← All Cheatsheets

web-pentest

Gobuster — Directory & DNS Brute Force

Gobuster — fast brute-forcing tool for directories, DNS subdomains, virtual hosts, and S3 buckets.

10 views Apr 2026 lazyhackers

Directory/File Mode (dir) (10)

gobuster dir -u http://target.com -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt

Basic directory brute force

dirs basic

gobuster dir -u http://target.com -w wordlist.txt -x php,html,txt,bak,zip

Brute force with file extensions

dirs extensions

gobuster dir -u http://target.com -w wordlist.txt -s 200,301,302

Only show specific status codes

dirs filter

gobuster dir -u http://target.com -w wordlist.txt -b 404,403

Blacklist (ignore) status codes

dirs filter

gobuster dir -u http://target.com -w wordlist.txt -t 50 -q

50 threads, quiet mode

speed

gobuster dir -u http://target.com -w wordlist.txt -k

Skip TLS/SSL certificate verification

ssl https

gobuster dir -u http://target.com -w wordlist.txt -c "session=TOKEN"

Include cookies in requests

auth cookie

gobuster dir -u http://target.com -w wordlist.txt -H "Authorization: Bearer TOKEN"

Custom header (Bearer token)

auth header

gobuster dir -u http://target.com -w wordlist.txt -o results.txt

Save results to file

output

gobuster dir -u http://target.com -w wordlist.txt -p http://127.0.0.1:8080

Proxy through Burp Suite

proxy burp

DNS Subdomain Mode (dns) (4)

gobuster dns -d target.com -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-5000.txt

DNS subdomain enumeration

dns subdomain

gobuster dns -d target.com -w subdomains.txt -t 50 -o dns_results.txt

Fast DNS enum with output

dns subdomain speed

gobuster dns -d target.com -w subdomains.txt --show-cname

Show CNAME records (useful for takeover)

dns cname takeover

gobuster dns -d target.com -w subdomains.txt -r 8.8.8.8

Use custom DNS resolver

dns

VHost Mode (vhost) (3)

gobuster vhost -u http://target.com -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-5000.txt

Virtual host brute force

vhost

gobuster vhost -u http://target.com -w subdomains.txt --append-domain

Append domain to wordlist entries

vhost

gobuster vhost -u http://target.com -w subdomains.txt --exclude-length 1234

Exclude responses of specific length

vhost filter

S3 & Fuzzing Mode (2)

gobuster s3 -w bucket-names.txt

Brute force S3 bucket names

s3 cloud aws

gobuster fuzz -u "http://target.com/FUZZ" -w wordlist.txt

Generic fuzzing mode

fuzz