README
ΒΆ
Gobuster
π» Introduction
A fast and flexible brute-forcing tool written in Go
Gobuster is a high-performance directory/file, DNS and virtual host brute-forcing tool written in Go. It's designed to be fast, reliable, and easy to use for security professionals and penetration testers.
β¨ Features
- π High Performance: Multi-threaded scanning with configurable concurrency
- π Multiple Modes: Directory, DNS, virtual host, S3, GCS, TFTP, and fuzzing modes
- π‘οΈ Security Focused: Built for penetration testing and security assessments
- π³ Docker Support: Available as a Docker container
- π§ Extensible: Pattern-based scanning and custom wordlists
π― What Can Gobuster Do?
- Web Directory/File Enumeration: Discover hidden directories and files on web servers
- DNS Subdomain Discovery: Find subdomains with wildcard support
- Virtual Host Detection: Identify virtual hosts on target web servers
- Cloud Storage Enumeration: Discover open Amazon S3 and Google Cloud Storage buckets
- TFTP File Discovery: Find files on TFTP servers
- Custom Fuzzing: Flexible fuzzing with customizable parameters
π Quick Start
# Install gobuster
go install github.com/OJ/gobuster/v3@latest
# Basic directory enumeration
gobuster dir -u https://example.com -w /path/to/wordlist.txt
# DNS subdomain enumeration
gobuster dns -do example.com -w /path/to/wordlist.txt
# Virtual host discovery
gobuster vhost -u https://example.com -w /path/to/wordlist.txt
# S3 bucket enumeration
gobuster s3 -w /path/to/bucket-names.txt
π¦ Installation
Quick Install (Recommended)
go install github.com/OJ/gobuster/v3@latest
Requirements: Go 1.24 or higher
Alternative Installation Methods
Using Binary Releases
Download pre-compiled binaries from the releases page.
Using Docker
# Pull the latest image
docker pull ghcr.io/oj/gobuster:latest
# Run gobuster in Docker
docker run --rm -it ghcr.io/oj/gobuster:latest dir -u https://example.com -w /usr/share/wordlists/dirb/common.txt
Building from Source
git clone https://github.com/OJ/gobuster.git
cd gobuster
go mod tidy
go build
Troubleshooting Installation
If you encounter issues:
- Ensure Go version 1.24+ is installed:
go version - Check your
$GOPATHand$GOBINenvironment variables - Verify
$GOPATH/binis in your$PATH
π― Usage
Gobuster uses a mode-based approach. Each mode is designed for specific enumeration tasks:
gobuster [mode] [options]
Getting Help
gobuster help # Show general help
gobuster help [mode] # Show help for specific mode
gobuster [mode] --help # Alternative help syntax
π Available Modes
π Directory Mode (dir)
Enumerate directories and files on web servers.
Basic Usage:
gobuster dir -u https://example.com -w wordlist.txt
Advanced Options:
# With file extensions
gobuster dir -u https://example.com -w wordlist.txt -x php,html,js,txt
# With custom headers and cookies
gobuster dir -u https://example.com -w wordlist.txt -H "Authorization: Bearer token" -c "session=value"
# Show response length
gobuster dir -u https://example.com -w wordlist.txt -l
# Filter by status codes
gobuster dir -u https://example.com -w wordlist.txt -s 200,301,302
π DNS Mode (dns)
Discover subdomains through DNS resolution.
Basic Usage:
gobuster dns -do example.com -w wordlist.txt
Advanced Options:
# Use custom DNS server
gobuster dns -do example.com -w wordlist.txt -r 8.8.8.8:53
# Increase threads for faster scanning
gobuster dns -do example.com -w wordlist.txt -t 50
π Virtual Host Mode (vhost)
Discover virtual hosts on web servers.
Basic Usage:
gobuster vhost -u https://example.com --append-domain -w wordlist.txt
βοΈ S3 Mode (s3)
Enumerate Amazon S3 buckets.
Basic Usage:
gobuster s3 -w bucket-names.txt
With Debug Output:
gobuster s3 -w bucket-names.txt --debug
π₯οΈ TFTP Mode (tftp)
Enumerate files on tftp servers.
Basic Usage:
gobuster tftp -s 10.0.0.1 -w wordlist.txt
βοΈ GCS Mode (gcs)
Enumerate Google Cloud Storage Buckets.
Basic Usage:
gobuster gcs -w bucket-names.txt
With Debug Output:
gobuster gcs -w bucket-names.txt --debug
π§ Fuzz Mode (fuzz)
Custom fuzzing with the FUZZ keyword.
Basic Usage:
gobuster fuzz -u https://example.com?FUZZ=test -w wordlist.txt
Advanced Examples:
# Fuzz URL parameters
gobuster fuzz -u https://example.com?param=FUZZ -w wordlist.txt
# Fuzz headers
gobuster fuzz -u https://example.com -H "X-Custom-Header: FUZZ" -w wordlist.txt
# Fuzz POST data
gobuster fuzz -u https://example.com -d "username=admin&password=FUZZ" -w passwords.txt
π° Support
Love this tool? Back it!
If you're backing us already, you rock. If you're not, that's cool too! Want to back us? Become a backer!
All funds that are donated to this project will be donated to charity. A full log of charity donations will be available in this repository as they are processed.
π‘ Common Use Cases
Web Application Security Testing
# Comprehensive directory enumeration
gobuster dir -u https://target.com -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x php,html,js,txt,asp,aspx,jsp
# API endpoint discovery
gobuster dir -u https://api.target.com -w /usr/share/wordlists/dirb/common.txt -x json
# Admin panel discovery
gobuster dir -u https://target.com -w admin-panels.txt -s 200,301,302,403
DNS Reconnaissance
# Comprehensive subdomain enumeration
gobuster dns -do target.com -w /usr/share/wordlists/dnsrecon/subdomains-top1mil-5000.txt -t 50
Cloud Storage Assessment
# S3 bucket enumeration with patterns
gobuster s3 -w company-names.txt -v
# GCS bucket enumeration
gobuster gcs -w company-names.txt -v
π§ Troubleshooting
Common Issues
"Permission Denied" or "Access Denied"
- Try reducing thread count with
-tflag - Add delays between requests with
--delay - Use different user agent with
-aflag
"Connection Timeout"
- Increase timeout with
--timeoutflag - Reduce thread count for slower targets
- Check your internet connection
"No Results Found"
- Verify the target URL is accessible
- Try different wordlists
- Check status code filtering with
-sflag
Performance Issues
Slow Scanning
- Increase thread count with
-tflag (but be careful not to overwhelm the target) - Use smaller, more targeted wordlists
π― Best Practices
Security Testing Guidelines
- Always get proper authorization before testing any target
- Start with low thread counts to avoid overwhelming servers
- Use appropriate wordlists for the target technology
- Respect rate limits and implement delays if needed
- Monitor your network traffic to avoid detection
Wordlist Selection
- For web applications: Use technology-specific wordlists (PHP, ASP.NET, etc.)
- For APIs: Focus on common API endpoints and versioning patterns
- For DNS: Use subdomain-specific wordlists with common patterns
- For cloud storage: Use company/brand-specific patterns
Output Management
# Save results to file
gobuster dir -u https://example.com -w wordlist.txt -o results.txt
# Use quiet mode for clean output
gobuster dir -u https://example.com -w wordlist.txt -q
π Additional Resources
Recommended Wordlists
- SecLists: https://github.com/danielmiessler/SecLists
- FuzzDB: https://github.com/fuzzdb-project/fuzzdb
- Seclists DNS: https://github.com/danielmiessler/SecLists/tree/master/Discovery/DNS
Happy hacking! π
Remember: Always test responsibly and with proper authorization.
Changes
3.8.2
3.8.2
- Fix expanded mode to show the full url again
3.8.1
3.8.1
- Fix expanded mode showing the entries twice
3.8
3.8
- Add exclude-hostname-length flag to dynamically adjust exclude-length by @0xyy66
- Fix Fuzzing query parameters
- Add
--forceflag indirmode to continue execution if precheck errors occur
3.7
3.7
- use new cli library
- a lot more short options due to the new cli library
- more user friendly error messages
- clean up DNS mode
- renamed
show-cnametocheck-cnamein dns mode - got rid of
verboseflag and introduceddebuginstead - the version command now also shows some build variables for more info
- switched to another pkcs12 library to support p12s generated with openssl3 that use SHA256 HMAC
- comments in wordlists (strings starting with #) are no longer ignored
- warn in vhost mode if the --append-domain switch might have been forgotten
- allow to exclude status code and length in vhost mode
- added automaxprocs for use in docker with cpu limits
- log http requests with debug enabled
- allow fuzzing of Host header in fuzz mode
- automatically disable progress output when output is redirected
- fix extra special characters when run with
--no-progress - warn when using vhost mode with a proxy and http based urls as this might not work as expected
- add
interfaceandlocal-ipparameters to specify the outgoing interface for http requests - add support for tls renegotiation
- fix progress with patterns by @acammack
- fix backup discovery by @acammack
- support tcp protocol on dns servers
- add support for URL query parameters
3.6
3.6
- Wordlist offset parameter to skip x lines from the wordlist
- prevent double slashes when building up an url in dir mode
- allow for multiple values and ranges on
--exclude-length no-fqdnparameter on dns bruteforce to disable the use of the systems search domains. This should speed up the run if you have configured some search domains. https://github.com/OJ/gobuster/pull/418
3.5
3.5
- Allow Ranges in status code and status code blacklist. Example: 200,300-305,404
3.4
3.4
- Enable TLS1.0 and TLS1.1 support
- Add TFTP mode to search for files on tftp servers
3.3
3.3
- Support TLS client certificates / mtls
- support loading extensions from file
- support fuzzing POST body, HTTP headers and basic auth
- new option to not canonicalize header names
3.2
3.2
- Use go 1.19
- use contexts in the correct way
- get rid of the wildcard flag (except in DNS mode)
- color output
- retry on timeout
- google cloud bucket enumeration
- fix nil reference errors
3.1
3.1
- enumerate public AWS S3 buckets
- fuzzing mode
- specify HTTP method
- added support for patterns. You can now specify a file containing patterns that are applied to every word, one by line. Every occurrence of the term
{GOBUSTER}in it will be replaced with the current wordlist item. Please use with caution as this can cause increase the number of requests issued a lot. - The shorthand
pflag which was assigned to proxy is now used by the pattern flag
3.0
3.0
- New CLI options so modes are strictly separated (
-mis now gone!) - Performance Optimizations and better connection handling
- Ability to enumerate vhost names
- Option to supply custom HTTP headers
Documentation
ΒΆ
There is no documentation for this package.
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.