___________ __________ _____ ________ ________ .____ ___________ \_ _____/ \______ \ / _ \ / _____/ / _____/ | | \_ _____/ | __) | _/ / /_\ \ / \ ___ / \ ___ | | | __)_ | \ | | \ / | \ \ \_\ \ \ \_\ \ | |___ | \ \___ / |____|_ / \____|__ / \______ / \______ / |_______ \ /_______ / \/ \/ \/ \/ \/ \/ \/

gobuster Cheatsheet

← Back to cheatsheets

← Home

Gobuster is a tool for brute-forcing URIs (directories and files), DNS subdomains, virtual host names, and S3 buckets. Written in Go for speed.

Modes

  • gobuster dir - Directory/file brute forcing
  • gobuster dns - DNS subdomain brute forcing
  • gobuster vhost - Virtual host brute forcing
  • gobuster s3 - S3 bucket brute forcing
  • gobuster fuzz - Fuzzing mode

Directory Mode (dir)

Basic Usage

  • gobuster dir -u <url> -w <wordlist> - Basic directory scan

Options

  • -u, --url - Target URL
  • -w, --wordlist - Wordlist file
  • -x, --extensions - File extensions (php,txt,html)
  • -s, --status-codes - Show status codes (default 200,204,301,302,307,401,403)
  • -b, --status-codes-blacklist - Hide status codes
  • -e, --expanded - Print full URLs
  • -r, --follow-redirect - Follow redirects
  • -k, --no-tls-validation - Skip TLS verification
  • -n, --no-status - Don't print status codes
  • -f, --add-slash - Append / to each request

DNS Mode (dns)

Basic Usage

  • gobuster dns -d <domain> -w <wordlist> - DNS enumeration

Options

  • -d, --domain - Target domain
  • -w, --wordlist - Wordlist file
  • -r, --resolver - DNS resolver
  • -c, --show-cname - Show CNAME records
  • -i, --show-ips - Show IP addresses
  • --wildcard - Force wildcard detection

VHost Mode (vhost)

Basic Usage

  • gobuster vhost -u <url> -w <wordlist> - Virtual host discovery

Options

  • -u, --url - Target URL
  • -w, --wordlist - Wordlist file
  • --append-domain - Append domain to wordlist entries

Global Options

  • -t, --threads - Concurrent threads (default 10)
  • -o, --output - Output file
  • -q, --quiet - Quiet mode (no banner)
  • -z, --no-progress - Don't show progress
  • --delay - Delay between requests
  • --timeout - Request timeout (default 10s)
  • -v, --verbose - Verbose output

HTTP Options

  • -a, --useragent - Custom User-Agent
  • -c, --cookies - Cookies to use
  • -H, --headers - Custom headers
  • -U, --username - Basic auth username
  • -P, --password - Basic auth password
  • -p, --proxy - Proxy URL

Common Examples

Basic Directory Scan

gobuster dir -u http://example.com -w /usr/share/wordlists/dirb/common.txt

Find directories and files.

With Extensions

gobuster dir -u http://example.com -w wordlist.txt -x php,html,txt

Search for specific file types.

Fast Scan

gobuster dir -u http://example.com -w wordlist.txt -t 50

50 concurrent threads.

Save Output

gobuster dir -u http://example.com -w wordlist.txt -o results.txt

Save results to file.

Hide Status Codes

gobuster dir -u http://example.com -w wordlist.txt -b 404,403

Hide 404 and 403 responses.

With Auth

gobuster dir -u http://example.com -w wordlist.txt -U admin -P password

Basic authentication.

DNS Subdomain Scan

gobuster dns -d example.com -w subdomains.txt -i

Find subdomains with IPs.

Virtual Host Discovery

gobuster vhost -u http://example.com -w vhosts.txt

Find virtual hosts.

Through Proxy

gobuster dir -u http://example.com -w wordlist.txt -p http://127.0.0.1:8080

Route through Burp Suite.

Common Wordlists

  • /usr/share/wordlists/dirb/common.txt
  • /usr/share/wordlists/dirb/big.txt
  • /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt
  • /usr/share/seclists/Discovery/Web-Content/
  • /usr/share/seclists/Discovery/DNS/

Tips

  • Use -x to append file extensions to each word
  • Increase threads (-t) for faster scans
  • Use -k when target has self-signed certs
  • Blacklist common error codes with -b
  • Route through Burp for detailed analysis
  • Combine with nikto and nuclei for full coverage
  • Use SecLists for comprehensive wordlists
  • Always get authorization before scanning

← Back to cheatsheets

← Home