2025-03-14 21:59:59 -06:00
|
|
|
# gobuster
|
|
|
|
|
|
|
|
|
|
> Brute-forces hidden paths on web servers and more.
|
2025-05-08 12:26:01 -06:00
|
|
|
> More information: <https://github.com/OJ/gobuster#modes>.
|
2025-03-14 21:59:59 -06:00
|
|
|
|
|
|
|
|
- Discover directories and files that match in the wordlist:
|
|
|
|
|
|
2025-05-08 12:26:01 -06:00
|
|
|
`gobuster dir {{[-u|--url]}} {{https://example.com/}} {{[-w|--wordlist]}} {{path/to/file}}`
|
2025-03-14 21:59:59 -06:00
|
|
|
|
|
|
|
|
- Discover subdomains:
|
|
|
|
|
|
2025-05-08 12:26:01 -06:00
|
|
|
`gobuster dns {{[-d|--domain]}} {{example.com}} {{[-w|--wordlist]}} {{path/to/file}}`
|
2025-03-14 21:59:59 -06:00
|
|
|
|
|
|
|
|
- Discover Amazon S3 buckets:
|
|
|
|
|
|
2025-05-08 12:26:01 -06:00
|
|
|
`gobuster s3 {{[-w|--wordlist]}} {{path/to/file}}`
|
2025-03-14 21:59:59 -06:00
|
|
|
|
|
|
|
|
- Discover other virtual hosts on the server:
|
|
|
|
|
|
2025-05-08 12:26:01 -06:00
|
|
|
`gobuster vhost {{[-u|--url]}} {{https://example.com/}} {{[-w|--wordlist]}} {{path/to/file}}`
|
2025-03-14 21:59:59 -06:00
|
|
|
|
|
|
|
|
- Fuzz the value of a parameter:
|
|
|
|
|
|
2025-05-08 12:26:01 -06:00
|
|
|
`gobuster fuzz {{[-u|--url]}} {{https://example.com/?parameter=FUZZ}} {{[-w|--wordlist]}} {{path/to/file}}`
|
2025-03-14 21:59:59 -06:00
|
|
|
|
|
|
|
|
- Fuzz the name of a parameter:
|
|
|
|
|
|
2025-05-08 12:26:01 -06:00
|
|
|
`gobuster fuzz {{[-u|--url]}} {{https://example.com/?FUZZ=value}} {{[-w|--wordlist]}} {{path/to/file}}`
|
