Gobuster

Gobuster is a high-performance directory/file, DNS and virtual host brute-forcing tool written in Go. It’s designed to be fast, reliable, and easy to use for security professionals and penetration testers.

Usage

`gobuster dir`

Uses directory/file enumeration mode

Usage: gobuster dir [command options]

Option	Description
`--url value, -u value`	The target URL
`--cookies value, -c value`	Cookies to use for the requests
`--username value, -U value`	Username for Basic Auth
`--password value, -P value`	Password for Basic Auth
`--follow-redirect, -r`	Follow redirects (default: false)
`--headers value, -H value [ --headers value, -H value ]`	Specify HTTP headers, -H ‘Header1: val1’ -H ‘Header2: val2’
`--no-canonicalize-headers, --nch`	Do not canonicalize HTTP header names. If set header names are sent as is (default: false)
`--method value, -m value`	the password to the p12 file (default: “GET”)
`--useragent value, -a value`	Set the User-Agent string (default: “gobuster/3.7”)
`--random-agent, --rua`	Use a random User-Agent string (default: false)
`--proxy value`	Proxy to use for requests [http(s)://host:port] or [socks5://host:port]
`--timeout value, --to value`	HTTP Timeout (default: 10s)
`--no-tls-validation, -k`	Skip TLS certificate verification (default: false)
`--retry`	Should retry on request timeout (default: false)
`--retry-attempts value, --ra value`	Times to retry on request timeout (default: 3)
`--client-cert-pem value, --ccp value`	Public key in PEM format for optional TLS client certificates
`--client-cert-pem-key value, --ccpk value`	Private key in PEM format for optional TLS client certificates (this key needs to have no password)
`--client-cert-p12 value, --ccp12 value`	A p12 file to use for options TLS client certificates
`--client-cert-p12-password value, --ccp12p value`	The password to the p12 file
`--tls-renegotiation`	Enable TLS renegotiation (default: false)
`--interface value, --iface value`	Specify network interface to use. Can’t be used with local-ip
`--local-ip value`	Specify local ip of network interface to use. Can’t be used with interface
`--wordlist value, -w value`	Path to the wordlist. Set to - to use STDIN.
`--delay value, -d value`	Time each thread waits between requests (e.g. 1500ms) (default: 0s)
`--threads value, -t value`	Number of concurrent threads (default: 10)
`--wordlist-offset value, --wo value`	Resume from a given position in the wordlist (default: 0)
`--output value, -o value`	Output file to write results to (defaults to stdout)
`--quiet, -q`	Don’t print the banner and other noise (default: false)
`--no-progress, --np`	Don’t display progress (default: false)
`--no-error, --ne`	Don’t display errors (default: false)
`--pattern value, -p value`	File containing replacement patterns
`--discover-pattern value, --pd value`	File containing replacement patterns applied to successful guesses
`--no-color, --nc`	Disable color output (default: false)
`--debug`	Enable debug output (default: false)
`--status-codes value, -s value`	Positive status codes (will be overwritten with status-codes-blacklist if set). Can also handle ranges like 200,300-400,404
`--status-codes-blacklist value, -b value`	Negative status codes (will override status-codes if set). Can also handle ranges like 200,300-400,404. (default: “404”)
`--extensions value, -x value`	File extension(s) to search for
`--extensions-file value, -X value`	Read file extension(s) to search from the file
`--expanded, -e`	Expanded mode, print full URLs (default: false)
`--no-status, -n`	Don’t print status codes (default: false)
`--hide-length, --hl`	Hide the length of the body in the output (default: false)
`--add-slash, -f`	Append / to each request (default: false)
`--discover-backup, --db`	Upon finding a file search for backup files by appending multiple backup extensions (default: false)
`--exclude-length value, --xl value`	Exclude the following content lengths (completely ignores the status). You can separate multiple lengths by comma and it supports ranges like 203-206
`--help, -h`	Show help

`gobuster vhost`

Uses VHOST enumeration mode (you most probably want to use the IP address as the URL parameter)

Usage: gobuster vhost [options]

Option	Description
`--url value`, `-u value`	The target URL
`--cookies value`, `-c value`	Cookies to use for the requests
`--username value`, `-U value`	Username for Basic Auth
`--password value`, `-P value`	Password for Basic Auth
`--follow-redirect`, `-r`	Follow redirects (default: false)
`--headers value`, `-H value`	Specify HTTP headers, e.g. `-H 'Header1: val1' -H 'Header2: val2'`
`--no-canonicalize-headers`, `--nch`	Do not canonicalize HTTP header names. Header names are sent as is (default: false)
`--method value`, `-m value`	HTTP method to use (default: “GET”)
`--useragent value`, `-a value`	Set the User-Agent string (default: “gobuster/3.7”)
`--random-agent`, `--rua`	Use a random User-Agent string (default: false)
`--proxy value`	Proxy to use for requests [http(s)://host:port] or [socks5://host:port]
`--timeout value`, `--to value`	HTTP Timeout (default: 10s)
`--no-tls-validation`, `-k`	Skip TLS certificate verification (default: false)
`--retry`	Should retry on request timeout (default: false)
`--retry-attempts value`, `--ra value`	Times to retry on request timeout (default: 3)
`--client-cert-pem value`, `--ccp value`	Public key in PEM format for optional TLS client certificates
`--client-cert-pem-key value`, `--ccpk value`	Private key in PEM format for optional TLS client certificates (must be passwordless)
`--client-cert-p12 value`, `--ccp12 value`	A p12 file to use for optional TLS client certificates
`--client-cert-p12-password value`, `--ccp12p value`	The password to the p12 file
`--tls-renegotiation`	Enable TLS renegotiation (default: false)
`--interface value`, `--iface value`	Specify network interface to use. Can’t be used with `--local-ip`
`--local-ip value`	Specify local IP of network interface to use. Can’t be used with `--interface`
`--wordlist value`, `-w value`	Path to the wordlist. Set to `-` to use STDIN
`--delay value`, `-d value`	Time each thread waits between requests (e.g. 1500ms) (default: 0s)
`--threads value`, `-t value`	Number of concurrent threads (default: 10)
`--wordlist-offset value`, `--wo value`	Resume from a given position in the wordlist (default: 0)
`--output value`, `-o value`	Output file to write results to (defaults to stdout)
`--quiet`, `-q`	Don’t print the banner and other noise (default: false)
`--no-progress`, `--np`	Don’t display progress (default: false)
`--no-error`, `--ne`	Don’t display errors (default: false)
`--pattern value`, `-p value`	File containing replacement patterns
`--discover-pattern value`, `--pd value`	File containing replacement patterns applied to successful guesses
`--no-color`, `--nc`	Disable color output (default: false)
`--debug`	Enable debug output (default: false)
`--append-domain`, `--ad`	Append main domain from URL to words from wordlist (default: false)
`--exclude-length value`, `--xl value`	Exclude the following content lengths. Supports comma-separated and ranges like `203-206`
`--exclude-status value`, `--xs value`	Exclude the following status codes. Supports ranges like `200,300-400,404`
`--domain value`, `--do value`	Domain to append when using an IP address as URL. If empty, hostname from URL is extracted
`--force`	Force execution even when result is not guaranteed (default: false)
`--help`, `-h`	Show help

`gobuster dns`

Uses DNS subdomain enumeration mode

Usage: gobuster dns [command options]

Option	Description
`--domain value`, `--do value`	The target domain
`--check-cname`, `-c`	Also check CNAME records (default: false)
`--timeout value`, `--to value`	DNS resolver timeout (default: 1s)
`--wildcard`, `--wc`	Force continued operation when wildcard found (default: false)
`--no-fqdn`, `--nf`	Do not automatically add a trailing dot to the domain (default: false)
`--resolver value`	Use custom DNS server (format server.com or server.com:port)
`--protocol value`	Use either ‘udp’ or ‘tcp’ as protocol on the custom resolver (default: “udp”)
`--wordlist value`, `-w value`	Path to the wordlist. Set to `-` to use STDIN
`--delay value`, `-d value`	Time each thread waits between requests (e.g. 1500ms) (default: 0s)
`--threads value`, `-t value`	Number of concurrent threads (default: 10)
`--wordlist-offset value`, `--wo value`	Resume from a given position in the wordlist (default: 0)
`--output value`, `-o value`	Output file to write results to (defaults to stdout)
`--quiet`, `-q`	Don’t print the banner and other noise (default: false)
`--no-progress`, `--np`	Don’t display progress (default: false)
`--no-error`, `--ne`	Don’t display errors (default: false)
`--pattern value`, `-p value`	File containing replacement patterns
`--discover-pattern value`, `--pd value`	File containing replacement patterns applied to successful guesses
`--no-color`, `--nc`	Disable color output (default: false)
`--debug`	Enable debug output (default: false)
`--help`, `-h`	Show help

`gobuster fuzz`

Uses fuzzing mode. Replaces the keyword FUZZ in the URL, Headers and the request body

Usage: gobuster fuzz [command options]

Option	Description
`--url value`, `-u value`	The target URL
`--cookies value`, `-c value`	Cookies to use for the requests
`--username value`, `-U value`	Username for Basic Auth
`--password value`, `-P value`	Password for Basic Auth
`--follow-redirect`, `-r`	Follow redirects (default: false)
`--headers value`, `-H value`	Specify HTTP headers, e.g. `-H 'Header1: val1' -H 'Header2: val2'`
`--no-canonicalize-headers`, `--nch`	Do not canonicalize HTTP header names. Headers sent as is (default: false)
`--method value`, `-m value`	HTTP method to use (default: “GET”)
`--useragent value`, `-a value`	Set the User-Agent string (default: “gobuster/3.7”)
`--random-agent`, `--rua`	Use a random User-Agent string (default: false)
`--proxy value`	Proxy to use for requests [http(s)://host:port] or [socks5://host:port]
`--timeout value`, `--to value`	HTTP Timeout (default: 10s)
`--no-tls-validation`, `-k`	Skip TLS certificate verification (default: false)
`--retry`	Should retry on request timeout (default: false)
`--retry-attempts value`, `--ra value`	Times to retry on request timeout (default: 3)
`--client-cert-pem value`, `--ccp value`	Public key in PEM format for optional TLS client certificates
`--client-cert-pem-key value`, `--ccpk value`	Private key in PEM format for optional TLS client certificates (must have no password)
`--client-cert-p12 value`, `--ccp12 value`	A p12 file to use for optional TLS client certificates
`--client-cert-p12-password value`, `--ccp12p value`	The password to the p12 file
`--tls-renegotiation`	Enable TLS renegotiation (default: false)
`--interface value`, `--iface value`	Specify network interface to use. Can’t be used with `--local-ip`
`--local-ip value`	Specify local IP of network interface to use. Can’t be used with `--interface`
`--wordlist value`, `-w value`	Path to the wordlist. Set to `-` to use STDIN
`--delay value`, `-d value`	Time each thread waits between requests (e.g. 1500ms) (default: 0s)
`--threads value`, `-t value`	Number of concurrent threads (default: 10)
`--wordlist-offset value`, `--wo value`	Resume from a given position in the wordlist (default: 0)
`--output value`, `-o value`	Output file to write results to (defaults to stdout)
`--quiet`, `-q`	Don’t print the banner and other noise (default: false)
`--no-progress`, `--np`	Don’t display progress (default: false)
`--no-error`, `--ne`	Don’t display errors (default: false)
`--pattern value`, `-p value`	File containing replacement patterns
`--discover-pattern value`, `--pd value`	File containing replacement patterns applied to successful guesses
`--no-color`, `--nc`	Disable color output (default: false)
`--debug`	Enable debug output (default: false)
`--exclude-statuscodes value`, `-b value`	Excluded status codes. Can handle ranges like `200,300-400,404`
`--exclude-length value`, `--xl value`	Exclude content lengths (ignores status). Supports comma-separated and ranges like `203-206`
`--body value`, `-B value`	Request body
`--help`, `-h`	Show help

`gobuster tftp`

Uses TFTP enumeration mode

Usage: gobuster tftp [options]

Option	Description
`--server value`, `-s value`	The target TFTP server
`--timeout value`, `--to value`	TFTP timeout (default: 1s)
`--wordlist value`, `-w value`	Path to the wordlist. Set to `-` to use STDIN
`--delay value`, `-d value`	Time each thread waits between requests (e.g. 1500ms) (default: 0s)
`--threads value`, `-t value`	Number of concurrent threads (default: 10)
`--wordlist-offset value`, `--wo value`	Resume from a given position in the wordlist (default: 0)
`--output value`, `-o value`	Output file to write results to (defaults to stdout)
`--quiet`, `-q`	Don’t print the banner and other noise (default: false)
`--no-progress`, `--np`	Don’t display progress (default: false)
`--no-error`, `--ne`	Don’t display errors (default: false)
`--pattern value`, `-p value`	File containing replacement patterns
`--discover-pattern value`, `--pd value`	File containing replacement patterns applied to successful guesses
`--no-color`, `--nc`	Disable color output (default: false)
`--debug`	Enable debug output (default: false)
`--help`, `-h`	Show help

`gobuster s3`

Uses aws bucket enumeration mode

Usage: gobuster s3 [options]

Option	Description
`--max-files value`, `-m value`	Max files to list when listing buckets (default: 5)
`--show-files`, `-s`	Show files from found buckets (default: true)
`--wordlist value`, `-w value`	Path to the wordlist. Set to `-` to use STDIN
`--delay value`, `-d value`	Time each thread waits between requests (e.g. 1500ms) (default: 0s)
`--threads value`, `-t value`	Number of concurrent threads (default: 10)
`--wordlist-offset value`, `--wo value`	Resume from a given position in the wordlist (default: 0)
`--output value`, `-o value`	Output file to write results to (defaults to stdout)
`--quiet`, `-q`	Don’t print the banner and other noise (default: false)
`--no-progress`, `--np`	Don’t display progress (default: false)
`--no-error`, `--ne`	Don’t display errors (default: false)
`--pattern value`, `-p value`	File containing replacement patterns
`--discover-pattern value`, `--pd value`	File containing replacement patterns applied to successful guesses
`--no-color`, `--nc`	Disable color output (default: false)
`--debug`	Enable debug output (default: false)
`--useragent value`, `-a value`	Set the User-Agent string (default: “gobuster/3.7”)
`--random-agent`, `--rua`	Use a random User-Agent string (default: false)
`--proxy value`	Proxy to use for requests [http(s)://host:port] or [socks5://host:port]
`--timeout value`, `--to value`	HTTP Timeout (default: 10s)
`--no-tls-validation`, `-k`	Skip TLS certificate verification (default: false)
`--retry`	Should retry on request timeout (default: false)
`--retry-attempts value`, `--ra value`	Times to retry on request timeout (default: 3)
`--client-cert-pem value`, `--ccp value`	Public key in PEM format for optional TLS client certificates
`--client-cert-pem-key value`, `--ccpk value`	Private key in PEM format for optional TLS client certificates (must have no password)
`--client-cert-p12 value`, `--ccp12 value`	A p12 file to use for optional TLS client certificates
`--client-cert-p12-password value`, `--ccp12p value`	The password to the p12 file
`--tls-renegotiation`	Enable TLS renegotiation (default: false)
`--interface value`, `--iface value`	Specify network interface to use. Can’t be used with `--local-ip`
`--local-ip value`	Specify local IP of network interface to use. Can’t be used with `--interface`
`--help`, `-h`	Show help

`gobuster gcs`

Uses gcs bucket enumeration mode

Usage: gobuster gcs [options]

Option	Description
`--max-files value`, `-m value`	Max files to list when listing buckets (default: 5)
`--show-files`, `-s`	Show files from found buckets (default: true)
`--wordlist value`, `-w value`	Path to the wordlist. Set to `-` to use STDIN
`--delay value`, `-d value`	Time each thread waits between requests (e.g. 1500ms) (default: 0s)
`--threads value`, `-t value`	Number of concurrent threads (default: 10)
`--wordlist-offset value`, `--wo value`	Resume from a given position in the wordlist (default: 0)
`--output value`, `-o value`	Output file to write results to (defaults to stdout)
`--quiet`, `-q`	Don’t print the banner and other noise (default: false)
`--no-progress`, `--np`	Don’t display progress (default: false)
`--no-error`, `--ne`	Don’t display errors (default: false)
`--pattern value`, `-p value`	File containing replacement patterns
`--discover-pattern value`, `--pd value`	File containing replacement patterns applied to successful guesses
`--no-color`, `--nc`	Disable color output (default: false)
`--debug`	Enable debug output (default: false)
`--useragent value`, `-a value`	Set the User-Agent string (default: “gobuster/3.7”)
`--random-agent`, `--rua`	Use a random User-Agent string (default: false)
`--proxy value`	Proxy to use for requests [http(s)://host:port] or [socks5://host:port]
`--timeout value`, `--to value`	HTTP Timeout (default: 10s)
`--no-tls-validation`, `-k`	Skip TLS certificate verification (default: false)
`--retry`	Should retry on request timeout (default: false)
`--retry-attempts value`, `--ra value`	Times to retry on request timeout (default: 3)
`--client-cert-pem value`, `--ccp value`	Public key in PEM format for optional TLS client certificates
`--client-cert-pem-key value`, `--ccpk value`	Private key in PEM format for optional TLS client certificates (must have no password)
`--client-cert-p12 value`, `--ccp12 value`	A p12 file to use for optional TLS client certificates
`--client-cert-p12-password value`, `--ccp12p value`	The password to the p12 file
`--tls-renegotiation`	Enable TLS renegotiation (default: false)
`--interface value`, `--iface value`	Specify network interface to use. Can’t be used with `--local-ip`
`--local-ip value`	Specify local IP of network interface to use. Can’t be used with `--interface`
`--help`, `-h`	Show help

Knowledge Base

Explorer

gobuster