OJ/gobusterPublic

NotificationsYou must be signed in to change notification settings
Fork1.5k
Star12.8k

Directory/File, DNS and VHost busting tool written in Go

License

Apache-2.0 license

12.8k stars 1.5k forks Branches Tags Activity

Star

Notifications

You must be signed in to change notification settings

Branches Tags

Folders and files

Name		Name	Last commit message	Last commit date
Latest commit History 601 Commits
.devcontainer		.devcontainer
.github		.github
cli		cli
gobusterdir		gobusterdir
gobusterdns		gobusterdns
gobusterfuzz		gobusterfuzz
gobustergcs		gobustergcs
gobusters3		gobusters3
gobustertftp		gobustertftp
gobustervhost		gobustervhost
libgobuster		libgobuster
vhs		vhs
.dockerignore		.dockerignore
.gitattributes		.gitattributes
.gitignore		.gitignore
.golangci.yml		.golangci.yml
.goreleaser.yaml		.goreleaser.yaml
.yamllint.yml		.yamllint.yml
Dockerfile		Dockerfile
LICENSE		LICENSE
README.md		README.md
Taskfile.yml		Taskfile.yml
go.mod		go.mod
go.sum		go.sum
main.go		main.go

Repository files navigation

Gobuster

💻 Introduction

A fast and flexible brute-forcing tool written in Go

Gobuster is a high-performance directory/file, DNS and virtual host brute-forcing tool written in Go. It's designed to be fast, reliable, and easy to use for security professionals and penetration testers.

✨ Features

🚀High Performance: Multi-threaded scanning with configurable concurrency
🔍Multiple Modes: Directory, DNS, virtual host, S3, GCS, TFTP, and fuzzing modes
🛡️Security Focused: Built for penetration testing and security assessments
🐳Docker Support: Available as a Docker container
🔧Extensible: Pattern-based scanning and custom wordlists

🎯 What Can Gobuster Do?

Web Directory/File Enumeration: Discover hidden directories and files on web servers
DNS Subdomain Discovery: Find subdomains with wildcard support
Virtual Host Detection: Identify virtual hosts on target web servers
Cloud Storage Enumeration: Discover open Amazon S3 and Google Cloud Storage buckets
TFTP File Discovery: Find files on TFTP servers
Custom Fuzzing: Flexible fuzzing with customizable parameters

🚀 Quick Start

# Install gobustergo install github.com/OJ/gobuster/v3@latest# Basic directory enumerationgobuster dir -u https://example.com -w /path/to/wordlist.txt# DNS subdomain enumerationgobuster dns -do example.com -w /path/to/wordlist.txt# Virtual host discoverygobuster vhost -u https://example.com -w /path/to/wordlist.txt# S3 bucket enumerationgobuster s3 -w /path/to/bucket-names.txt

📦 Installation

Quick Install (Recommended)

go install github.com/OJ/gobuster/v3@latest

Requirements: Go 1.24 or higher

Alternative Installation Methods

Using Binary Releases

Download pre-compiled binaries from thereleases page.

Using Docker

# Pull the latest imagedocker pull ghcr.io/oj/gobuster:latest# Run gobuster in Dockerdocker run --rm -it ghcr.io/oj/gobuster:latest dir -u https://example.com -w /usr/share/wordlists/dirb/common.txt

Building from Source

git clone https://github.com/OJ/gobuster.gitcd gobustergo mod tidygo build

Troubleshooting Installation

If you encounter issues:

Ensure Go version 1.24+ is installed:go version
Check your$GOPATH and$GOBIN environment variables
Verify$GOPATH/bin is in your$PATH

🎯 Usage

Gobuster uses a mode-based approach. Each mode is designed for specific enumeration tasks:

gobuster [mode] [options]

Getting Help

gobusterhelp# Show general helpgobusterhelp [mode]# Show help for specific modegobuster [mode] --help# Alternative help syntax

📊 Available Modes

🌐 Directory Mode (`dir`)

Enumerate directories and files on web servers.

Basic Usage:

gobuster dir -u https://example.com -w wordlist.txt

Advanced Options:

# With file extensionsgobuster dir -u https://example.com -w wordlist.txt -x php,html,js,txt# With custom headers and cookiesgobuster dir -u https://example.com -w wordlist.txt -H"Authorization: Bearer token" -c"session=value"# Show response lengthgobuster dir -u https://example.com -w wordlist.txt -l# Filter by status codesgobuster dir -u https://example.com -w wordlist.txt -s 200,301,302

🔍 DNS Mode (`dns`)

Discover subdomains through DNS resolution.

Basic Usage:

gobuster dns -do example.com -w wordlist.txt

Advanced Options:

# Use custom DNS servergobuster dns -do example.com -w wordlist.txt -r 8.8.8.8:53# Increase threads for faster scanninggobuster dns -do example.com -w wordlist.txt -t 50

🏠 Virtual Host Mode (`vhost`)

Discover virtual hosts on web servers.

Basic Usage:

gobuster vhost -u https://example.com --append-domain -w wordlist.txt

☁️ S3 Mode (`s3`)

Enumerate Amazon S3 buckets.

Basic Usage:

gobuster s3 -w bucket-names.txt

With Debug Output:

gobuster s3 -w bucket-names.txt --debug

🖥️ TFTP Mode (`tftp`)

Enumerate files on tftp servers.

Basic Usage:

gobuster tftp -s 10.0.0.1 -w wordlist.txt

☁️ GCS Mode (`gcs`)

Enumerate Google Cloud Storage Buckets.

Basic Usage:

gobuster gcs -w bucket-names.txt

With Debug Output:

gobuster gcs -w bucket-names.txt --debug

🔧 Fuzz Mode (`fuzz`)

Custom fuzzing with theFUZZ keyword.

Basic Usage:

gobuster fuzz -u https://example.com?FUZZ=test -w wordlist.txt

Advanced Examples:

# Fuzz URL parametersgobuster fuzz -u https://example.com?param=FUZZ -w wordlist.txt# Fuzz headersgobuster fuzz -u https://example.com -H"X-Custom-Header: FUZZ" -w wordlist.txt# Fuzz POST datagobuster fuzz -u https://example.com -d"username=admin&password=FUZZ" -w passwords.txt

💰 Support

Love this tool? Back it!

If you're backing us already, you rock. If you're not, that's cool too! Want to back us?Become a backer!

All funds that are donated to this project will be donated to charity. A full log of charity donations will be available in this repository as they are processed.

💡 Common Use Cases

Web Application Security Testing

# Comprehensive directory enumerationgobuster dir -u https://target.com -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x php,html,js,txt,asp,aspx,jsp# API endpoint discoverygobuster dir -u https://api.target.com -w /usr/share/wordlists/dirb/common.txt -x json# Admin panel discoverygobuster dir -u https://target.com -w admin-panels.txt -s 200,301,302,403

DNS Reconnaissance

# Comprehensive subdomain enumerationgobuster dns -do target.com -w /usr/share/wordlists/dnsrecon/subdomains-top1mil-5000.txt -t 50

Cloud Storage Assessment

# S3 bucket enumeration with patternsgobuster s3 -w company-names.txt -v# GCS bucket enumerationgobuster gcs -w company-names.txt -v

🔧 Troubleshooting

Common Issues

"Permission Denied" or "Access Denied"

Try reducing thread count with-t flag
Add delays between requests with--delay
Use different user agent with-a flag

"Connection Timeout"

Increase timeout with--timeout flag
Reduce thread count for slower targets
Check your internet connection

"No Results Found"

Verify the target URL is accessible
Try different wordlists
Check status code filtering with-s flag

Performance Issues

Slow Scanning

Increase thread count with-t flag (but be careful not to overwhelm the target)
Use smaller, more targeted wordlists

🎯 Best Practices

Security Testing Guidelines

Always get proper authorization before testing any target
Start with low thread counts to avoid overwhelming servers
Use appropriate wordlists for the target technology
Respect rate limits and implement delays if needed
Monitor your network traffic to avoid detection

Wordlist Selection

For web applications: Use technology-specific wordlists (PHP, ASP.NET, etc.)
For APIs: Focus on common API endpoints and versioning patterns
For DNS: Use subdomain-specific wordlists with common patterns
For cloud storage: Use company/brand-specific patterns

Output Management

# Save results to filegobuster dir -u https://example.com -w wordlist.txt -o results.txt# Use quiet mode for clean outputgobuster dir -u https://example.com -w wordlist.txt -q

📚 Additional Resources

Recommended Wordlists

SecLists:https://github.com/danielmiessler/SecLists
FuzzDB:https://github.com/fuzzdb-project/fuzzdb
Seclists DNS:https://github.com/danielmiessler/SecLists/tree/master/Discovery/DNS

Happy hacking! 🚀

Remember: Always test responsibly and with proper authorization.

Changes

3.8.2

Fix expanded mode to show the full url again

3.8.1

Fix expanded mode showing the entries twice

3.8

Add exclude-hostname-length flag to dynamically adjust exclude-length by @0xyy66
Fix Fuzzing query parameters
Add--force flag indir mode to continue execution if precheck errors occur

3.7

use new cli library
a lot more short options due to the new cli library
more user friendly error messages
clean up DNS mode
renamedshow-cname tocheck-cname in dns mode
got rid ofverbose flag and introduceddebug instead
the version command now also shows some build variables for more info
switched to another pkcs12 library to support p12s generated with openssl3 that use SHA256 HMAC
comments in wordlists (strings starting with #) are no longer ignored
warn in vhost mode if the --append-domain switch might have been forgotten
allow to exclude status code and length in vhost mode
added automaxprocs for use in docker with cpu limits
log http requests with debug enabled
allow fuzzing of Host header in fuzz mode
automatically disable progress output when output is redirected
fix extra special characters when run with--no-progress
warn when using vhost mode with a proxy and http based urls as this might not work as expected
addinterface andlocal-ip parameters to specify the outgoing interface for http requests
add support for tls renegotiation
fix progress with patterns by @acammack
fix backup discovery by @acammack
support tcp protocol on dns servers
add support for URL query parameters

3.6

Wordlist offset parameter to skip x lines from the wordlist
prevent double slashes when building up an url in dir mode
allow for multiple values and ranges on--exclude-length
no-fqdn parameter on dns bruteforce to disable the use of the systems search domains. This should speed up the run if you have configured some search domains.#418

3.5

Allow Ranges in status code and status code blacklist. Example: 200,300-305,404

3.4

Enable TLS1.0 and TLS1.1 support
Add TFTP mode to search for files on tftp servers

3.3

Support TLS client certificates / mtls
support loading extensions from file
support fuzzing POST body, HTTP headers and basic auth
new option to not canonicalize header names

3.2

Use go 1.19
use contexts in the correct way
get rid of the wildcard flag (except in DNS mode)
color output
retry on timeout
google cloud bucket enumeration
fix nil reference errors

3.1

enumerate public AWS S3 buckets
fuzzing mode
specify HTTP method
added support for patterns. You can now specify a file containing patterns that are applied to every word, one by line. Every occurrence of the term{GOBUSTER} in it will be replaced with the current wordlist item. Please use with caution as this can cause increase the number of requests issued a lot.
The shorthandp flag which was assigned to proxy is now used by the pattern flag

3.0