Vote: Keep dirb as the default directory buster, or force people to upgrade to gobuster v3? about autorecon HOT 6 CLOSED

dirb has been my go-to lately. It gets the job done.

from autorecon.

I have found gobuster so much faster than dirb. The only con about it that I have found is that it doesn't recursively check found directories. If I have to choose one, I would choose gobusterV3. But why not build in some logic that either checks if gobuster is installed, and reverts to running dirb if not, or else just let the user decide with a flag?

from autorecon.

Even though myself I have proposed dirb as a solution when this issue was first raised, I now believe that GoBuster is probably the way to go, especially when we talk for a tool designed to be used on CTF's. The reason is that GoBuster:

• Does not list recursively (something that saves a lot of time and is not that useful).
• Seems to be faster.
• Does not have an issue with self-signed SSL certificates (VERY IMPORTANT on CTF's).

Now of course the issue is backwards compatibility, therefore (as @cam-barts said) I believe it would be a good idea for AutoRecon to check if GoBusterV3 is installed, and if yes, to use it. Otherwise it should mention it to the user and move on using GoBusterV2. That way the average OSCP user will not be frustrated by the need to learn how the configurations work, and also it will satisfy all the users that like and use GoBuster.

from autorecon.

GoBuster seems to give me much better luck, and runs faster.

from autorecon.

+1 for gobuster

from autorecon.

Thanks for the votes. As of c46cb86, gobuster is the default directory enumeration tool, and there is also some very simple code that tries to run the correct version too.

from autorecon.