Gobuster

Directory and file brute-forcing, as well as DNS and virtual host enumeration

Global Options

  • -u -> URL or domain to target.

  • -w -> Wordlist file for brute-forcing.

  • -t -> Number of threads for concurrent requests.

  • -q -> Quiet mode.

  • -i -> Show IP addresses.

  • -o -> Output file to save results.

  • -v -> Verbose mode.

  • -z -> Don't display progress.

  • --delay duration -> DNS resolver output.

Directory Scanning
Basic Scan
gobuster dir -u http://IP -w /directory-list-2.3-medium.txt
Show length
gobuster dir -u https://example.com -w ~/wordlists/shortlist.txt -l
Common Extensions
gobuster dir -u http://IP -w /usr/share/seclists/Discovery/Web-Content/directory-list-2.3-medium.txt -t 150 -x .php,.html,.py,.git,.sh,.bak,.js,.txt,.git,.asp,.aspx,.jsp,.cgi,.env,.yaml,.yml,.json,.log,.old,.swp,.xml,.woff,.woff2
Stealthy Scan
gobuster dir -u http://example.com -w /path/to/wordlist.txt -t 2 -z 20s -a "Mozilla/5.0" -q -c "X-Forwarded-For: 192.168.1.100"

Options

  • -h -> Manual.

  • -f -> Append / to each request.

  • -c -> Provide Cookie.

  • -e -> Expanded mode.

  • -x -> Search for file extensions.

  • -r -> Follow redirects.

  • -H -> Specify HTTP headers.

  • -I -> Include length.

  • -k -> Skip TLS certificate verification.

  • -n -> Don't print status codes.

  • -U -> User name for Basic Auth.

  • -P -> Password for Basic Auth.

  • -p -> Provide a proxy.

  • -s -> Print Status code.

  • -b -> Print blacklisted status codes.

  • --timeout duration -> HTTP Timeout.

  • -u -> Target URL.

  • -a -> Set User-agent.

  • -d -> Search for backup files once a file is discovered.

  • --wildcard -> continue scanning even if a wildcard DNS entry or a similar issue is detected.

Sub-Domain Scanning

VHOST

Enumerate Virtual Host
gobuster vhost -u http://IP -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-20000.txt -t 200

DNS

Standard Scan 
gobuster dns -d inlanefreight.com -w /usr/share/SecLists/Discovery/DNS/namelist.txt
Show IP
gobuster dns -d example.com -w subdomains.txt -i
DNS Reverse Lookup
gobuster dns -d example.com -w /path/to/wordlist.txt -r -t 50

Options

  • h -> Manual.

  • -c -> Provide Cookie.

  • -r -> Follow redirects.

  • -H -> Specify HTTP headers.

  • -k -> Skip TLS certificate verification.

  • -U -> User name for Basic Auth.

  • -P -> Password for Basic Auth.

  • -p -> Provide a proxy.

  • --timeout duration -> HTTP Timeout.

  • -u -> Target URL.

  • -a -> Set User-agent.

S3 Scanning
Scan Buckets
gobuster s3 -w bucket-names.txt
PreviousferoxbusterNextGoWitness

Last updated