Skip to content
ZaoDocs

Gobuster Cheatsheet

Gobuster Cheatsheet

About gobuster

Gobuster is a tool used to brute-force: URIs (directories and files) in web sites, DNS subdomains (with wildcard support), Virtual Host names on target web servers, Open Amazon S3 buckets, Open Google Cloud buckets and TFTP servers.

Commmon Snippets

Terminal window
gobuster dir -u $url -w $wordlist -t $threads -v                     # Directorios
gobuster vhost -u $url -w $wordlist --append-domain -t 200           # Subdominios

Table of Contents

Overview

Gobuster is a versatile tool used for brute-forcing:

  • URIs (directories and files)
  • DNS subdomains
  • Virtual Host names
  • Open Amazon S3 buckets

Installation

Terminal window
sudo apt update
sudo apt install gobuster

Global Options

Terminal window
-z, --no-progress  # Don't display progress
-o, --output      # Output file to write results
-q, --quiet       # Don't print banner and noise
-t, --threads     # Number of concurrent threads (default 10)
-v, --verbose     # Verbose output (errors)
-w, --wordlist    # Path to the wordlist
-i, --show-ips    # Show IP addresses
--delay           # Time delay between requests

Mode Types

Available modes and their descriptions:

  • dir: Classic directory brute-forcing mode
  • dns: DNS subdomain brute-forcing mode
  • vhost: Virtual host brute-forcing mode
  • s3: AWS S3 bucket enumeration mode

Directory Mode

Terminal window
-u, --url                # Target URL
-f, --add-slash         # Append / to each request
-c, --cookies           # Cookies to use
-e, --expanded         # Expanded mode, print full URLs
-x, --extensions       # File extension(s) to search
-r, --follow-redirect  # Follow redirects
-H, --headers         # Specify HTTP headers
-l, --include-length  # Include body length in output
-k, --no-tls-validation # Skip TLS verification
-n, --no-status       # Don't print status codes
-P, --password        # Password for Basic Auth
-p, --proxy           # Proxy to use
-s, --status-codes    # Positive status codes
-b, --status-codes-blacklist # Negative status codes
-a, --useragent       # Set User-Agent
-U, --username        # Username for Basic Auth
-d, --discover-backup # Search for backup files
--wildcard           # Force continued operation when wildcard found

DNS Mode

Terminal window
-d, --domain        # Target domain
-r, --resolver      # Custom DNS server
-c, --show-cname    # Show CNAME records
-i, --show-ips      # Show IP addresses
--timeout          # DNS resolver timeout (default 1s)

VHOST Mode

Terminal window
-u, --url               # Target URL
-c, --cookies          # Cookies to use
-r, --follow-redirect  # Follow redirects
-H, --headers         # HTTP headers
-k, --no-tls-validation # Skip TLS verification
-P, --password        # Basic Auth password
-p, --proxy           # Proxy to use
-a, --useragent       # User-Agent string
-U, --username        # Basic Auth username

S3 Mode

Terminal window
# Basic S3 bucket enumeration
gobuster s3 -w bucket-names.txt


# With custom options
gobuster s3 \
  -w bucket-names.txt \
  --timeout 20s \
  -t 50

Advanced Techniques

Custom Status Code Handling

Terminal window
# Include specific status codes
gobuster dir \
  -u http://example.com \
  -w wordlist.txt \
  -s "200,204,301,302,307,401,403"


# Exclude status codes
gobuster dir \
  -u http://example.com \
  -w wordlist.txt \
  -b "404,500,501"

Authentication and Headers

Terminal window
# Basic authentication
gobuster dir \
  -u http://example.com \
  -w wordlist.txt \
  -U username \
  -P password


# Custom headers
gobuster dir \
  -u http://example.com \
  -w wordlist.txt \
  -H "Authorization: Bearer token" \
  -H "X-Custom-Header: value"