2021-01-30 19:45:12 +00:00
|
|
|
# gobuster
|
|
|
|
|
|
|
|
|
|
> Brute-forces hidden paths on web servers and more.
|
2025-04-27 10:59:15 +03:00
|
|
|
> More information: <https://github.com/OJ/gobuster#modes>.
|
2021-01-30 19:45:12 +00:00
|
|
|
|
|
|
|
|
- Discover directories and files that match in the wordlist:
|
|
|
|
|
|
2025-04-27 10:59:15 +03:00
|
|
|
`gobuster dir {{[-u|--url]}} {{https://example.com/}} {{[-w|--wordlist]}} {{path/to/file}}`
|
2021-01-30 19:45:12 +00:00
|
|
|
|
|
|
|
|
- Discover subdomains:
|
|
|
|
|
|
2025-04-27 10:59:15 +03:00
|
|
|
`gobuster dns {{[-d|--domain]}} {{example.com}} {{[-w|--wordlist]}} {{path/to/file}}`
|
2021-01-30 19:45:12 +00:00
|
|
|
|
|
|
|
|
- Discover Amazon S3 buckets:
|
|
|
|
|
|
2025-04-27 10:59:15 +03:00
|
|
|
`gobuster s3 {{[-w|--wordlist]}} {{path/to/file}}`
|
2021-01-30 19:45:12 +00:00
|
|
|
|
|
|
|
|
- Discover other virtual hosts on the server:
|
|
|
|
|
|
2025-04-27 10:59:15 +03:00
|
|
|
`gobuster vhost {{[-u|--url]}} {{https://example.com/}} {{[-w|--wordlist]}} {{path/to/file}}`
|
2021-01-30 19:45:12 +00:00
|
|
|
|
|
|
|
|
- Fuzz the value of a parameter:
|
|
|
|
|
|
2025-04-27 10:59:15 +03:00
|
|
|
`gobuster fuzz {{[-u|--url]}} {{https://example.com/?parameter=FUZZ}} {{[-w|--wordlist]}} {{path/to/file}}`
|
2021-01-30 19:45:12 +00:00
|
|
|
|
|
|
|
|
- Fuzz the name of a parameter:
|
|
|
|
|
|
2025-04-27 10:59:15 +03:00
|
|
|
`gobuster fuzz {{[-u|--url]}} {{https://example.com/?FUZZ=value}} {{[-w|--wordlist]}} {{path/to/file}}`
|
