gobuster

Discover directories and files that match in the wordlist

$ gobuster dir [[-u|--url]] [https://example.com/] [[-w|--wordlist]] [path/to/file]

$ gobuster dns [[-d|--domain]] [example.com] [[-w|--wordlist]] [path/to/file]

$ gobuster s3 [[-w|--wordlist]] [path/to/file]

$ gobuster vhost [[-u|--url]] [https://example.com/] [[-w|--wordlist]] [path/to/file]

$ gobuster fuzz [[-u|--url]] [https://example.com/?parameter=FUZZ] [[-w|--wordlist]] [path/to/file]

$ gobuster fuzz [[-u|--url]] [https://example.com/?FUZZ=value] [[-w|--wordlist]] [path/to/file]

-P string

Password for Basic Auth (dir mode only)

-U string

Username for Basic Auth (dir mode only)

-a string

Set the User-Agent string (dir mode only)

-c string

Cookies to use for the requests (dir mode only)

-cn

Show CNAME records (dns mode only, cannot be used with '-i' option)

-e

Expanded mode, print full URLs

-f

Append a forward-slash to each directory request (dir mode only)

-fw

Force continued operation when wildcard found

-i

Show IP addresses (dns mode only)

-k

Skip SSL certificate verification

-l

Include the length of the body in the output (dir mode only)

-m string

Directory/File mode (dir) or DNS mode (dns) (default "dir")

-n

Don't print status codes

-o string

Output file to write results to (defaults to stdout)

-p string

Proxy to use for requests [http(s)://host:port] (dir mode only)

-q

Don't print the banner and other noise

-r

Follow redirects

-s string

Positive status codes (dir mode only) (default "200,204,301,302,307")

-t int

Number of concurrent threads (default 10)

-u string

The target URL or Domain

-v

Verbose output (errors)

-w string

Path to the wordlist

-x string

File extension(s) to search for (dir mode only)