gobuster

High-performance discovery tool for directories, DNS and cloud storage
Gobuster is a high-performance tool used to brute-force and discover:

• URIs (directories and files) in web sites
• DNS subdomains (with wildcard support)
• Virtual Host names on target web servers
• Open Amazon S3 and Google Cloud Storage (GCS) buckets
• Open TFTP servers
• Custom fuzzing with customizable parameters

Gobuster is designed for penetration testers, security professionals, and forensics experts to perform security assessments and reconnaissance.

Installed size: 9.17 MB
How to install: sudo apt install gobuster

gobuster

Directory/file, DNS and virtual host brute-forcing tool written in Go

root@kali:~# gobuster -h
NAME:
   gobuster - the tool you love

USAGE:
   gobuster command [command options]

VERSION:
   3.8.2

AUTHORS:
   Christian Mehlmauer (@firefart)
   OJ Reeves (@TheColonial)

COMMANDS:
   dir      Uses directory/file enumeration mode
   vhost    Uses VHOST enumeration mode (you most probably want to use the IP address as the URL parameter)
   dns      Uses DNS subdomain enumeration mode
   fuzz     Uses fuzzing mode. Replaces the keyword FUZZ in the URL, Headers and the request body
   tftp     Uses TFTP enumeration mode
   s3       Uses aws bucket enumeration mode
   gcs      Uses gcs bucket enumeration mode
   help, h  Shows a list of commands or help for one command

GLOBAL OPTIONS:
   --help, -h     show help
   --version, -v  print the version

Learn more with OffSec

Want to learn more about gobuster? get access to in-depth training and hands-on labs:

• PEN-200: 8. Introduction to Web Application Attacks
• PEN-200: 6.5.1. Information Gathering: Active LLM-Aided enumeration

PEN-200 course

WEB-200 course