A fast and flexible brute-forcing tool written in Go
Gobuster is a high-performance directory/file, DNS and virtual host brute-forcing tool written in Go. It's designed to be fast, reliable, and easy to use for security professionals and penetration testers.
- 🚀 High Performance: Multi-threaded scanning with configurable concurrency
- 🔍 Multiple Modes: Directory, DNS, virtual host, S3, GCS, TFTP, and fuzzing modes
- 🛡️ Security Focused: Built for penetration testing and security assessments
- 🐳 Docker Support: Available as a Docker container
- 🔧 Extensible: Pattern-based scanning and custom wordlists
- Web Directory/File Enumeration: Discover hidden directories and files on web servers
- DNS Subdomain Discovery: Find subdomains with wildcard support
- Virtual Host Detection: Identify virtual hosts on target web servers
- Cloud Storage Enumeration: Discover open Amazon S3 and Google Cloud Storage buckets
- TFTP File Discovery: Find files on TFTP servers
- Custom Fuzzing: Flexible fuzzing with customizable parameters
# Install gobuster
go install github.com/OJ/gobuster/v3@latest
# Basic directory enumeration
gobuster dir -u https://example.com -w /path/to/wordlist.txt
# DNS subdomain enumeration
gobuster dns -d example.com -w /path/to/wordlist.txt
# Virtual host discovery
gobuster vhost -u https://example.com -w /path/to/wordlist.txt
# S3 bucket enumeration
gobuster s3 -w /path/to/bucket-names.txtgo install github.com/OJ/gobuster/v3@latestRequirements: Go 1.24 or higher
Download pre-compiled binaries from the releases page.
# Pull the latest image
docker pull ghcr.io/oj/gobuster:latest
# Run gobuster in Docker
docker run --rm -it ghcr.io/oj/gobuster:latest dir -u https://example.com -w /usr/share/wordlists/dirb/common.txtgit clone https://github.com/OJ/gobuster.git
cd gobuster
go mod tidy
go buildIf you encounter issues:
- Ensure Go version 1.24+ is installed:
go version - Check your
$GOPATHand$GOBINenvironment variables - Verify
$GOPATH/binis in your$PATH
Gobuster uses a mode-based approach. Each mode is designed for specific enumeration tasks:
gobuster [mode] [options]gobuster help # Show general help
gobuster help [mode] # Show help for specific mode
gobuster [mode] --help # Alternative help syntaxEnumerate directories and files on web servers.
Basic Usage:
gobuster dir -u https://example.com -w wordlist.txtAdvanced Options:
# With file extensions
gobuster dir -u https://example.com -w wordlist.txt -x php,html,js,txt
# With custom headers and cookies
gobuster dir -u https://example.com -w wordlist.txt -H "Authorization: Bearer token" -c "session=value"
# Show response length
gobuster dir -u https://example.com -w wordlist.txt -l
# Filter by status codes
gobuster dir -u https://example.com -w wordlist.txt -s 200,301,302Discover subdomains through DNS resolution.
Basic Usage:
gobuster dns -d example.com -w wordlist.txtAdvanced Options:
# Use custom DNS server
gobuster dns -d example.com -w wordlist.txt -r 8.8.8.8:53
# Increase threads for faster scanning
gobuster dns -d example.com -w wordlist.txt -t 50Discover virtual hosts on web servers.
Basic Usage:
gobuster vhost -u https://example.com --append-domain -w wordlist.txtEnumerate Amazon S3 buckets.
Basic Usage:
gobuster s3 -w bucket-names.txtWith Debug Output:
gobuster s3 -w bucket-names.txt --debugEnumerate files on tftp servers.
Basic Usage:
gobuster tftp -s 10.0.0.1 -w wordlist.txtEnumerate Google Cloud Storage Buckets.
Basic Usage:
gobuster gcs -w bucket-names.txtWith Debug Output:
gobuster gcs -w bucket-names.txt --debugCustom fuzzing with the FUZZ keyword.
Basic Usage:
gobuster fuzz -u https://example.com?FUZZ=test -w wordlist.txtAdvanced Examples:
# Fuzz URL parameters
gobuster fuzz -u https://example.com?param=FUZZ -w wordlist.txt
# Fuzz headers
gobuster fuzz -u https://example.com -H "X-Custom-Header: FUZZ" -w wordlist.txt
# Fuzz POST data
gobuster fuzz -u https://example.com -d "username=admin&password=FUZZ" -w passwords.txt
If you're backing us already, you rock. If you're not, that's cool too! Want to back us? Become a backer!
All funds that are donated to this project will be donated to charity. A full log of charity donations will be available in this repository as they are processed.
# Comprehensive directory enumeration
gobuster dir -u https://target.com -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x php,html,js,txt,asp,aspx,jsp
# API endpoint discovery
gobuster dir -u https://api.target.com -w /usr/share/wordlists/dirb/common.txt -x json
# Admin panel discovery
gobuster dir -u https://target.com -w admin-panels.txt -s 200,301,302,403# Comprehensive subdomain enumeration
gobuster dns -d target.com -w /usr/share/wordlists/dnsrecon/subdomains-top1mil-5000.txt -t 50# S3 bucket enumeration with patterns
gobuster s3 -w company-names.txt -v
# GCS bucket enumeration
gobuster gcs -w company-names.txt -v- Try reducing thread count with
-tflag - Add delays between requests with
--delay - Use different user agent with
-aflag
- Increase timeout with
--timeoutflag - Reduce thread count for slower targets
- Check your internet connection
- Verify the target URL is accessible
- Try different wordlists
- Check status code filtering with
-sflag
- Increase thread count with
-tflag (but be careful not to overwhelm the target) - Use smaller, more targeted wordlists
- Always get proper authorization before testing any target
- Start with low thread counts to avoid overwhelming servers
- Use appropriate wordlists for the target technology
- Respect rate limits and implement delays if needed
- Monitor your network traffic to avoid detection
- For web applications: Use technology-specific wordlists (PHP, ASP.NET, etc.)
- For APIs: Focus on common API endpoints and versioning patterns
- For DNS: Use subdomain-specific wordlists with common patterns
- For cloud storage: Use company/brand-specific patterns
# Save results to file
gobuster dir -u https://example.com -w wordlist.txt -o results.txt
# Use quiet mode for clean output
gobuster dir -u https://example.com -w wordlist.txt -q- SecLists: https://github.com/danielmiessler/SecLists
- FuzzDB: https://github.com/fuzzdb-project/fuzzdb
- Seclists DNS: https://github.com/danielmiessler/SecLists/tree/master/Discovery/DNS
Happy hacking! 🚀
Remember: Always test responsibly and with proper authorization.
3.7
- use new cli library
- a lot more short options due to the new cli library
- more user friendly error messages
- clean up DNS mode
- renamed
show-cnametocheck-cnamein dns mode - got rid of
verboseflag and introduceddebuginstead - the version command now also shows some build variables for more info
- switched to another pkcs12 library to support p12s generated with openssl3 that use SHA256 HMAC
- comments in wordlists (strings starting with #) are no longer ignored
- warn in vhost mode if the --append-domain switch might have been forgotten
- allow to exclude status code and length in vhost mode
- added automaxprocs for use in docker with cpu limits
- log http requests with debug enabled
- allow fuzzing of Host header in fuzz mode
- automatically disable progress output when output is redirected
- fix extra special characters when run with
--no-progress - warn when using vhost mode with a proxy and http based urls as this might not work as expected
- add
interfaceandlocal-ipparameters to specify the outgoing interface for http requests - add support for tls renegotiation
- fix progress with patterns by @acammack
- fix backup discovery by @acammack
- support tcp protocol on dns servers
- add support for URL query parameters
3.6
- Wordlist offset parameter to skip x lines from the wordlist
- prevent double slashes when building up an url in dir mode
- allow for multiple values and ranges on
--exclude-length no-fqdnparameter on dns bruteforce to disable the use of the systems search domains. This should speed up the run if you have configured some search domains. #418
3.3
- Support TLS client certificates / mtls
- support loading extensions from file
- support fuzzing POST body, HTTP headers and basic auth
- new option to not canonicalize header names
3.2
- Use go 1.19
- use contexts in the correct way
- get rid of the wildcard flag (except in DNS mode)
- color output
- retry on timeout
- google cloud bucket enumeration
- fix nil reference errors
3.1
- enumerate public AWS S3 buckets
- fuzzing mode
- specify HTTP method
- added support for patterns. You can now specify a file containing patterns that are applied to every word, one by line. Every occurrence of the term
{GOBUSTER}in it will be replaced with the current wordlist item. Please use with caution as this can cause increase the number of requests issued a lot. - The shorthand
pflag which was assigned to proxy is now used by the pattern flag