ToolsFebruary 9, 20261 min readby 0xt0pus

Gobuster

Directory and DNS brute-forcing tool for discovering hidden paths and subdomains

#web#directory-bruteforce#enumeration

Gobuster

Description

Gobuster is a directory and file brute forcing tool. It is used to discover hidden directories and files on web servers during web application testing.

Usage 1: Directory Brute Force

Enumerate directories on a web server.

Command:

gobuster dir -u http://{{IP}} -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt

Usage 2: Directory Brute Force with Extensions

Must add extensions with gobuster for finding files.

Command:

gobuster dir -u http://{{IP}} -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x php,html,txt