Gobuster

Directory and file brute-forcing, as well as DNS and virtual host enumeration

Global Options

-u -> URL or domain to target.
-w -> Wordlist file for brute-forcing.
-t -> Number of threads for concurrent requests.
-q -> Quiet mode.
-i -> Show IP addresses.
-o -> Output file to save results.
-v -> Verbose mode.
-z -> Don't display progress.
--delay duration -> DNS resolver output.

Directory Scanning

Basic Scan

gobuster dir -u http://IP -w /directory-list-2.3-medium.txt

Show length

gobuster dir -u https://example.com -w ~/wordlists/shortlist.txt -l

Common Extensions

gobuster dir -u http://IP -w /usr/share/seclists/Discovery/Web-Content/directory-list-2.3-medium.txt -t 150 -x .php,.html,.py,.git,.sh,.bak,.js,.txt,.git,.asp,.aspx,.jsp,.cgi,.env,.yaml,.yml,.json,.log,.old,.swp,.xml,.woff,.woff2

Stealthy Scan

gobuster dir -u http://example.com -w /path/to/wordlist.txt -t 2 -z 20s -a "Mozilla/5.0" -q -c "X-Forwarded-For: 192.168.1.100"

Options

-h -> Manual.
-f -> Append / to each request.
-c -> Provide Cookie.
-e -> Expanded mode.
-x -> Search for file extensions.
-r -> Follow redirects.
-H -> Specify HTTP headers.
-I -> Include length.
-k -> Skip TLS certificate verification.
-n -> Don't print status codes.
-U -> User name for Basic Auth.
-P -> Password for Basic Auth.
-p -> Provide a proxy.
-s -> Print Status code.
-b -> Print blacklisted status codes.
--timeout duration -> HTTP Timeout.
-u -> Target URL.
-a -> Set User-agent.
-d -> Search for backup files once a file is discovered.
--wildcard -> continue scanning even if a wildcard DNS entry or a similar issue is detected.

Sub-Domain Scanning

`VHOST`

Enumerate Virtual Host

gobuster vhost -u http://IP -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-20000.txt -t 200

`DNS`

Standard Scan

gobuster dns -d inlanefreight.com -w /usr/share/SecLists/Discovery/DNS/namelist.txt

Show IP

gobuster dns -d example.com -w subdomains.txt -i

DNS Reverse Lookup

gobuster dns -d example.com -w /path/to/wordlist.txt -r -t 50

Options

-h -> Manual.
-c -> Provide Cookie.
-r -> Follow redirects.
-H -> Specify HTTP headers.
-k -> Skip TLS certificate verification.
-U -> User name for Basic Auth.
-P -> Password for Basic Auth.
-p -> Provide a proxy.
--timeout duration -> HTTP Timeout.
-u -> Target URL.
-a -> Set User-agent.

`S3` Scanning

Scan Buckets

gobuster s3 -w bucket-names.txt

Previousferoxbuster NextGoWitness

Last updated 6 months ago

Directory Scanning

Basic Scan

gobuster dir -u http://IP -w /directory-list-2.3-medium.txt

Show length

gobuster dir -u https://example.com -w ~/wordlists/shortlist.txt -l

Common Extensions

gobuster dir -u http://IP -w /usr/share/seclists/Discovery/Web-Content/directory-list-2.3-medium.txt -t 150 -x .php,.html,.py,.git,.sh,.bak,.js,.txt,.git,.asp,.aspx,.jsp,.cgi,.env,.yaml,.yml,.json,.log,.old,.swp,.xml,.woff,.woff2

Stealthy Scan

gobuster dir -u http://example.com -w /path/to/wordlist.txt -t 2 -z 20s -a "Mozilla/5.0" -q -c "X-Forwarded-For: 192.168.1.100"

Options

-h -> Manual.
-f -> Append / to each request.
-c -> Provide Cookie.
-e -> Expanded mode.
-x -> Search for file extensions.
-r -> Follow redirects.
-H -> Specify HTTP headers.
-I -> Include length.
-k -> Skip TLS certificate verification.
-n -> Don't print status codes.
-U -> User name for Basic Auth.
-P -> Password for Basic Auth.
-p -> Provide a proxy.
-s -> Print Status code.
-b -> Print blacklisted status codes.
--timeout duration -> HTTP Timeout.
-u -> Target URL.
-a -> Set User-agent.
-d -> Search for backup files once a file is discovered.
--wildcard -> continue scanning even if a wildcard DNS entry or a similar issue is detected.

Sub-Domain Scanning

`VHOST`

Enumerate Virtual Host

gobuster vhost -u http://IP -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-20000.txt -t 200

`DNS`

Standard Scan

gobuster dns -d inlanefreight.com -w /usr/share/SecLists/Discovery/DNS/namelist.txt

Show IP

gobuster dns -d example.com -w subdomains.txt -i

DNS Reverse Lookup

gobuster dns -d example.com -w /path/to/wordlist.txt -r -t 50

Options

-h -> Manual.
-c -> Provide Cookie.
-r -> Follow redirects.
-H -> Specify HTTP headers.
-k -> Skip TLS certificate verification.
-U -> User name for Basic Auth.
-P -> Password for Basic Auth.
-p -> Provide a proxy.
--timeout duration -> HTTP Timeout.
-u -> Target URL.
-a -> Set User-agent.

Global Options

Directory Scanning

Options

Sub-Domain Scanning

VHOST

DNS

Options

S3 Scanning

Global Options

Directory Scanning

Options

Sub-Domain Scanning

VHOST

DNS

Options

S3 Scanning

`VHOST`

`DNS`

`S3` Scanning

`VHOST`

`DNS`

`S3` Scanning