ruby-gobuster 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 46da4800468b08ecbd33ac924c55be44cb5424a89cf6831e23100962f3719945
+  data.tar.gz: c832814d91e9f1af76f8ddb672b2363b893b7c199b926c308378c9b0cbae1d5e
+SHA512:
+  metadata.gz: d1ba64ddefb078f45841a265dca6d152d64679533f8845293a7c86aaf29db2d2162ed6afd1319a33323ef1a130cc5b667d527e98465130a7e2d85ef46de668de
+  data.tar.gz: 2b3fc4de08c7e45a14e8515a7d8168ec2f49c2f92f27a0c18f4dd4acda35c7523c9305113a602b6316aae73519ed7226dae3950f23e6bb79b6a6d2a1ea70ee5a

data/.document

@@ -0,0 +1,3 @@
+-
+ChangeLog.md
+LICENSE.txt

data/.github/workflows/ruby.yml

@@ -0,0 +1,28 @@
+name: CI
+
+on: [ push, pull_request ]
+
+jobs:
+  tests:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        ruby:
+          - 2.6
+          - 2.7
+          - '3.0'
+          - 3.1
+          - jruby
+          - truffleruby
+    name: Ruby ${{ matrix.ruby }}
+    steps:
+      - uses: actions/checkout@v2
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: ${{ matrix.ruby }}
+      - name: Install dependencies
+        run: bundle install --jobs 4 --retry 3
+      - name: Run tests
+        run: bundle exec rake test

data/.gitignore

@@ -0,0 +1,11 @@
+/Gemfile.lock
+/coverage
+/doc
+/pkg
+/.yardoc
+.DS_Store
+*.db
+*.log
+*.swp
+*~
+*.gem

data/.rspec

@@ -0,0 +1 @@
+--colour --format documentation

data/.yardopts

@@ -0,0 +1 @@
+--markup markdown --title 'Ruby Gobuster Documentation' --protected

data/ChangeLog.md

@@ -0,0 +1,13 @@
+### 0.1.0 / 2021-04-22
+
+* Initial release:
+  * Added {Gobuster::Command}.
+  * Added {Gobuster::Hostname}.
+  * Added {Gobuster::OutputFile}.
+  * Added {Gobuster::Parsers::Dir}.
+  * Added {Gobuster::Parsers::DNS}.
+  * Added {Gobuster::Parsers::Fuzz}.
+  * Added {Gobuster::Parsers::S3}.
+  * Added {Gobuster::Response}.
+  * Added {Gobuster::S3Bucket}.
+

data/Gemfile

@@ -0,0 +1,17 @@
+source 'https://rubygems.org'
+
+gemspec
+
+# gem 'command_mapper', '~> 0.2', github: 'postmodern/command_mapper.rb'
+
+group :development do
+  gem 'rake'
+  gem 'rubygems-tasks', '~> 0.2'
+  gem 'rspec',          '~> 3.0'
+  gem 'simplecov',      '~> 0.7'
+
+  gem 'kramdown'
+  gem 'redcarpet',       platform: :mri
+  gem 'yard',           '~> 0.9'
+  gem 'yard-spellcheck', require: false
+end

data/LICENSE.txt

@@ -0,0 +1,20 @@
+Copyright (c) 2022 Hal Brodigan
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+'Software'), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,67 @@
+# ruby-gobuster
+
+[![CI](https://github.com/postmodern/ruby-gobuster/actions/workflows/ruby.yml/badge.svg)](https://github.com/postmodern/ruby-gobuster/actions/workflows/ruby.yml)
+[![Gem Version](https://badge.fury.io/rb/ruby-gobuster.svg)](https://badge.fury.io/rb/ruby-gobuster)
+
+* [Source](https://github.com/postmodern/ruby-gobuster/)
+* [Issues](https://github.com/postmodern/ruby-gobuster/issues)
+* [Documentation](http://rubydoc.info/gems/ruby-gobuster/frames)
+
+## Description
+
+A Ruby interface to [gobuster], a tool used to bruteforce URIs, DNS, VHosts, S3.
+
+## Features
+
+* Provides a [Ruby interface][Gobuster::Command] for running the `gobuster`
+  command.
+* Supports [parsing][Gobuster::OutputFile] `gobuster -o ... {dir|dns|fuzz|s3}`
+  output files.
+
+[Gobuster::Command]: https://rubydoc.info/gems/ruby-gobuster/Gobuster/Command
+[Gobuster::OutputFile]: https://rubydoc.info/gems/ruby-gobuster/Gobuster/OutputFile
+
+## Examples
+
+Run `gobuster --wordlist /path/to/wordlist.txt dir -u https://example.com` from Ruby:
+
+```ruby
+require 'gobuster/command'
+
+Gobuster::Command.run(wordlist: '/path/to/wordlist.txt', dir: {url: 'https://example.com'})
+```
+
+## Requirements
+
+* [ruby] >= 2.0.0
+* [gobuster] >= 3.1.0
+* [command_mapper] ~> 0.2, >= 0.2.1
+
+[ruby]: https://www.ruby-lang.org/
+[command_mapper]: https://github.com/postmodern/command_mapper.rb#readme
+
+## Install
+
+```shell
+$ gem install ruby-gobuster
+```
+
+### gemspec
+
+```ruby
+gemspec.add_dependency 'ruby-gobuster', '~> 0.1'
+```
+
+### Gemfile
+
+```ruby
+gem 'ruby-gobuster', '~> 0.1'
+```
+
+## License
+
+Copyright (c) 2022 Hal Brodigan
+
+See {file:LICENSE.txt} for license information.
+
+[gobuster]: https://github.com/OJ/gobuster#readme

data/Rakefile

@@ -0,0 +1,23 @@
+# encoding: utf-8
+
+require 'rubygems'
+
+begin
+  require 'bundler/setup'
+rescue LoadError => e
+  warn e.message
+  warn "Run `gem install bundler` to install Bundler"
+  exit -1
+end
+
+require 'rubygems/tasks'
+Gem::Tasks.new
+
+require 'rspec/core/rake_task'
+RSpec::Core::RakeTask.new
+task :test    => :spec
+task :default => :spec
+
+require 'yard'
+YARD::Rake::YardocTask.new
+task :doc => :yard

data/gemspec.yml

@@ -0,0 +1,27 @@
+name: ruby-gobuster
+summary: A Ruby interface to gobuster.
+description:
+  A Ruby interface to gobuster, a tool used to bruteforce URIs, DNS, VHosts, S3.
+
+license: MIT
+authors: Postmodern
+email: postmodern.mod3@gmail.com
+homepage: https://github.com/postmodern/ruby-gobuster#readme
+has_yard: true
+
+metadata:
+  documentation_uri: https://rubydoc.info/gems/ruby-gobuster
+  source_code_uri:   https://github.com/postmodern/ruby-gobuster
+  bug_tracker_uri:   https://github.com/postmodern/ruby-gobuster/issues
+  changelog_uri:     https://github.com/postmodern/ruby-gobuster/blob/master/ChangeLog.md
+  rubygems_mfa_required: 'true'
+
+required_ruby_version: ">= 2.0.0"
+
+requirements: gobuster >= 3.1.0
+
+dependencies:
+  command_mapper: ~> 0.2, >= 0.2.1
+
+development_dependencies:
+  bundler: ~> 2.0

data/lib/gobuster/command.rb

@@ -0,0 +1,169 @@
+require 'command_mapper/command'
+
+#
+# Represents the `gobuster` command
+#
+module Gobuster
+  class Command < CommandMapper::Command
+
+    #
+    # Represents the type for `--delay` and `--timeout` options.
+    #
+    # @api private
+    #
+    class Duration < CommandMapper::Types::Str
+
+      #
+      # Validates the given value.
+      #
+      # @param [Object] value
+      #   The given value to validate.
+      #
+      # @return [true, (false, String)]
+      #   Returns true if the value is considered valid, or false and a
+      #   validation message if the value is not valid.
+      #
+      def validate(value)
+        valid, message = super(value)
+
+        unless valid
+          return [valid, message]
+        end
+
+        value = value.to_s
+
+        unless value =~ /\A\d+(?:m|s|ms|ns)\z/
+          return [false, "must be a number and end with 'm', 's', 'ms', or 'ns'"]
+        end
+
+        return true
+      end
+
+    end
+
+    command "gobuster" do
+      option "--delay", value: {type: Duration.new}
+      option "--no-error"
+      option "--no-progress"
+      option "--output", value: true
+      option "--pattern", value: true
+      option "--quiet"
+      option "--threads", value: {type: Num.new}
+      option "--verbose"
+      option "--wordlist", value: true
+
+      subcommand "completion" do
+        subcommand "bash" do
+          option "--help"
+          option "--no-descriptions"
+        end
+
+        subcommand "fish" do
+          option "--help"
+          option "--no-descriptions"
+        end
+
+        subcommand "powershell" do
+          option "--help"
+          option "--no-descriptions"
+        end
+
+        subcommand "zsh" do
+          option "--help"
+          option "--no-descriptions"
+        end
+      end
+
+      subcommand "dir" do
+        option "--add-slash"
+        option "--cookies", value: true
+        option "--discover-backup"
+        option "--exclude-length", value: {type: Num.new}, repeats: true
+        option "--expanded"
+        option "--extensions", value: true
+        option "--follow-redirect"
+        option "--headers", value: true, repeats: true
+        option "--help"
+        option "--hide-length"
+        option "--method", value: true
+        option "--no-status"
+        option "--no-tls-validation"
+        option "--password", value: true
+        option "--proxy", value: true
+        option "--random-agent"
+        option "--status-codes", value: true
+        option "--status-codes-blacklist", value: true
+        option "--timeout", value: {type: Duration.new}
+        option "--url", value: true
+        option "--useragent", value: true
+        option "--username", value: true
+        option "--wildcard"
+      end
+
+      subcommand "dns" do
+        option "--domain", value: true
+        option "--help"
+        option "--resolver", value: true
+        option "--show-cname"
+        option "--show-ips"
+        option "--timeout", value: {type: Duration.new}
+        option "--wildcard"
+      end
+
+      subcommand "fuzz" do
+        option "--cookies", value: true
+        option "--exclude-length", value: {type: Num.new}, repeats: true
+        option "--excludestatuscodes", value: true
+        option "--follow-redirect"
+        option "--headers", value: true, repeats: true
+        option "--help"
+        option "--method", value: true
+        option "--no-tls-validation"
+        option "--password", value: true
+        option "--proxy", value: true
+        option "--random-agent"
+        option "--timeout", value: {type: Duration.new}
+        option "--url", value: true
+        option "--useragent", value: true
+        option "--username", value: true
+        option "--wildcard"
+      end
+
+      subcommand "help" do
+        option "--help"
+
+        argument :command, required: false
+      end
+
+      subcommand "s3" do
+        option "--help"
+        option "--maxfiles", value: {type: Num.new}
+        option "--proxy", value: true
+        option "--random-agent"
+        option "--timeout", value: {type: Duration.new}
+        option "--useragent", value: true
+      end
+
+      subcommand "version" do
+        option "--help"
+      end
+
+      subcommand "vhost" do
+        option "--cookies", value: true
+        option "--follow-redirect"
+        option "--headers", value: true, repeats: true
+        option "--help"
+        option "--method", value: true
+        option "--no-tls-validation"
+        option "--password", value: true
+        option "--proxy", value: true
+        option "--random-agent"
+        option "--timeout", value: {type: Duration.new}
+        option "--url", value: true
+        option "--useragent", value: true
+        option "--username", value: true
+      end
+    end
+
+  end
+end

data/lib/gobuster/hostname.rb

@@ -0,0 +1,33 @@
+module Gobuster
+  #
+  # Represents a hostname found by `gobuster dns`.
+  #
+  class Hostname
+
+    # The host name.
+    #
+    # @return [String]
+    attr_reader :name
+
+    #
+    # Initializes the hostname.
+    #
+    # @param [String] name
+    #
+    def initialize(name)
+      @name = name
+    end
+
+    #
+    # Converts the hostname to a String.
+    #
+    # @return [String]
+    #
+    def to_s
+      @name
+    end
+
+    alias to_str to_s
+
+  end
+end

data/lib/gobuster/output_file.rb

@@ -0,0 +1,99 @@
+require 'gobuster/parsers/dir'
+require 'gobuster/parsers/dns'
+require 'gobuster/parsers/fuzz'
+require 'gobuster/parsers/s3'
+
+module Gobuster
+  #
+  # Parses an output file created by `gobuster -o ...`.
+  #
+  # ## Example
+  #
+  #     require 'gobuster/output_file'
+  #     
+  #     output_file = Gobuster::OutputFile.new('/path/to/file.txt')
+  #     output_file.each do |object|
+  #       p object
+  #     end
+  #
+  # @api public
+  #
+  class OutputFile
+
+    # Mapping of formats to parsers.
+    #
+    # @api semipublic
+    PARSERS = {
+      dir:  Parsers::Dir,
+      dns:  Parsers::DNS,
+      fuzz: Parsers::Fuzz,
+      s3:   Parsers::S3
+    }
+
+    # The path to the output file.
+    #
+    # @return [String]
+    attr_reader :path
+
+    # The format of the output file.
+    #
+    # @return [:dir, :dns, :fuzz, :s3]
+    attr_reader :format
+
+    # The parser for the output file format.
+    #
+    # @return [Parsers::Dir, Parsers::DNS, Parsers::Fuzz, Parsers:S3]
+    #
+    # @api private
+    attr_reader :parser
+
+    #
+    # Initializes the output file.
+    #
+    # @param [String] path
+    #   The path to the output file.
+    #
+    # @param [:dir, :dns, :fuzz, :s3] format
+    #   The optional format of the output file.
+    #
+    def initialize(path, format: )
+      @path   = File.expand_path(path)
+      @format = format
+
+      @parser = PARSERS.fetch(format) do
+        raise(ArgumentError,"unrecognized file type: #{@path.inspect}")
+      end
+    end
+
+    #
+    # Parses the contents of the output file.
+    #
+    # @yield [object]
+    #   The given block will be passed each parsed object.
+    #
+    # @yieldparam [Response, Hostname, S3Bucket] object
+    #   A parsed object from the output file.
+    #
+    # @return [Enumerator]
+    #   If no block is given, an Enumerator object will be returned.
+    #
+    def each(&block)
+      return enum_for(__method__) unless block
+
+      File.open(@path) do |file|
+        @parser.parse(file,&block)
+      end
+    end
+
+    #
+    # Converts the output file to a String.
+    #
+    # @return [String]
+    #   The path to the output file.
+    #
+    def to_s
+      @path
+    end
+
+  end
+end

data/lib/gobuster/parsers/dir.rb

@@ -0,0 +1,38 @@
+require 'gobuster/response'
+
+module Gobuster
+  module Parsers
+    module Dir
+      #
+      # Parses `gobuster dir` output.
+      #
+      # @param [IO] io
+      #   The IO stream to parse.
+      #
+      # @yield [response]
+      #   The given block will be passed each parsed response.
+      #
+      # @yieldparam [Response] response
+      #   The parsed response.
+      #
+      # @return [Enumerator]
+      #   If no block is given, an Enumerator will be returned.
+      #
+      def self.parse(io)
+        return enum_for(__method__,io) unless block_given?
+
+        line_regexp = /^(\/[^\s]+)\s+\(Status: (\d{3})\)\s+\[Size: (\d+)\]/
+
+        io.each_line do |line|
+          if (match = line.match(line_regexp))
+            yield Response.new(
+              path:   match[1],
+              status: match[2].to_i,
+              size:   match[3].to_i
+            )
+          end
+        end
+      end
+    end
+  end
+end

data/lib/gobuster/parsers/dns.rb

@@ -0,0 +1,35 @@
+require 'gobuster/hostname'
+
+module Gobuster
+  module Parsers
+    module DNS
+      #
+      # Parses `gobuster dns` output.
+      #
+      # @param [IO] io
+      #   The IO stream to parse.
+      #
+      # @yield [hostname]
+      #   The given block will be passed each parsed hostname.
+      #
+      # @yieldparam [Hostname] hostname
+      #   The parsed hostname.
+      #
+      # @return [Enumerator]
+      #   If no block is given, an Enumerator will be returned.
+      #
+      def self.parse(io)
+        return enum_for(__method__,io) unless block_given?
+
+        io.each_line do |line|
+          if line.start_with?('Found: ')
+            line.chomp!
+            line.sub!('Found: ','')
+
+            yield Hostname.new(line)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/gobuster/parsers/fuzz.rb

@@ -0,0 +1,38 @@
+require 'gobuster/response'
+
+module Gobuster
+  module Parsers
+    module Fuzz
+      #
+      # Parses `gobuster fuzz` output.
+      #
+      # @param [IO] io
+      #   The IO stream to parse.
+      #
+      # @yield [response]
+      #   The given block will be passed each parsed response.
+      #
+      # @yieldparam [Response] response
+      #   The parsed response.
+      #
+      # @return [Enumerator]
+      #   If no block is given, an Enumerator will be returned.
+      #
+      def self.parse(io)
+        return enum_for(__method__,io) unless block_given?
+
+        line_regexp = /^Found:\s+\[Status=(\d{3})\]\s+\[Length=(\d+)\]\s+([^\s]++)/
+
+        io.each_line do |line|
+          if (match = line.match(line_regexp))
+            yield Response.new(
+              status: match[1].to_i,
+              size:   match[2].to_i,
+              url:    match[3],
+            )
+          end
+        end
+      end
+    end
+  end
+end

data/lib/gobuster/parsers/s3.rb

@@ -0,0 +1,34 @@
+require 'gobuster/s3_bucket'
+
+module Gobuster
+  module Parsers
+    module S3
+      #
+      # Parses `gobuster s3` output.
+      #
+      # @param [IO] io
+      #   The IO stream to parse.
+      #
+      # @yield [s3bucket]
+      #   The given block will be passed each parsed s3bucket.
+      #
+      # @yieldparam [S3Bucket] s3bucket
+      #   The parsed s3bucket.
+      #
+      # @return [Enumerator]
+      #   If no block is given, an Enumerator will be returned.
+      #
+      def self.parse(io)
+        return enum_for(__method__,io) unless block_given?
+
+        io.each_line do |line|
+          line.chomp!
+
+          if line.start_with?('http://') && line.end_with?('s3.amazonaws.com/')
+            yield S3Bucket.new(line)
+          end
+        end
+      end
+    end
+  end
+end