Gobuster
Gobuster (9.0k β) is a popular web scanner mainly used for forced browsing with these wordlists.
$ gobuster dir -u URL -w wordlist
Add -k
to scan a target with an expired HTTPS certificate.
$ gobuster [...] -k
You can append extensions to wordlist words
$ gobuster [...] -w php
$ gobuster [...] -w php,html
Gobuster is slow by default. Increase the number of threads to make it work faster using -t n
, and $n$ the number of threads.
$ gobuster [...] -t 50 # usual
$ gobuster [...] -t 64 # common
$ gobuster [...] -t 100 # may be too much
Other options
-
-U
: username -
-P
: password -
-p
: proxy -
-c
: a cookie (for instance, to simulated that we are logged) -
-r NS
: use a custom nameserver -
-H 'Name:value'
: a header -
--exclude-length x
: exclude responses with this length
Special uses
Fuzzing
Refer to gobuster fuzz π».
subdomains brute force
For subdomains brute force, you can use:
$ gobuster dns -d URL -w wordlist
$ gobuster dns -q -r NS -d URL -w wordlist
$ gobuster dns -d example.com -w wordlist # example
vhost brute force
For vhosts brute force, you can use:
$ gobuster vhost -u URL -w wordlist --append-domain
In newer versions, you need to add --append-domain
to check xxx.example.com
, and not just xxx
.
π» To-do π»
Stuff that I found, but never read/used yet.
-
-p pattern_file
(with{GOBUSTER}
inside) -
-s status_codes