gobuster empty results about autorecon HOT 5 CLOSED

Do you get any output from running gobuster manually? This seems like it would be a gobuster issue, nothing to do with AutoRecon, unless you can show that the command being run by AutoRecon is incorrect.

from autorecon.

Hey there,

Thanks for your reply. I'll test it a bit more and I'll post my results here.

from autorecon.

Hi, I just scanned the same server. There is plenty of output, BUT, when I "more" the output I see the blank lines also. cat/less/vim of the file shows all of the output, though.

It seems to be related to the type of output generated when the server starts blocking connections. That server seems to rate limit connections really fast, even with threads=1. Not sure if there is a good way to slow down gobuster outside of threads=1. Increasing timeout to 20s doesn't really help either.

from autorecon.

This is what it looks like when it starts blocking your connections:

http://onetwoseven.htb:80/.htaccess (Status: 403) [Size: 299]
http://onetwoseven.htb:80/.htaccess.aspx (Status: 403) [Size: 304]
http://onetwoseven.htb:80/.htaccess.txt (Status: 403) [Size: 303]
http://onetwoseven.htb:80/.htaccess.html (Status: 403) [Size: 304]
http://onetwoseven.htb:80/.htaccess.php (Status: 403) [Size: 303]
http://onetwoseven.htb:80/.htaccess.asp (Status: 403) [Size: 303]
http://onetwoseven.htb:80/.htpasswd (Status: 403) [Size: 299]
http://onetwoseven.htb:80/.htpasswd.txt (Status: 403) [Size: 303]
http://onetwoseven.htb:80/.htpasswd.html (Status: 403) [Size: 304]
http://onetwoseven.htb:80/.htpasswd.php (Status: 403) [Size: 303]
http://onetwoseven.htb:80/.htpasswd.asp (Status: 403) [Size: 303]
http://onetwoseven.htb:80/.htpasswd.aspx (Status: 403) [Size: 304]
2019/05/26 01:48:07 [!] Get http://onetwoseven.htb:80/cgi-bin.aspx: net/http: request canceled (Client.Timeout exceeded while awaiting headers)
2019/05/26 01:48:08 [!] Get http://onetwoseven.htb:80/cgi-pub: dial tcp 10.10.10.133:80: connect: connection refused
2019/05/26 01:48:08 [!] Get http://onetwoseven.htb:80/cgi-script: dial tcp 10.10.10.133:80: connect: connection refused
2019/05/26 01:48:08 [!] Get http://onetwoseven.htb:80/dummy: dial tcp 10.10.10.133:80: connect: connection refused
2019/05/26 01:48:08 [!] Get http://onetwoseven.htb:80/error: dial tcp 10.10.10.133:80: connect: connection refused

from autorecon.

Closing this as invalid, as this appears to be environment related, or at the very least, a gobuster configuration issue.

I don't see a reason to change the default gobuster command in AutoRecon as this is an edge case. In the OSCP exam and labs, there are no restrictions on the amount of traffic you can send to a host. In the real world, the gobuster command is easily editable in the service-scans.toml file.

from autorecon.