gobuster Cheatsheet

Type: Multi-purpose brute-forcing tool — directories, files, DNS subdomains, virtual hosts, S3 buckets

Installation

sudo apt install gobuster
# or
go install github.com/OJ/gobuster/v3@latest

Modes

Mode	Description
`dir`	Directory and file brute forcing
`dns`	DNS subdomain brute forcing
`vhost`	Virtual host discovery
`fuzz`	Fuzzing (replace FUZZ keyword anywhere in URL)
`s3`	AWS S3 bucket enumeration
`gcs`	Google Cloud Storage bucket enumeration

Global Flags

Flag	Description
`-w <wordlist>`	Wordlist path
`-t <n>`	Threads (default: 10)
`-o <file>`	Output to file
`-q`	Quiet — only print results
`-v`	Verbose
`--no-error`	Suppress errors
`-z`	No progress bar
`--delay <ms>`	Delay between requests

dir — Directory & File Brute Force

# Basic scan
gobuster dir -u http://<ip> -w wordlist.txt

# Common flags
gobuster dir -u http://<ip> -w wordlist.txt \
  -t 50 \                          # 50 threads
  -x php,html,txt,bak \            # File extensions
  -s 200,204,301,302,307 \         # Status codes to show
  -b 404,403 \                     # Status codes to exclude
  --timeout 10s \                  # Request timeout
  -k \                             # Skip TLS verification
  -c "PHPSESSID=abc123" \          # Cookie
  -H "Authorization: Bearer tok" \ # Custom header
  -U <user> -P <pass> \            # HTTP Basic auth
  -r \                             # Follow redirects
  -e \                             # Print full URL
  -o results.txt

# HTTPS target
gobuster dir -u https://<ip> -w wordlist.txt -k

# Custom User-Agent
gobuster dir -u http://<ip> -w wordlist.txt \
  -a "Mozilla/5.0"

dir Flags

Flag	Description
`-u <url>`	Target URL
`-x <ext>`	File extensions (comma-separated)
`-s <codes>`	Allowed status codes
`-b <codes>`	Blacklisted status codes
`-r`	Follow redirects
`-k`	Skip TLS certificate verification
`-c <cookie>`	Cookie string
`-H <header>`	Extra header (repeatable)
`-U / -P`	HTTP Basic auth username/password
`-e`	Print full URL in output
`-l`	Print response length
`--timeout <dur>`	Request timeout
`--wildcard`	Force continue if wildcard found
`--exclude-length <n>`	Exclude responses of this length

dns — Subdomain Brute Force

# Basic DNS brute force
gobuster dns -d <domain> -w wordlist.txt

# With specific resolver
gobuster dns -d example.com -w wordlist.txt -r 8.8.8.8

# Show IP addresses
gobuster dns -d example.com -w wordlist.txt -i

# Wildcard override
gobuster dns -d example.com -w wordlist.txt --wildcard

dns Flags

Flag	Description
`-d <domain>`	Target domain
`-r <resolver>`	Custom DNS resolver
`-i`	Show IP addresses of found subdomains
`--wildcard`	Force scan even if wildcard DNS detected

vhost — Virtual Host Discovery

# Basic vhost scan
gobuster vhost -u http://<ip> -w wordlist.txt

# Append domain to wordlist entries
gobuster vhost -u http://<ip> -w wordlist.txt \
  --append-domain \
  --domain example.com

# Filter out specific response length (removes default/fallback page)
gobuster vhost -u http://<ip> -w wordlist.txt \
  --append-domain \
  --exclude-length 290

# HTTPS
gobuster vhost -u https://<ip> -w wordlist.txt -k --append-domain

vhost Flags

Flag	Description
`-u <url>`	Target URL
`--append-domain`	Append base domain to each word
`--domain <domain>`	Base domain to append
`--exclude-length <n>`	Exclude responses of this content length

fuzz — Generic Fuzzing

# Fuzz a parameter value
gobuster fuzz -u "http://<ip>/page.php?id=FUZZ" -w wordlist.txt

# Fuzz with status filter
gobuster fuzz -u "http://<ip>/FUZZ.php" -w wordlist.txt -b 404

Recommended Wordlists

# Directories
/usr/share/seclists/Discovery/Web-Content/directory-list-2.3-medium.txt
/usr/share/seclists/Discovery/Web-Content/common.txt
/usr/share/seclists/Discovery/Web-Content/raft-medium-directories.txt

# Files (with extensions)
/usr/share/seclists/Discovery/Web-Content/raft-medium-files.txt

# Virtual hosts / subdomains
/usr/share/seclists/Discovery/DNS/subdomains-top1million-5000.txt
/usr/share/seclists/Discovery/DNS/bitquark-subdomains-top100000.txt

Example Full Runs

# Directory + file scan
gobuster dir \
  -u http://example.com \
  -w /usr/share/seclists/Discovery/Web-Content/directory-list-2.3-medium.txt \
  -x php,html,txt,bak,zip \
  -t 50 -e -l \
  -o gobuster_dir.txt

# Virtual host discovery
gobuster vhost \
  -u http://example.com \
  -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-5000.txt \
  --append-domain \
  --exclude-length 290 \
  -t 50 \
  -o gobuster_vhost.txt

gobuster Cheatsheet#

Installation#

Modes#

Global Flags#

dir — Directory & File Brute Force#

dir Flags#

dns — Subdomain Brute Force#

dns Flags#

vhost — Virtual Host Discovery#

vhost Flags#

fuzz — Generic Fuzzing#

Recommended Wordlists#

Example Full Runs#

gobuster Cheatsheet

Installation

Modes

Global Flags

dir — Directory & File Brute Force

dir Flags

dns — Subdomain Brute Force

dns Flags

vhost — Virtual Host Discovery

vhost Flags

fuzz — Generic Fuzzing

Recommended Wordlists

Example Full Runs