LogoHackDB
icon of Gobuster

Gobuster

Gobuster is a tool to brute-force URIs, DNS subdomains, and virtual hostnames, aiding in web application reconnaissance.

Introduction

Gobuster

Gobuster is a tool used to brute-force:

  • URIs (directories and files) in web sites.
  • DNS subdomains (with wildcard support).
  • Virtual Host names on target web servers.
  • Open Amazon S3 buckets
  • Open Google Cloud buckets
  • TFTP servers
Key Features:
  • Multiple Modes: Supports directory brute-forcing, DNS subdomain enumeration, S3 bucket enumeration, vhost enumeration, fuzzing, and TFTP file bruteforcing.
  • Customizable: Allows for custom HTTP headers, TLS client certificates, and loading extensions from files.
  • Pattern Support: Enables the use of pattern files for applying transformations to wordlist entries.
  • Proxy Support: Supports the use of proxies for requests.
  • Wordlist Input: Accepts wordlists via STDIN.
Use Cases:
  • Discovering hidden directories and files on web servers.
  • Identifying subdomains for a given domain.
  • Enumerating virtual hosts on a target web server.
  • Finding open S3 buckets.
  • Fuzzing web applications for vulnerabilities.

Newsletter

Join the Community

Subscribe to our newsletter for the latest news and updates