Gobuster
Gobuster is a tool used to brute-force:
- URIs (directories and files) in web sites.
- DNS subdomains (with wildcard support).
- Virtual Host names on target web servers.
- Open Amazon S3 buckets
- Open Google Cloud buckets
- TFTP servers
Key Features:
- Multiple Modes: Supports directory brute-forcing, DNS subdomain enumeration, S3 bucket enumeration, vhost enumeration, fuzzing, and TFTP file bruteforcing.
- Customizable: Allows for custom HTTP headers, TLS client certificates, and loading extensions from files.
- Pattern Support: Enables the use of pattern files for applying transformations to wordlist entries.
- Proxy Support: Supports the use of proxies for requests.
- Wordlist Input: Accepts wordlists via STDIN.
Use Cases:
- Discovering hidden directories and files on web servers.
- Identifying subdomains for a given domain.
- Enumerating virtual hosts on a target web server.
- Finding open S3 buckets.
- Fuzzing web applications for vulnerabilities.
