GoBuster basic example

Cli

DIR mode

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
gobuster -u https://mysite.com/path/to/folder -c 'session=123456' -t 50 -w common-files.txt -x .php,.html


# -t Number of threads
gobuster -u http://httpbin.org/ -w words.txt -t 10
/index (Status: 200)
/posts (Status: 301)
/contact (Status: 301)

# -v Verbose output
gobuster -u http://httpbin.org/ -w words.txt -v
Found : /index (Status: 200)
Missed: /derp (Status: 404)
Found : /posts (Status: 301)

# -l Show content length
gobuster -u http://httpbin.org/ -w words.txt -l
/contact (Status: 301)
/posts (Status: 301)
/index (Status: 200) [Size: 61481]

# -n No status code
# -q Quiet output
# -e "grep` mode"
gobuster -u http://httpbin.org/ -w words.txt -q -n -e
http://httpbin.org/ip
http://httpbin.org/index
http://httpbin.org/uuid

DNS mode

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
gobuster -m dns -w subdomains.txt -u google.com
Found: m.google.com
Found: mobile.google.com
Found: search.google.com

# -i Show IP
gobuster -m dns -w subdomains.txt -u google.com -i
Found: chrome.google.com [2404:6800:4006:801::200e, 216.58.220.110]
Found: m.google.com [216.58.220.107, 2404:6800:4006:801::200b]
Found: www.google.com [74.125.237.179, 74.125.237.177, 74.125.237.178, 74.125.237.180, 74.125.237.176, 2404:6800:4006:801::2004]

# -fw Force wildcard
gobuster -m dns -w subdomains.txt -u google.com -fw
[-] Wildcard DNS found. IP address(es):  123.123.123.123
Found: email.doesntexist.com
^C[!] Keyboard interrupt detected, terminating.

Reference

https://github.com/OJ/gobuster
https://www.owasp.org/index.php/Category:OWASP_DirBuster_Project