gobuster
Brute-forces hidden paths on web servers and more.
TLDR
Discover directories and files that match in the wordlist
$ gobuster dir --url [https://example.com/] --wordlist [path/to/file]
Discover subdomains
$ gobuster dns --domain [example.com] --wordlist [path/to/file]
Discover Amazon S3 buckets
$ gobuster s3 --wordlist [path/to/file]
Discover other virtual hosts on the server
$ gobuster vhost --url [https://example.com/] --wordlist [path/to/file]
Fuzz the value of a parameter
$ gobuster fuzz --url [https://example.com/?parameter=FUZZ] --wordlist [path/to/file]
Fuzz the name of a parameter
$ gobuster fuzz --url [https://example.com/?FUZZ=value] --wordlist [path/to/file]