tldr/pages/common/gobuster.md

792 B

gobuster

Brute-forces hidden paths on web servers and more. More information: https://github.com/OJ/gobuster.

  • Discover directories and files that match in the wordlist:

gobuster dir --url {{https://example.com/}} --wordlist {{path/to/file}}

  • Discover subdomains:

gobuster dns --domain {{example.com}} --wordlist {{path/to/file}}

  • Discover Amazon S3 buckets:

gobuster s3 --wordlist {{path/to/file}}

  • Discover other virtual hosts on the server:

gobuster vhost --url {{https://example.com/}} --wordlist {{path/to/file}}

  • Fuzz the value of a parameter:

gobuster fuzz --url {{https://example.com/?parameter=FUZZ}} --wordlist {{path/to/file}}

  • Fuzz the name of a parameter:

gobuster fuzz --url {{https://example.com/?FUZZ=value}} --wordlist {{path/to/file}}