gobuster is a powerful tool used for brute-forcing URLs, DNS subdomains, and virtual hosts. It helps identify hidden paths, directories, and subdomains on a target, making it an essential tool for web application testing and reconnaissance.
Common gobuster Modes
- dir: Brute-forces directories and files on a web server.
- dns: Brute-forces DNS subdomains for a target domain.
- vhost: Brute-forces virtual hosts on a target web server.
Additional Options
- -x: Specifies file extensions to search for (e.g.,
.php,.txt). - -t: Sets the number of threads to use (more threads increase the speed but also the load on the server).
- -v: Enables verbose output, showing additional details during the scan.
- -r: Enables recursive mode, which brute-forces inside directories found during the scan.
Examples of gobuster Commands
Brute-force virtual hosts on a target:> gobuster vhost -u http://example.com -w /path/to/wordlist.txt
Brute-force directories on a web server:> gobuster dir -u http://example.com -w /path/to/wordlist.txt
Brute-force DNS subdomains:bash> gobuster dns -d example.com -w /path/to/wordlist.txt
Brute-force directories and files with .php and .txt extensions:> gobuster dir -u http://example.com -w /path/to/wordlist.txt -x php,txt