Gobuster 🐦

Basic commands

gobuster dir -u http://10.10.70.124/ -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x php,html,txt -t 60
 
gobuster dir -u http://10.10.110.8/ -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -t 60 -x txt,py,sh,php
 
gobuster dir -u http://10.10.110.8/ -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -t 60
 
# 3 letter formats
gobuster dir -u http://10.10.70.124/ -w /usr/share/wordlists/dirb/common.txt -x php,txt,bak,old,tar,zip -t 60

Blocking a status code specifically

If you find something like this:

Add the option --exclude-length LENGTH or -b STATUS_CODE
- Check the meanings of the codes in HTTP status codes complete list 💨

gobuster dir -u http://10.10.110.8/ -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -t 60 --exclude-length 472

Analyze https webs

gobuster dir -u https://brickbybrick.thm -w /usr/share/wordlists/dirb/big.txt -x txt -k
 
gobuster dir -u https://brickbybrick.thm -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -k

Directories

gobuster dir -u http://vulnnet.thm/ -w /usr/share/wordlists/dirbuster/directory-list-lowercase-2.3-medium.txt -t 25 -q -x php,aspx,txt,asp

Subdomains

gobuster vhost -u http://vulnnet.com -w /usr/share/wordlists/SecLists/Discovery/DNS/subdomains-top1million-20000.txt -t 60 -q
 
gobuster vhost -u team.thm -w /usr/share/wordlists/seclists/Discovery/DNS/subdomains-top1million-5000.txt --append-domain

💢c1b3r n0t3s

Explorer

Gobuster 🐦

Basic commands

Blocking a status code specifically

Analyze https webs

Directories

Subdomains

Graph View

Table of Contents

Backlinks