Gobuster
Directory/file/DNS subdomain brute-forcing tool written in Go
Methods10 commands
#bruteforce#discovery#dns#directory
Installation
1Install via package manager or Go
2Download wordlists
3Verify installation
# Kali Linux
apt install gobuster
# Using Go
go install github.com/OJ/gobuster/v3@latest
# Verify
gobuster --helpBasic Usage
Brute-force directories, files, DNS subdomains, and vhosts
# Directory bruteforce
gobuster dir -u https://target.com -w wordlist.txt
# DNS subdomain enumeration
gobuster dns -d target.com -w subdomains.txt
# Virtual host discovery
gobuster vhost -u https://target.com -w vhosts.txtCommand Reference
10 commands
1Directory/file bruteforce mode
dir2DNS subdomain enumeration mode
dns3Virtual host discovery mode
vhost4Target URL
-u5Wordlist path
-w6Number of threads
-t7File extensions to search
-x8Status codes to include
-s9Skip TLS verification
-k10Output file
-oWhen to Use
1
Finding hidden directories and files2
DNS subdomain enumeration3
Virtual host discovery bypassing DNS4
When ffuf is not available5
Quick content discoveryNotes & Tips
1
Faster than ffuf for directory bruteforcing2
Use -x for extension bruteforcing (.php,.asp,.txt)3
DNS mode uses wildcard detection4
vhost mode doesn't depend on DNS resolutionCommon Errors & Solutions
No results
Try different wordlist or check target is accessible
Wildcard DNS detected
Gobuster handles this automatically with DNS mode
Too slow
Increase threads with -t flag