D3F4
>Loading command center_
Directory, file, DNS, VHost, S3 bucket, and TFTP bruteforce tool written in Go. Fast and flexible enumeration for web targets.
Official docsBrute-force directories and files on a web server
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txtBrute-force directories and look for specific file types
gobuster dir -u http://target.com -w wordlist.txt -x php,html,txt,bakEnumerate subdomains via DNS brute-force
gobuster dns -d target.com -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-5000.txtDiscover virtual hosts on the target web server
gobuster vhost -u http://target.com -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-5000.txt --append-domainOnly show responses with specific HTTP status codes
gobuster dir -u http://target.com -w wordlist.txt -s 200,204,301,302,307Speed up the scan by increasing thread count
gobuster dir -u http://target.com -w wordlist.txt -t 50Ignore TLS certificate errors on HTTPS targets
gobuster dir -u https://target.com -w wordlist.txt -kSet a custom User-Agent string for requests
gobuster dir -u http://target.com -w wordlist.txt -a 'Mozilla/5.0 (Windows NT 10.0; Win64; x64)'Include session cookies for authenticated scanning
gobuster dir -u http://target.com -w wordlist.txt -c 'session=abc123; auth=xyz'Save discovered paths to a results file
gobuster dir -u http://target.com -w wordlist.txt -o results.txtBrute-force AWS S3 bucket names
gobuster s3 -w bucket-names.txtFollow HTTP redirects during directory scanning
gobuster dir -u http://target.com -w wordlist.txt -r