Gobuster β
TIP
Gobuster is a tool used to brute-force URIs (directories and files) in web sites and DNS subdomains.
π Official Resources β
π Common Commands β
| Task | Command |
|---|---|
| Directory brute-forcing | gobuster dir -u https://target.com -w wordlist.txt |
| DNS subdomain brute-forcing | gobuster dns -d target.com -w wordlist.txt |
| VHost brute-forcing | gobuster vhost -u https://target.com -w wordlist.txt |
π·οΈ Useful Flags β
| Flag | Description |
|---|---|
-u | Target URL/domain |
-w | Wordlist file |
-t | Number of concurrent threads |
-x | File extension(s) to search for (e.g., -x php,txt) |
-o | Output file |
-s | Status codes to include (e.g., -s 200,204,301,302,307,403,500) |
-r | Follow redirects |
WARNING
Always have permission before brute-forcing with Gobuster. Unauthorized testing is illegal and unethical.
π Resources β
π HTB CTF Go-To Command β
A common Gobuster command for directory brute-forcing in HTB CTFs:
bash
gobuster dir -u http://10.10.10.10/ -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -t 40 -x php,txt,html -o gobuster_results.txt-u: Target URL (replace with the actual target IP)-w: Wordlist path-t 40: Use 40 threads for speed-x: File extensions to check-o: Output results to a file