@@ -3,8 +3,6 @@ package cmd
 import (
 	"context"
 	"fmt"
-	"io"
-	"log"
 	"net/http"
 	"net/http/httptest"
 	"os"
@@ -13,7 +11,6 @@ import (
 
 	"github.com/OJ/gobuster/v3/cli"
 	"github.com/OJ/gobuster/v3/gobusterdir"
-	"github.com/OJ/gobuster/v3/helper"
 	"github.com/OJ/gobuster/v3/libgobuster"
 )
 
@@ -33,14 +30,14 @@ func BenchmarkDirMode(b *testing.B) {
 	pluginopts.Timeout = 10 * time.Second
 
 	pluginopts.Extensions = ".php,.csv"
-	tmpExt, err := helper.ParseExtensions(pluginopts.Extensions)
+	tmpExt, err := libgobuster.ParseExtensions(pluginopts.Extensions)
 	if err != nil {
 		b.Fatalf("could not parse extensions: %v", err)
 	}
 	pluginopts.ExtensionsParsed = tmpExt
 
 	pluginopts.StatusCodes = "200,204,301,302,307,401,403"
-	tmpStat, err := helper.ParseCommaSeparatedInt(pluginopts.StatusCodes)
+	tmpStat, err := libgobuster.ParseCommaSeparatedInt(pluginopts.StatusCodes)
 	if err != nil {
 		b.Fatalf("could not parse status codes: %v", err)
 	}
@@ -71,8 +68,7 @@ func BenchmarkDirMode(b *testing.B) {
 		b.Fatalf("could not get devnull %v", err)
 	}
 	defer devnull.Close()
-	log.SetFlags(0)
-	log.SetOutput(io.Discard)
+	log := libgobuster.NewLogger(false)
 
 	// Run the real benchmark
 	for x := 0; x < b.N; x++ {
@@ -83,7 +79,7 @@ func BenchmarkDirMode(b *testing.B) {
 			b.Fatalf("error on creating gobusterdir: %v", err)
 		}
 
-		if err := cli.Gobuster(ctx, &globalopts, plugin); err != nil {
+		if err := cli.Gobuster(ctx, &globalopts, plugin, log); err != nil {
 			b.Fatalf("error on running gobuster: %v", err)
 		}
 		os.Stdout = oldStdout

cli/cmd/dns.go

@@ -27,11 +27,13 @@ func runDNS(cmd *cobra.Command, args []string) error {
 		return fmt.Errorf("error on creating gobusterdns: %w", err)
 	}
 
-	if err := cli.Gobuster(mainContext, globalopts, plugin); err != nil {
+	log := libgobuster.NewLogger(globalopts.Debug)
+	if err := cli.Gobuster(mainContext, globalopts, plugin, log); err != nil {
 		var wErr *gobusterdns.ErrWildcard
 		if errors.As(err, &wErr) {
 			return fmt.Errorf("%w. To force processing of Wildcard DNS, specify the '--wildcard' switch", wErr)
 		}
+		log.Debugf("%#v", err)
 		return fmt.Errorf("error on running gobuster: %w", err)
 	}
 	return nil
@@ -74,6 +76,11 @@ func parseDNSOptions() (*libgobuster.Options, *gobusterdns.OptionsDNS, error) {
 		return nil, nil, fmt.Errorf("invalid value for resolver: %w", err)
 	}
 
+	pluginOpts.NoFQDN, err = cmdDNS.Flags().GetBool("no-fqdn")
+	if err != nil {
+		return nil, nil, fmt.Errorf("invalid value for no-fqdn: %w", err)
+	}
+
 	if pluginOpts.Resolver != "" && runtime.GOOS == "windows" {
 		return nil, nil, fmt.Errorf("currently can not set custom dns resolver on windows. See https://golang.org/pkg/net/#hdr-Name_Resolution")
 	}
@@ -94,6 +101,7 @@ func init() {
 	cmdDNS.Flags().BoolP("show-cname", "c", false, "Show CNAME records (cannot be used with '-i' option)")
 	cmdDNS.Flags().DurationP("timeout", "", time.Second, "DNS resolver timeout")
 	cmdDNS.Flags().BoolP("wildcard", "", false, "Force continued operation when wildcard found")
+	cmdDNS.Flags().BoolP("no-fqdn", "", false, "Do not automatically add a trailing dot to the domain, so the resolver uses the DNS search domain")
 	cmdDNS.Flags().StringP("resolver", "r", "", "Use custom DNS server (format server.com or server.com:port)")
 	if err := cmdDNS.MarkFlagRequired("domain"); err != nil {
 		log.Fatalf("error on marking flag as required: %v", err)

cli/cmd/fuzz.go

@@ -8,7 +8,6 @@ import (
 
 	"github.com/OJ/gobuster/v3/cli"
 	"github.com/OJ/gobuster/v3/gobusterfuzz"
-	"github.com/OJ/gobuster/v3/helper"
 	"github.com/OJ/gobuster/v3/libgobuster"
 	"github.com/spf13/cobra"
 )
@@ -31,11 +30,13 @@ func runFuzz(cmd *cobra.Command, args []string) error {
 		return fmt.Errorf("error on creating gobusterfuzz: %w", err)
 	}
 
-	if err := cli.Gobuster(mainContext, globalopts, plugin); err != nil {
+	log := libgobuster.NewLogger(globalopts.Debug)
+	if err := cli.Gobuster(mainContext, globalopts, plugin, log); err != nil {
 		var wErr *gobusterfuzz.ErrWildcard
 		if errors.As(err, &wErr) {
 			return fmt.Errorf("%w. To continue please exclude the status code or the length", wErr)
 		}
+		log.Debugf("%#v", err)
 		return fmt.Errorf("error on running gobuster: %w", err)
 	}
 	return nil
@@ -74,16 +75,21 @@ func parseFuzzOptions() (*libgobuster.Options, *gobusterfuzz.OptionsFuzz, error)
 	if err != nil {
 		return nil, nil, fmt.Errorf("invalid value for excludestatuscodes: %w", err)
 	}
-	ret, err := helper.ParseCommaSeparatedInt(pluginOpts.ExcludedStatusCodes)
+	ret, err := libgobuster.ParseCommaSeparatedInt(pluginOpts.ExcludedStatusCodes)
 	if err != nil {
 		return nil, nil, fmt.Errorf("invalid value for excludestatuscodes: %w", err)
 	}
 	pluginOpts.ExcludedStatusCodesParsed = ret
 
-	pluginOpts.ExcludeLength, err = cmdFuzz.Flags().GetIntSlice("exclude-length")
+	pluginOpts.ExcludeLength, err = cmdFuzz.Flags().GetString("exclude-length")
 	if err != nil {
-		return nil, nil, fmt.Errorf("invalid value for excludelength: %w", err)
+		return nil, nil, fmt.Errorf("invalid value for exclude-length: %w", err)
 	}
+	ret2, err := libgobuster.ParseCommaSeparatedInt(pluginOpts.ExcludeLength)
+	if err != nil {
+		return nil, nil, fmt.Errorf("invalid value for exclude-length: %w", err)
+	}
+	pluginOpts.ExcludeLengthParsed = ret2
 
 	pluginOpts.RequestBody, err = cmdFuzz.Flags().GetString("body")
 	if err != nil {
@@ -105,7 +111,7 @@ func init() {
 		log.Fatalf("%v", err)
 	}
 	cmdFuzz.Flags().StringP("excludestatuscodes", "b", "", "Excluded status codes. Can also handle ranges like 200,300-400,404.")
-	cmdFuzz.Flags().IntSlice("exclude-length", []int{}, "exclude the following content length (completely ignores the status). Supply multiple times to exclude multiple sizes.")
+	cmdFuzz.Flags().String("exclude-length", "", "exclude the following content lengths (completely ignores the status). You can separate multiple lengths by comma and it also supports ranges like 203-206")
 	cmdFuzz.Flags().StringP("body", "B", "", "Request body")
 
 	cmdFuzz.PersistentPreRun = func(cmd *cobra.Command, args []string) {

cli/cmd/gcs.go

@@ -23,7 +23,9 @@ func runGCS(cmd *cobra.Command, args []string) error {
 		return fmt.Errorf("error on creating gobustergcs: %w", err)
 	}
 
-	if err := cli.Gobuster(mainContext, globalopts, plugin); err != nil {
+	log := libgobuster.NewLogger(globalopts.Debug)
+	if err := cli.Gobuster(mainContext, globalopts, plugin, log); err != nil {
+		log.Debugf("%#v", err)
 		return fmt.Errorf("error on running gobuster: %w", err)
 	}
 	return nil