Comments (6)
I found a workaround. Converting p12 to pem format with openssl works fine.
# converting
openssl pkcs12 -in mtls.p12 -out mtls.crt.pem -clcerts -nokeys
openssl pkcs12 -in mtls.p12 -out mtls.key.pem -nocerts -nodes
# gobuster
gobuster dir -u "https://web.site" -w /usr/share/wordlists/dirb/big.txt --client-cert-pem ./mtls.crt.pem --client-cert-pem-key ./mtls.key.pem
from gobuster.
Jeah looks like this is a problem with gos implementation of pkcs12. There is already an open issue for this:
golang/go#62375
from gobuster.
Looks like hashicorp switched to another library because of this problem: hashicorp/go-azure-sdk#328
will have a look if the other library works too
from gobuster.
@gl4nce can you please try out the dev branch and see if that works for your p12?
go install github.com/OJ/gobuster/v3@dev
Thanks!
from gobuster.
That was incredibly fast. :)
Tested and working fine for me. Thanks a lot!
$ ./gobuster dir -u "https://web.site" -w /usr/share/wordlists/dirb/big.txt --client-cert-p12 ../mtls.p12 --client-cert-p12-password "password"
===============================================================
Gobuster v3.7
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@firefart)
===============================================================
[+] Url: https://web.site
[+] Method: GET
[+] Threads: 10
[+] Wordlist: /usr/share/wordlists/dirb/big.txt
[+] Negative Status codes: 404
[+] User Agent: gobuster/3.7
[+] Timeout: 10s
===============================================================
Starting gobuster in directory enumeration mode
===============================================================
/.htaccess (Status: 403) [Size: 199]
/.htpasswd (Status: 403) [Size: 199]
[...]
from gobuster.
Awesome thanks for testing :)
from gobuster.
Related Issues (20)
- invalid control character in URL HOT 1
- Is it possible to take input URLs via stdin?
- [dns] wordlist line count is always higher by one HOT 7
- Bug Report/Feature Request for vhost/fuzz mode HOT 1
- [fuzz] [fe80::1%wlp2s0]:53: server misbehaving HOT 1
- [New functionnality] - Insensitive option HOT 1
- Is it possible to scan domain like https://pubaccount10086.blob.core.windows.net? HOT 1
- Not able to perform directory enumerations HOT 5
- Recursive directory bruteforcing HOT 1
- Add `--exclude-dir` on dir mode HOT 1
- Pattern flag adds to the number of requests HOT 1
- Feature Request: Ability to input multiple wordlist files HOT 1
- gobuster -u http://fakebank.com -w wordlist.txt dir HOT 3
- Vhost not working as expected HOT 1
- Status 404? HOT 1
- Vhost not working properly HOT 1
- please add scan recursively in dir scan
- delete mistake
- No answer or help was given, the topic was simply closed. Nice support
- I want a solution to this problem
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from gobuster.