https://github.com/OJ/gobuster
# gobuster version
3.6
Usage:
gobuster [command]
Available Commands:
completion Generate the autocompletion script for the specified shell
dir Uses directory/file enumeration mode
dns Uses DNS subdomain enumeration mode
fuzz Uses fuzzing mode. Replaces the keyword FUZZ in the URL, Headers and the request body
gcs Uses gcs bucket enumeration mode
help Help about any command
s3 Uses aws bucket enumeration mode
tftp Uses TFTP enumeration mode
version shows the current version
vhost Uses VHOST enumeration mode (you most probably want to use the IP address as the URL parameter)
Flags:
--debug Enable debug output
--delay duration Time each thread waits between requests (e.g. 1500ms)
-h, --help help for gobuster
--no-color Disable color output
--no-error Don't display errors
-z, --no-progress Don't display progress
-o, --output string Output file to write results to (defaults to stdout)
-p, --pattern string File containing replacement patterns
-q, --quiet Don't print the banner and other noise
-t, --threads int Number of concurrent threads (default 10)
-v, --verbose Verbose output (errors)
-w, --wordlist string Path to the wordlist. Set to - to use STDIN.
--wordlist-offset int Resume from a given position in the wordlist (defaults to 0)
Use "gobuster [command] --help" for more information about a command.
Example: Brute force file extensions php, txt, sh, xxa
root@X220:~# gobuster dir -u http://10.10.169.48/secret -w /usr/share/wordlists/dirb/common.txt -x php,txt,sh,xxa =============================================================== Gobuster v3.0.1 by OJ Reeves (@TheColonial) & Christian Mehlmauer (@_FireFart_) =============================================================== [+] Url: http://10.10.169.48/secret [+] Threads: 10 [+] Wordlist: /usr/share/wordlists/dirb/common.txt [+] Status codes: 200,204,301,302,307,401,403 [+] User Agent: gobuster/3.0.1 [+] Extensions: xxa,php,txt,sh [+] Timeout: 10s =============================================================== 2020/12/03 15:20:40 Starting gobuster =============================================================== /secret.txt (Status: 200) =============================================================== 2020/12/03 15:24:28 Finished =============================================================== root@X220:~#
Example: Brute force file extensions php, txt, html
gobuster dir -u http://10.10.196.97 -w /usr/share/seclists/Discovery/Web-Content/big.txt -x php,txt,html
Example: Brute force VHOST
gobuster vhost
Example dns subdomain
# gobuster dns -d team.thm -w /usr/share/wordlists/common.txt --wildcard =============================================================== Gobuster v3.0.1 by OJ Reeves (@TheColonial) & Christian Mehlmauer (@_FireFart_) =============================================================== [+] Domain: team.thm [+] Threads: 10 [+] Wildcard forced: true [+] Timeout: 1s [+] Wordlist: /usr/share/wordlists/common.txt =============================================================== 2021/03/06 11:56:51 Starting gobuster =============================================================== Found: dev.team.thm =============================================================== 2021/03/06 11:58:11 Finished =============================================================== #
Referrences
Gobuster Tutorial – How to Find Hidden Directories, Sub-Domains, and S3 Buckets
Practice
Offensive Security Introduction
The Cod Caper | Task 3 - Web Enumeration
dirb
ffuf