36 lines
1.7 KiB
Markdown
36 lines
1.7 KiB
Markdown
## What is Gobuster?
|
|
|
|
Gobuster is an open-source command-line tool used for directory and DNS subdomain brute-forcing. It allows users to discover hidden files and directories on a web server, and find subdomains on a given domain.
|
|
|
|
The tool works by sending HTTP/HTTPS requests to the web server or DNS queries to the domain name server, and analyzes the responses to determine if there are any hidden files, directories or subdomains.
|
|
|
|
## Common Use and Commands:
|
|
Gobuster is commonly used by security researchers, penetration testers and system administrators to identify potential security vulnerabilities and weaknesses in web applications.
|
|
|
|
The following are some common commands used in Gobuster:
|
|
|
|
Scan for directories:
|
|
```
|
|
gobuster dir -u <url> -w <wordlist>
|
|
|
|
gobuster dir -u <url> -w <wordlist> -x "html,txt,php,zip,..." -t 25 --timeout Xs --exclude-length X
|
|
```
|
|
- -u ---> URL
|
|
- -w ---> Wordlist
|
|
- -x ---> Append at the end of the directory
|
|
- -t ---> treats
|
|
- --timeout ---> Add some time between respond
|
|
- --exclude-lenght ---> Exclude result that has X bytes of data
|
|
|
|
Scan for subdomains:
|
|
```
|
|
gobuster dns -d <domain> -w <wordlist>
|
|
```
|
|
|
|
Gobuster supports multiple options and flags to customize the scan, such as setting the user-agent, specifying the proxy, setting the timeout and enabling recursion.
|
|
|
|
## More Information
|
|
|
|
For more information on Gobuster, including the latest updates and documentation, please visit the project's official Github repository: https://github.com/OJ/gobuster
|
|
|