Today I Learned about Gobuster

I’ve made it a goal for 2023 to increase my security knowledge. This was based on increase in security related questions from clients. Specifically related to website security as most of my current work is maintaining websites for clients.

One thing I was not expecting was the amount security tools that are available. To help me remember I figured I should write them down and what better place then the dusty old blog.

The tool I learned about today is Gobuster. It is a tool that lets you brute force directories and files on a website. At least that is all I’ve used it for so far but it can also be used to guess DNS subdomains, vhosts, etc.

Gobuster needs a wordlist which is a file of paths to try. If you are using Kali Linux you can find several at /usr/share/wordlists. If you aren’t using Kali, or need additional wordlists try the danielmiessler/SecLists.

An example of running Gobuster on a Hack the Box website. The goal was to find the “hidden” login.php file so I could login to the website using credentials acquired via a open FTP directory.

I think Gobuster will be a useful tool to make sure a client is not exposing files they don’t mean too. For example, an incorrectly configured Apache/Nginx server. Or maybe the client accidently added an file they shouldn’t have to Git and now it shows up on their website.

P.S. – I searched for songs about finding things but that wasn’t very fruitful so changed the search to secrets and found the one below. It has good advice about not caring about if others know your secrets but that only applies if you are human. Websites should keep their secrets secret.

I don’t care if the world knows what my secrets are
Secrets are
I don’t care if the world knows what my secrets are
Secrets are

So, what?
So, what?
So, what?
So, what?

Posted in Security, Today I Learned | Tagged , , , , | Comments Off on Today I Learned about Gobuster

Rate Limiting Using Nginx and Fail2Ban – BSides Edmonton 2022

I’m honored to be presenting at BSides Edmonton on November 25, 2022. I’ll be demoing rate limiting using nginx and Fail2Ban. You can find the demo here in-case you want to follow along during the demo or you want a preview/spoiler.

BSides Edmonton 2022 Logo

While I’m honored to be presenting, my hope is to learn more than I impart. I’m looking forward to chatting and learning from you, my fellow BSides Edmonton 2022 speakers and attendees. I enjoy discussing securing small to medium sized business, legacy code, software development best practices, games, or anything remotely technology or software related.

Posted in Code Examples, Presentations, Security | Tagged , , , , | Comments Off on Rate Limiting Using Nginx and Fail2Ban – BSides Edmonton 2022

Back and Forth #7: Secure React Page

Birm shows Chris how to secure a React page so only authorized users can view it. Have a question or a topic you would like us to talk about then give a us a shout.

Posted in Back and Forth | Tagged , , , | Comments Off on Back and Forth #7: Secure React Page

Back and Forth #6: Add Google Authentication to React App Using Firebase

Birm shows Chris add how to add Google Authentication to a React App using Firebase. Have a question or a topic you would like us to talk about then give a us a shout.

Posted in Back and Forth | Tagged , , , | Comments Off on Back and Forth #6: Add Google Authentication to React App Using Firebase

Back and Forth #5: Add a Button to a React App

Birm and Chris add a button to a React application. Have a question or a topic you would like us to talk about then give a us a shout.

Posted in Back and Forth | Tagged , , | Comments Off on Back and Forth #5: Add a Button to a React App

Back and Forth #4: Hosting a React App on Firebase

Birm shows Chris how to host a React App as a static website on Firebase. Have a question or a topic you would like us to talk about then give a us a shout.

Posted in Back and Forth | Tagged , , , | Comments Off on Back and Forth #4: Hosting a React App on Firebase

Back and Forth #3: Docker Image for Node React Application

Chris and Birm create a Docker image for a Node React application. Have a question or a topic you would like us to talk about then give a us a shout.

Posted in Back and Forth | Tagged , , , , | Comments Off on Back and Forth #3: Docker Image for Node React Application

Back and Forth #2: Vimium

Brim shows Chris how he uses Vim key bindings to navigate the web. Have a question or a topic you would like us to talk about then give a us a shout.

Posted in Back and Forth | Tagged , , | Comments Off on Back and Forth #2: Vimium

Back and Forth #1: Fix a React Bug

Chris and Birm fix a bug in a React website. Have a question or a topic you would like us to talk about then give a us a shout.

Posted in Back and Forth | Tagged , , | Comments Off on Back and Forth #1: Fix a React Bug

SMALL BUSINESS AND THE THREE CONTRACTORS

Check out this post I wrote for Corgibytes about balancing maintenance work with new features when modernizing software. Special thanks go out to my fellow Corgis for their constructive feedback. They convinced me keep the overall idea but re-write my first draft. Plus they fixed my spelling and grammar errors that regular readers of this site are used too.

Goldilocks and the three bears

Posted in Business Side, Corgibytes | Tagged , | Comments Off on SMALL BUSINESS AND THE THREE CONTRACTORS