Gobuster

Directory and file brute-forcing, as well as DNS and virtual host enumeration

Engine Options

  • -u -> URL or domain to target.

  • -w -> Wordlist file for brute-forcing.

  • -t -> Number of threads for concurrent requests.

  • -s -> HTTP status codes to include (e.g., 200, 301).

  • -b -> Exclude status codes.

  • -o -> Output file to save results.

  • -x -> File extensions to append to each word in the list (e.g., .php)

  • -l -> Follow redirects (useful for testing against web apps)

  • -a -> Set a custom user-agent.

  • -c -> Custom headers to include in requests.

  • -k -> Ignore SSL certificate verification errors.

  • -z -> Set timeout for each request.

Directory Scanning

Basic Scan
gobuster dir -u http://IP -w /usr/share/seclists/Discovery/Web-Content/directory-list-2.3-medium.txt
Stealthy Scan
gobuster dir -u http://example.com -w /path/to/wordlist.txt -t 2 -z 20s -a "Mozilla/5.0" -q -c "X-Forwarded-For: 192.168.1.100"

File Scanning

Bunch of files
gobuster dir -u http://IP -w /usr/share/seclists/Discovery/Web-Content/directory-list-2.3-medium.txt -t 150 -x .php,.html,.py,.git,.sh,.bak,.js,.txt,.git
Txt files
gobuster dir -u http://10.10.10.60 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x .txt -t 40

Sub-Domain Scanning

Enumerate Virtual Host
gobuster vhost -u http://IP -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-20000.txt -t 200
DNS 
gobuster dns -d inlanefreight.com -w /usr/share/SecLists/Discovery/DNS/namelist.txt
Show IPs of discovered subdomains
gobuster dns -d example.com -w subdomains.txt -i
DNS Reverse Lookup
gobuster dns -d example.com -w /path/to/wordlist.txt -r -t 50

PreviousffuzNextferoxbuster

Last updated