Gobuster

💻 Introduction

A fast and flexible brute-forcing tool written in Go

Gobuster is a high-performance directory/file, DNS and virtual host brute-forcing tool written in Go. It's designed to be fast, reliable, and easy to use for security professionals and penetration testers.

✨ Features

• 🚀 High Performance: Multi-threaded scanning with configurable concurrency
• 🔍 Multiple Modes: Directory, DNS, virtual host, S3, GCS, TFTP, and fuzzing modes
• 🛡️ Security Focused: Built for penetration testing and security assessments
• 🐳 Docker Support: Available as a Docker container
• 🔧 Extensible: Pattern-based scanning and custom wordlists

🎯 What Can Gobuster Do?

• Web Directory/File Enumeration: Discover hidden directories and files on web servers
• DNS Subdomain Discovery: Find subdomains with wildcard support
• Virtual Host Detection: Identify virtual hosts on target web servers
• Cloud Storage Enumeration: Discover open Amazon S3 and Google Cloud Storage buckets
• TFTP File Discovery: Find files on TFTP servers
• Custom Fuzzing: Flexible fuzzing with customizable parameters

🚀 Quick Start

# Install gobuster
go install github.com/OJ/gobuster/v3@latest

# Basic directory enumeration
gobuster dir -u https://example.com -w /path/to/wordlist.txt

# DNS subdomain enumeration
gobuster dns -do example.com -w /path/to/wordlist.txt

# Virtual host discovery
gobuster vhost -u https://example.com -w /path/to/wordlist.txt

# S3 bucket enumeration
gobuster s3 -w /path/to/bucket-names.txt

📦 Installation

Quick Install (Recommended)

go install github.com/OJ/gobuster/v3@latest

Requirements: Go 1.24 or higher

Alternative Installation Methods

Using Binary Releases

Download pre-compiled binaries from the releases page.

Using Docker

# Pull the latest image
docker pull ghcr.io/oj/gobuster:latest

# Run gobuster in Docker
docker run --rm -it ghcr.io/oj/gobuster:latest dir -u https://example.com -w /usr/share/wordlists/dirb/common.txt

Building from Source

git clone https://github.com/OJ/gobuster.git
cd gobuster
go mod tidy
go build

Troubleshooting Installation

If you encounter issues:

• Ensure Go version 1.24+ is installed: go version
• Check your $GOPATH and $GOBIN environment variables
• Verify $GOPATH/bin is in your $PATH

🎯 Usage

Gobuster uses a mode-based approach. Each mode is designed for specific enumeration tasks:

gobuster [mode] [options]

Getting Help

gobuster help                   # Show general help
gobuster help [mode]            # Show help for specific mode
gobuster [mode] --help          # Alternative help syntax

📊 Available Modes

🌐 Directory Mode (dir)

Enumerate directories and files on web servers.

Basic Usage:

gobuster dir -u https://example.com -w wordlist.txt

Advanced Options:

# With file extensions
gobuster dir -u https://example.com -w wordlist.txt -x php,html,js,txt

# With custom headers and cookies
gobuster dir -u https://example.com -w wordlist.txt -H "Authorization: Bearer token" -c "session=value"

# Show response length
gobuster dir -u https://example.com -w wordlist.txt -l

# Filter by status codes
gobuster dir -u https://example.com -w wordlist.txt -s 200,301,302

🔍 DNS Mode (dns)

Discover subdomains through DNS resolution.

Basic Usage:

gobuster dns -do example.com -w wordlist.txt

Advanced Options:

# Use custom DNS server
gobuster dns -do example.com -w wordlist.txt -r 8.8.8.8:53

# Increase threads for faster scanning
gobuster dns -do example.com -w wordlist.txt -t 50

🏠 Virtual Host Mode (vhost)

Discover virtual hosts on web servers.

Basic Usage:

gobuster vhost -u https://example.com --append-domain -w wordlist.txt

☁️ S3 Mode (s3)

Enumerate Amazon S3 buckets.

Basic Usage:

gobuster s3 -w bucket-names.txt

With Debug Output:

gobuster s3 -w bucket-names.txt --debug

🖥️ TFTP Mode (tftp)

Enumerate files on tftp servers.

Basic Usage:

gobuster tftp -s 10.0.0.1 -w wordlist.txt

☁️ GCS Mode (gcs)

Enumerate Google Cloud Storage Buckets.

Basic Usage:

gobuster gcs -w bucket-names.txt

With Debug Output:

gobuster gcs -w bucket-names.txt --debug

🔧 Fuzz Mode (fuzz)

Custom fuzzing with the FUZZ keyword.

Basic Usage:

gobuster fuzz -u https://example.com?FUZZ=test -w wordlist.txt

Advanced Examples:

# Fuzz URL parameters
gobuster fuzz -u https://example.com?param=FUZZ -w wordlist.txt

# Fuzz headers
gobuster fuzz -u https://example.com -H "X-Custom-Header: FUZZ" -w wordlist.txt

# Fuzz POST data
gobuster fuzz -u https://example.com -d "username=admin&password=FUZZ" -w passwords.txt

💰 Support

Love this tool? Back it!

If you're backing us already, you rock. If you're not, that's cool too! Want to back us? Become a backer!

All funds that are donated to this project will be donated to charity. A full log of charity donations will be available in this repository as they are processed.

💡 Common Use Cases

Web Application Security Testing

# Comprehensive directory enumeration
gobuster dir -u https://target.com -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x php,html,js,txt,asp,aspx,jsp

# API endpoint discovery
gobuster dir -u https://api.target.com -w /usr/share/wordlists/dirb/common.txt -x json

# Admin panel discovery
gobuster dir -u https://target.com -w admin-panels.txt -s 200,301,302,403

DNS Reconnaissance

# Comprehensive subdomain enumeration
gobuster dns -do target.com -w /usr/share/wordlists/dnsrecon/subdomains-top1mil-5000.txt -t 50

Cloud Storage Assessment

# S3 bucket enumeration with patterns
gobuster s3 -w company-names.txt -v

# GCS bucket enumeration
gobuster gcs -w company-names.txt -v

🔧 Troubleshooting

Common Issues

"Permission Denied" or "Access Denied"

• Try reducing thread count with -t flag
• Add delays between requests with --delay
• Use different user agent with -a flag

"Connection Timeout"

• Increase timeout with --timeout flag
• Reduce thread count for slower targets
• Check your internet connection

"No Results Found"

• Verify the target URL is accessible
• Try different wordlists
• Check status code filtering with -s flag

Performance Issues

Slow Scanning

• Increase thread count with -t flag (but be careful not to overwhelm the target)
• Use smaller, more targeted wordlists

🎯 Best Practices

Security Testing Guidelines

1. Always get proper authorization before testing any target
2. Start with low thread counts to avoid overwhelming servers
3. Use appropriate wordlists for the target technology
4. Respect rate limits and implement delays if needed
5. Monitor your network traffic to avoid detection

Wordlist Selection

• For web applications: Use technology-specific wordlists (PHP, ASP.NET, etc.)
• For APIs: Focus on common API endpoints and versioning patterns
• For DNS: Use subdomain-specific wordlists with common patterns
• For cloud storage: Use company/brand-specific patterns

Output Management

# Save results to file
gobuster dir -u https://example.com -w wordlist.txt -o results.txt

# Use quiet mode for clean output
gobuster dir -u https://example.com -w wordlist.txt -q

📚 Additional Resources

Recommended Wordlists

• SecLists: https://github.com/danielmiessler/SecLists
• FuzzDB: https://github.com/fuzzdb-project/fuzzdb
• Seclists DNS: https://github.com/danielmiessler/SecLists/tree/master/Discovery/DNS

---

Happy hacking! 🚀

Remember: Always test responsibly and with proper authorization.

Changes

<details> <summary>3.8.2</summary>

3.8.2

• Fix expanded mode to show the full url again

</details> <details> <summary>3.8.1</summary>

3.8.1

• Fix expanded mode showing the entries twice

</details> <details> <summary>3.8</summary>

3.8

• Add exclude-hostname-length flag to dynamically adjust exclude-length by @0xyy66
• Fix Fuzzing query parameters
• Add --force flag in dir mode to continue execution if precheck errors occur

</details> <details> <summary>3.7</summary>

3.7

• use new cli library
• a lot more short options due to the new cli library
• more user friendly error messages
• clean up DNS mode
• renamed show-cname to check-cname in dns mode
• got rid of verbose flag and introduced debug instead
• the version command now also shows some build variables for more info
• switched to another pkcs12 library to supp