CyberCheatsheets

Gobuster Cheat Sheet

Fast directory, DNS, vhost, and S3 bucket brute-forcer written in Go.

Scanning & Enumerationdirectory-bruteforcednsvhostwebUpdated 2026-06-02

Overview

Gobuster discovers hidden web paths, subdomains (DNS mode), virtual hosts, and cloud buckets using wordlists. It is a staple for content discovery after identifying live HTTP services.

Authorized testing only. Directory brute force can stress web servers and fill logs. Use rate limits and approved wordlists on production.

Install

sudo apt install -y gobuster
go install github.com/OJ/gobuster/v3@latest
gobuster version

Essential commands

Directory brute force

gobuster dir -u https://target.example.com -w /usr/share/wordlists/dirb/common.txt

With extensions

gobuster dir -u https://target.example.com -w common.txt -x php,html,txt,bak

DNS subdomain brute force

gobuster dns -d target.example.com -w subdomains.txt

Quick one-liners

Brute-force web directories

gobuster dir -u https://target.example.com -w /usr/share/wordlists/dirb/common.txt

Brute-force with common extensions

gobuster dir -u https://target.example.com -w common.txt -x php,html,txt,bak

Enumerate subdomains via DNS

gobuster dns -d target.example.com -w subdomains.txt

Discover virtual hosts on a web server

gobuster vhost -u https://target.example.com -w vhosts.txt

Hunt for open S3 bucket names

gobuster s3 -w bucket-names.txt -k

Common workflows

Recursive / filtered —

gobuster dir -u https://target.example.com -w /usr/share/seclists/Discovery/Web-Content/raft-medium-directories.txt
-x php,asp,aspx -s 200,204,301,302,307,401,403 -t 50 -o gobuster_dirs.txt

Virtual host discovery —

gobuster vhost -u https://target.example.com -w vhosts.txt --append-domain

Authenticated / headers —

gobuster dir -u https://target.example.com -w common.txt
-H "Cookie: session=TOKEN" -H "Authorization: Bearer TOKEN"

S3 buckets —

gobuster s3 -w bucket-names.txt -k

Flags: gobuster dir

-u http://target/

Target URL

-w wordlist.txt

Path wordlist

-x php,html,txt

Append extensions

-s 200,204,301,302

Show only these status codes

-t 50

Threads

Flags: gobuster dns

-d example.com

Target domain

-w subdomains.txt

Subdomain wordlist

-r 8.8.8.8

Custom resolver

Flags: gobuster vhost

-u http://10.10.10.5

Base URL (IP or catch-all host)

-w vhosts.txt

Host header wordlist

Flags: gobuster s3

-w buckets.txt

Bucket name wordlist

-k

Skip TLS certificate verification

Flags: gobuster (global)

-o results.txt

Output file

-q

Quiet (no banner/progress)

-k

Insecure SSL

-H "Cookie: session=abc"

Custom header

-p http://127.0.0.1:8080

HTTP proxy

Tips

  • Exclude size false positives: -b (blacklist length) or -s status whitelist.
  • ffuf and feroxbuster offer more fuzzing flexibility; gobuster stays simple and fast.
  • Use SecLists wordlists sized to environment (directory-list-2.3-medium.txt vs common.txt).
  • For API routes, combine with .json extensions and custom wordlists from JS analysis.

References

Chuletas relacionadas