Gobuster options
Modes
- dir - directory/file enumeration
- dns - DNS subdomain enumeration
- s3 - AWS S3 bucket enumeration
- vhost - VHOST enumeration
Global options
--no-error- Do not display errors-q- Do not print the banner and other noise-t- Number of concurrent threads (default 10)-w- Path to the wordlist
DIR mode options
-u- URL to be used-s- Status code to be checked, instead of all positive status codes-x- File extension to be scanned-e- Print full URL-r- Follow redirects-a- Set the User-Agent string (default “gobuster/3.1.0”)--random-agent- Use random User-Agent string--wildcard- Continue when wildcard found
DNS mode options
-d- Domain to be used-r- Use custom DNS server-c- Show CNAMEs-i- Show IPs-k- Skip SSL verification--wildcard- Continue when wildcard found
Gobuster examples
Scan url for certain file extensions using dir mode
gobuster dir -u http://scanme.nmap.org -w /usr/share/wordlists/rockyou.txt -x php,php3,html,htm,xhtml
Scan sub-domains using vhost mode
gobuster vhost -u http://scanme.nmap.org -w /usr/share/wordlists/rockyou.txt -o output.txt
Scan sub-domains using dns mode
gobuster dns -d scanme.nmap.org -w /usr/share/wordlists/rockyou.txt -k -i