handbook/tools/3.Web-Hacking/1.Brute-Force/2.Fuzz/Gobuster.md
2024-08-31 01:07:22 +02:00

1.8 KiB

What is Gobuster?

Gobuster is an open-source command-line tool used for directory and DNS subdomain brute-forcing. It allows users to discover hidden files and directories on a web server, and find subdomains on a given domain.

The tool works by sending HTTP/HTTPS requests to the web server or DNS queries to the domain name server, and analyzes the responses to determine if there are any hidden files, directories or subdomains.

# Common Use and Commands:

Gobuster is commonly used by security researchers, penetration testers and system administrators to identify potential security vulnerabilities and weaknesses in web applications.

The following are some common commands used in Gobuster:

Scan for directories:

gobuster dir -u <url> -w <wordlist>

gobuster dir -u <url> -w <wordlist> -x "html,txt,php,zip,..." -t 25 --timeout Xs  --exclude-length X
  • -u ---> URL
  • -w ---> Wordlist
  • -x ---> Append at the end of the directory
  • -t ---> treats
  • --timeout ---> Add some time between respond
  • --exclude-lenght ---> Exclude result that has X bytes of data

Scan for subdomains:

gobuster dns -d <domain> -w <wordlist>

Gobuster supports multiple options and flags to customize the scan, such as setting the user-agent, specifying the proxy, setting the timeout and enabling recursion.

More Information

For more information on Gobuster, including the latest updates and documentation, please visit the project's official Github repository: https://github.com/OJ/gobuster