.devcontainer | ||
.github | ||
cli | ||
gobusterdir | ||
gobusterdns | ||
gobusterfuzz | ||
gobustergcs | ||
gobusters3 | ||
gobustertftp | ||
gobustervhost | ||
libgobuster | ||
.dockerignore | ||
.gitattributes | ||
.gitignore | ||
.golangci.yml | ||
.goreleaser.yaml | ||
.yamllint.yml | ||
Dockerfile | ||
go.mod | ||
go.sum | ||
LICENSE | ||
main.go | ||
README.md | ||
Taskfile.yml |
Gobuster
💻 Introduction
A fast and flexible brute-forcing tool written in Go
Gobuster is a high-performance directory/file, DNS and virtual host brute-forcing tool written in Go. It's designed to be fast, reliable, and easy to use for security professionals and penetration testers.
✨ Features
- 🚀 High Performance: Multi-threaded scanning with configurable concurrency
- 🔍 Multiple Modes: Directory, DNS, virtual host, S3, GCS, TFTP, and fuzzing modes
- 🛡️ Security Focused: Built for penetration testing and security assessments
- 🐳 Docker Support: Available as a Docker container
- 🔧 Extensible: Pattern-based scanning and custom wordlists
🎯 What Can Gobuster Do?
- Web Directory/File Enumeration: Discover hidden directories and files on web servers
- DNS Subdomain Discovery: Find subdomains with wildcard support
- Virtual Host Detection: Identify virtual hosts on target web servers
- Cloud Storage Enumeration: Discover open Amazon S3 and Google Cloud Storage buckets
- TFTP File Discovery: Find files on TFTP servers
- Custom Fuzzing: Flexible fuzzing with customizable parameters
🚀 Quick Start
# Install gobuster
go install github.com/OJ/gobuster/v3@latest
# Basic directory enumeration
gobuster dir -u https://example.com -w /path/to/wordlist.txt
# DNS subdomain enumeration
gobuster dns -d example.com -w /path/to/wordlist.txt
# Virtual host discovery
gobuster vhost -u https://example.com -w /path/to/wordlist.txt
# S3 bucket enumeration
gobuster s3 -w /path/to/bucket-names.txt
📦 Installation
Quick Install (Recommended)
go install github.com/OJ/gobuster/v3@latest
Requirements: Go 1.24 or higher
Alternative Installation Methods
Using Binary Releases
Download pre-compiled binaries from the releases page.
Using Docker
# Pull the latest image
docker pull ghcr.io/oj/gobuster:latest
# Run gobuster in Docker
docker run --rm -it ghcr.io/oj/gobuster:latest dir -u https://example.com -w /usr/share/wordlists/dirb/common.txt
Building from Source
git clone https://github.com/OJ/gobuster.git
cd gobuster
go mod tidy
go build
Troubleshooting Installation
If you encounter issues:
- Ensure Go version 1.24+ is installed:
go version
- Check your
$GOPATH
and$GOBIN
environment variables - Verify
$GOPATH/bin
is in your$PATH
🎯 Usage
Gobuster uses a mode-based approach. Each mode is designed for specific enumeration tasks:
gobuster [mode] [options]
Getting Help
gobuster help # Show general help
gobuster help [mode] # Show help for specific mode
gobuster [mode] --help # Alternative help syntax
📊 Available Modes
🌐 Directory Mode (dir
)
Enumerate directories and files on web servers.
Basic Usage:
gobuster dir -u https://example.com -w wordlist.txt
Advanced Options:
# With file extensions
gobuster dir -u https://example.com -w wordlist.txt -x php,html,js,txt
# With custom headers and cookies
gobuster dir -u https://example.com -w wordlist.txt -H "Authorization: Bearer token" -c "session=value"
# Show response length
gobuster dir -u https://example.com -w wordlist.txt -l
# Filter by status codes
gobuster dir -u https://example.com -w wordlist.txt -s 200,301,302
🔍 DNS Mode (dns
)
Discover subdomains through DNS resolution.
Basic Usage:
gobuster dns -d example.com -w wordlist.txt
Advanced Options:
# Use custom DNS server
gobuster dns -d example.com -w wordlist.txt -r 8.8.8.8:53
# Increase threads for faster scanning
gobuster dns -d example.com -w wordlist.txt -t 50
🏠 Virtual Host Mode (vhost
)
Discover virtual hosts on web servers.
Basic Usage:
gobuster vhost -u https://example.com --append-domain -w wordlist.txt
☁️ S3 Mode (s3
)
Enumerate Amazon S3 buckets.
Basic Usage:
gobuster s3 -w bucket-names.txt
With Debug Output:
gobuster s3 -w bucket-names.txt --debug
🖥️ TFTP Mode (tftp
)
Enumerate files on tftp servers.
Basic Usage:
gobuster tftp -s 10.0.0.1 -w wordlist.txt
☁️ GCS Mode (gcs
)
Enumerate Google Cloud Storage Buckets.
Basic Usage:
gobuster gcs -w bucket-names.txt
With Debug Output:
gobuster gcs -w bucket-names.txt --debug
🔧 Fuzz Mode (fuzz
)
Custom fuzzing with the FUZZ
keyword.
Basic Usage:
gobuster fuzz -u https://example.com?FUZZ=test -w wordlist.txt
Advanced Examples:
# Fuzz URL parameters
gobuster fuzz -u https://example.com?param=FUZZ -w wordlist.txt
# Fuzz headers
gobuster fuzz -u https://example.com -H "X-Custom-Header: FUZZ" -w wordlist.txt
# Fuzz POST data
gobuster fuzz -u https://example.com -d "username=admin&password=FUZZ" -w passwords.txt
💰 Support
Love this tool? Back it!
If you're backing us already, you rock. If you're not, that's cool too! Want to back us? Become a backer!
All funds that are donated to this project will be donated to charity. A full log of charity donations will be available in this repository as they are processed.
💡 Common Use Cases
Web Application Security Testing
# Comprehensive directory enumeration
gobuster dir -u https://target.com -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x php,html,js,txt,asp,aspx,jsp
# API endpoint discovery
gobuster dir -u https://api.target.com -w /usr/share/wordlists/dirb/common.txt -x json
# Admin panel discovery
gobuster dir -u https://target.com -w admin-panels.txt -s 200,301,302,403
DNS Reconnaissance
# Comprehensive subdomain enumeration
gobuster dns -d target.com -w /usr/share/wordlists/dnsrecon/subdomains-top1mil-5000.txt -t 50
Cloud Storage Assessment
# S3 bucket enumeration with patterns
gobuster s3 -w company-names.txt -v
# GCS bucket enumeration
gobuster gcs -w company-names.txt -v
🔧 Troubleshooting
Common Issues
"Permission Denied" or "Access Denied"
- Try reducing thread count with
-t
flag - Add delays between requests with
--delay
- Use different user agent with
-a
flag
"Connection Timeout"
- Increase timeout with
--timeout
flag - Reduce thread count for slower targets
- Check your internet connection
"No Results Found"
- Verify the target URL is accessible
- Try different wordlists
- Check status code filtering with
-s
flag
Performance Issues
Slow Scanning
- Increase thread count with
-t
flag (but be careful not to overwhelm the target) - Use smaller, more targeted wordlists
🎯 Best Practices
Security Testing Guidelines
- Always get proper authorization before testing any target
- Start with low thread counts to avoid overwhelming servers
- Use appropriate wordlists for the target technology
- Respect rate limits and implement delays if needed
- Monitor your network traffic to avoid detection
Wordlist Selection
- For web applications: Use technology-specific wordlists (PHP, ASP.NET, etc.)
- For APIs: Focus on common API endpoints and versioning patterns
- For DNS: Use subdomain-specific wordlists with common patterns
- For cloud storage: Use company/brand-specific patterns
Output Management
# Save results to file
gobuster dir -u https://example.com -w wordlist.txt -o results.txt
# Use quiet mode for clean output
gobuster dir -u https://example.com -w wordlist.txt -q
📚 Additional Resources
Recommended Wordlists
- SecLists: https://github.com/danielmiessler/SecLists
- FuzzDB: https://github.com/fuzzdb-project/fuzzdb
- Seclists DNS: https://github.com/danielmiessler/SecLists/tree/master/Discovery/DNS
Happy hacking! 🚀
Remember: Always test responsibly and with proper authorization.
Changes
3.7
3.7
- use new cli library
- a lot more short options due to the new cli library
- more user friendly error messages
- clean up DNS mode
- renamed
show-cname
tocheck-cname
in dns mode - got rid of
verbose
flag and introduceddebug
instead - the version command now also shows some build variables for more info
- switched to another pkcs12 library to support p12s generated with openssl3 that use SHA256 HMAC
- comments in wordlists (strings starting with #) are no longer ignored
- warn in vhost mode if the --append-domain switch might have been forgotten
- allow to exclude status code and length in vhost mode
- added automaxprocs for use in docker with cpu limits
- log http requests with debug enabled
- allow fuzzing of Host header in fuzz mode
- automatically disable progress output when output is redirected
- fix extra special characters when run with
--no-progress
- warn when using vhost mode with a proxy and http based urls as this might not work as expected
- add
interface
andlocal-ip
parameters to specify the outgoing interface for http requests - add support for tls renegotiation
- fix progress with patterns by @acammack
- fix backup discovery by @acammack
- support tcp protocol on dns servers
- add support for URL query parameters
3.6
3.6
- Wordlist offset parameter to skip x lines from the wordlist
- prevent double slashes when building up an url in dir mode
- allow for multiple values and ranges on
--exclude-length
no-fqdn
parameter on dns bruteforce to disable the use of the systems search domains. This should speed up the run if you have configured some search domains. https://github.com/OJ/gobuster/pull/418
3.5
3.5
- Allow Ranges in status code and status code blacklist. Example: 200,300-305,404
3.4
3.4
- Enable TLS1.0 and TLS1.1 support
- Add TFTP mode to search for files on tftp servers
3.3
3.3
- Support TLS client certificates / mtls
- support loading extensions from file
- support fuzzing POST body, HTTP headers and basic auth
- new option to not canonicalize header names
3.2
3.2
- Use go 1.19
- use contexts in the correct way
- get rid of the wildcard flag (except in DNS mode)
- color output
- retry on timeout
- google cloud bucket enumeration
- fix nil reference errors
3.1
3.1
- enumerate public AWS S3 buckets
- fuzzing mode
- specify HTTP method
- added support for patterns. You can now specify a file containing patterns that are applied to every word, one by line. Every occurrence of the term
{GOBUSTER}
in it will be replaced with the current wordlist item. Please use with caution as this can cause increase the number of requests issued a lot. - The shorthand
p
flag which was assigned to proxy is now used by the pattern flag
3.0
3.0
- New CLI options so modes are strictly separated (
-m
is now gone!) - Performance Optimizations and better connection handling
- Ability to enumerate vhost names
- Option to supply custom HTTP headers