gobuster

Gobuster is a tool used to brute-force: URIs (directories and files) in web sites, DNS subdomains (with wildcard support), Virtual Host names on target web servers, Open Amazon S3 buckets, Open Google Cloud buckets and TFTP servers.

Gobuster is useful for pentesters, ethical hackers and forensics experts. It also can be used for security tests.

Installed size: 9.16 MB
How to install: sudo apt install gobuster

gobuster

Directory/file, DNS and virtual host brute-forcing tool written in Go

root@kali:~# gobuster -h
NAME:
   gobuster - the tool you love

USAGE:
   gobuster command [command options]

VERSION:
   3.8

AUTHORS:
   Christian Mehlmauer (@firefart)
   OJ Reeves (@TheColonial)

COMMANDS:
   dir      Uses directory/file enumeration mode
   vhost    Uses VHOST enumeration mode (you most probably want to use the IP address as the URL parameter)
   dns      Uses DNS subdomain enumeration mode
   fuzz     Uses fuzzing mode. Replaces the keyword FUZZ in the URL, Headers and the request body
   tftp     Uses TFTP enumeration mode
   s3       Uses aws bucket enumeration mode
   gcs      Uses gcs bucket enumeration mode
   help, h  Shows a list of commands or help for one command

GLOBAL OPTIONS:
   --help, -h     show help
   --version, -v  print the version

Learn more with OffSec

Want to learn more about gobuster? get access to in-depth training and hands-on labs:

• PEN-200: 8. Introduction to Web Application Attacks
• PEN-200: 6.5.1. Information Gathering: Active LLM-Aided enumeration

PEN-200 course

WEB-200 course