Press ESC to close

Gobuster Cheat Sheet


Basic Commands

CommandDescription
gobuster dir -u <URL> -w <wordlist>Directory brute-force against a web server
gobuster dns -d <domain> -w <wordlist>DNS subdomain brute-force against a domain
gobuster vhost -u <URL> -w <wordlist>Virtual host brute-force (useful for identifying hidden vhosts)
gobuster s3 -w <wordlist>Brute-force S3 bucket names using the wordlist
gobuster fuzz -u <URL> -w <wordlist>Fuzz the URL with the wordlist
gobuster -hShow help menu and available commands

Directory and File Enumeration

CommandDescription
gobuster dir -u <URL> -w <wordlist> -t <num>Set the number of threads (default is 10)
gobuster dir -u <URL> -w <wordlist> -eShow full URLs in the output
gobuster dir -u <URL> -w <wordlist> -x <ext>Search for specific file extensions (e.g., .php, .html)
gobuster dir -u <URL> -w <wordlist> -rFollow redirects
gobuster dir -u <URL> -w <wordlist> -kSkip SSL certificate verification
gobuster dir -u <URL> -w <wordlist> --wildcardIdentify and handle wildcard responses (useful for vhosts)
gobuster dir -u <URL> -w <wordlist> -lAdd a trailing slash to each word in the wordlist

DNS Subdomain Enumeration

CommandDescription
gobuster dns -d <domain> -w <wordlist> -iShow only valid subdomains (ignore NXDOMAIN responses)
gobuster dns -d <domain> -w <wordlist> -r <resolver>Use a custom DNS resolver (e.g., 8.8.8.8)
gobuster dns -d <domain> -w <wordlist> -t <num>Set the number of threads (default is 10)

Virtual Host (VHOST) Enumeration

CommandDescription
gobuster vhost -u <URL> -w <wordlist> -t <num>Brute-force VHOSTs with a wordlist
gobuster vhost -u <URL> -w <wordlist> -kSkip SSL certificate verification

Fuzzing

CommandDescription
gobuster fuzz -u <URL> -w <wordlist> -t <num>Fuzz a URL parameter or path with a wordlist
gobuster fuzz -u http://example.com/FUZZ -w <wordlist>Replace “FUZZ” with each entry from the wordlist

Common Options

CommandDescription
-u <URL>Target URL to scan
-w <wordlist>Path to the wordlist (e.g., /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt)
-t <num>Number of concurrent threads (default is 10)
-o <output file>Output the scan results to a file
-s <status code>Filter results by status code (e.g., -s 200,301,302)
-nNo recursion; do not scan subdirectories
-kSkip SSL/TLS certificate validation
-b <status code>Blacklist specific HTTP status codes (e.g., -b 404)
-qSuppress all output except for found results

Advanced Usage

CommandDescription
gobuster dir -u <URL> -w <wordlist> -a <User-Agent>Specify a custom user-agent (e.g., -a "Mozilla/5.0")
gobuster dir -u <URL> -w <wordlist> -H 'Header: value'Add custom HTTP headers (e.g., -H 'Authorization: Bearer token')
gobuster dir -u <URL> -w <wordlist> --delay <ms>Add a delay between requests (milliseconds)
gobuster dir -u <URL> -w <wordlist> --exclude-length <len>Exclude results with a specific content length

Wordlists

  • Common Wordlists:
  • /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt
  • /usr/share/seclists/Discovery/Web-Content/common.txt
  • /usr/share/seclists/Discovery/DNS/subdomains-top1million-5000.txt

Example Scans

  1. Basic Directory Bruteforce:
   gobuster dir -u http://example.com -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt
  1. DNS Subdomain Bruteforce:
   gobuster dns -d example.com -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-5000.txt
  1. Virtual Host Brute-forcing:
   gobuster vhost -u http://example.com -w /usr/share/wordlists/virtual-hosts.txt

Leave a Reply

Your email address will not be published. Required fields are marked *