Basic Commands Command Description gobuster dir -u <URL> -w <wordlist>Directory brute-force against a web server gobuster dns -d <domain> -w <wordlist>DNS subdomain brute-force against a domain gobuster vhost -u <URL> -w <wordlist>Virtual host brute-force (useful for identifying hidden vhosts) gobuster s3 -w <wordlist>Brute-force S3 bucket names using the wordlist gobuster fuzz -u <URL> -w <wordlist>Fuzz the URL with the wordlist gobuster -hShow help menu and available commands
Directory and File Enumeration Command Description gobuster dir -u <URL> -w <wordlist> -t <num>Set the number of threads (default is 10) gobuster dir -u <URL> -w <wordlist> -eShow full URLs in the output gobuster dir -u <URL> -w <wordlist> -x <ext>Search for specific file extensions (e.g., .php, .html) gobuster dir -u <URL> -w <wordlist> -rFollow redirects gobuster dir -u <URL> -w <wordlist> -kSkip SSL certificate verification gobuster dir -u <URL> -w <wordlist> --wildcardIdentify and handle wildcard responses (useful for vhosts) gobuster dir -u <URL> -w <wordlist> -lAdd a trailing slash to each word in the wordlist
DNS Subdomain Enumeration Command Description gobuster dns -d <domain> -w <wordlist> -iShow only valid subdomains (ignore NXDOMAIN responses) gobuster dns -d <domain> -w <wordlist> -r <resolver>Use a custom DNS resolver (e.g., 8.8.8.8) gobuster dns -d <domain> -w <wordlist> -t <num>Set the number of threads (default is 10)
Virtual Host (VHOST) Enumeration Command Description gobuster vhost -u <URL> -w <wordlist> -t <num>Brute-force VHOSTs with a wordlist gobuster vhost -u <URL> -w <wordlist> -kSkip SSL certificate verification
Fuzzing Command Description gobuster fuzz -u <URL> -w <wordlist> -t <num>Fuzz a URL parameter or path with a wordlist gobuster fuzz -u http://example.com/FUZZ -w <wordlist>Replace "FUZZ" with each entry from the wordlist
Common Options Command Description -u <URL>Target URL to scan -w <wordlist>Path to the wordlist (e.g., /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt) -t <num>Number of concurrent threads (default is 10) -o <output file>Output the scan results to a file -s <status code>Filter results by status code (e.g., -s 200,301,302) -nNo recursion; do not scan subdirectories -kSkip SSL/TLS certificate validation -b <status code>Blacklist specific HTTP status codes (e.g., -b 404) -qSuppress all output except for found results
Advanced Usage Command Description gobuster dir -u <URL> -w <wordlist> -a <User-Agent>Specify a custom user-agent (e.g., -a "Mozilla/5.0") gobuster dir -u <URL> -w <wordlist> -H 'Header: value'Add custom HTTP headers (e.g., -H 'Authorization: Bearer token') gobuster dir -u <URL> -w <wordlist> --delay <ms>Add a delay between requests (milliseconds) gobuster dir -u <URL> -w <wordlist> --exclude-length <len>Exclude results with a specific content length
Wordlists
Common Wordlists :/usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt/usr/share/seclists/Discovery/Web-Content/common.txt/usr/share/seclists/Discovery/DNS/subdomains-top1million-5000.txt
Example Scans
Basic Directory Bruteforce :
gobuster dir -u http://example.com -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt
DNS Subdomain Bruteforce :
gobuster dns -d example.com -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-5000.txt
Virtual Host Brute-forcing :
gobuster vhost -u http://example.com -w /usr/share/wordlists/virtual-hosts.txt
Written by
parrotassassin15
Cybersecurity professional and contributor at Lorikeet Security.
