gobuster
High-performance discovery tool for directories, DNS subdomains, virtual hosts, cloud storage buckets, TFTP servers, and custom fuzzing. Designed for penetration testers to perform security assessments and reconnaissance.
Description
Gobuster is a high-performance tool used to brute-force and discover URIs (directories and files) in web sites, DNS subdomains (with wildcard support), Virtual Host names on target web servers, Open Amazon S3 and Google Cloud Storage (GCS) buckets, Open TFTP servers, and supports custom fuzzing with customizable parameters.
Gobuster is designed for penetration testers, security professionals, and forensics experts to perform security assessments and reconnaissance. It provides multiple enumeration modes including directory/file, DNS, virtual host, fuzzing, TFTP, S3, and GCS bucket enumeration.
The tool is written in Go and offers a command-line interface with specific modes for different discovery tasks.
How It Works
Gobuster operates by brute-forcing targets using wordlists to discover hidden directories/files (dir mode), DNS subdomains (dns mode), virtual hosts (vhost mode), open cloud storage buckets (s3/gcs modes), TFTP servers (tftp mode), and custom fuzzing by replacing FUZZ keywords in URLs, headers, and request bodies (fuzz mode). It supports wildcard resolution in DNS mode and uses high-performance Go implementation for speed.
Installation
sudo apt install gobusterFlags
Examples
gobuster -hgobuster dirgobuster vhostgobuster dnsgobuster fuzzgobuster tftpgobuster s3gobuster gcs