gobuster dir -u http://example.com -w wordlist.txt -r
gobuster dir -u http://target.com -w wordlist.txt -x php,html,txt -s 200,403
: This removes the banner and extra noise, making the output easier to pipe into other tools.
gobuster [options] <target>
# Standard vhost scan gobuster vhost -u http://10.10.10.100 -w vhosts.txt --domain target.com
is an essential, high-performance automation tool written in Go used by penetration testers and security researchers to brute-force directories, files, DNS subdomains, and virtual hosts. Because it is compiled into a native binary, it is significantly faster than interpreted script-based tools like Dirbuster or traditional Python scripts. 🛠️ Global Flags and Syntax Structure
gobuster dns -d targetdomain.com -w /usr/share/wordlists/SecLists/Discovery/DNS/subdomains-top1million-5000.txt -r 8.8.8.8 Use code with caution. 🖥️ Virtual Host Brute-Forcing ( vhost ) gobuster commands upd
(Only show results with specific response codes) gobuster dir -u -w -s 200,301 2. DNS Subdomain Enumeration ( dns ) Used to find subdomains for a target domain.
Or view the full help menu:
gobuster dns -d target.com -w /usr/share/wordlists/SecLists/Discovery/DNS/subdomains-top1million-5000.txt Use code with caution. Wildcard Handling and Custom Resolvers gobuster dir -u http://example
gobuster dns -d example.com -w subdomains.txt
To use Gobuster effectively, you must pair a mode with a target and a wordlist. Directory Discovery gobuster dir -u http://target.com -w /path/to/wordlist.txt -u : Specifies the target URL. -w : Points to the list of words to test. Subdomain Enumeration gobuster dns -d target.com -w /path/to/subdomains.txt -d : Specifies the target domain. File Extension Search