Gobuster - Cybersecurity Toolkit

What is Gobuster?

Gobuster is a command-line tool written in Go that allows penetration testers and ethical hackers to brute-force:

Unlike tools like DirBuster or Dirsearch, Gobuster is optimized for speed and flexibility, making it ideal for both recon and exploitation phases.

# Install Gobuster on Linux/macOS
sudo apt install gobuster

# Or install via Go (recommended latest)
go install github.com/OJ/gobuster/v3@latest

gobuster dir -u https://target.com -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x php,html,txt

This command scans for directories and files with the extensions `.php`, `.html`, and `.txt` on the given target.

gobuster dns -d target.com -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-5000.txt

Scans for valid subdomains of target.com using a wordlist.

gobuster vhost -u http://target.com -w /usr/share/seclists/Discovery/DNS/namelist.txt

Tries to detect different virtual hosts on the same IP by sending requests with varying Host: headers.

You find a login panel at https://app.targetcorp.com/login. You suspect hidden admin pages. Try:

gobuster dir -u https://app.targetcorp.com -w /usr/share/wordlists/dirb/common.txt -x php,html -t 40

Gobuster reveals:

/admin           (Status: 200)
/backup          (Status: 403)
/hidden/login    (Status: 302)

Now you can prioritize further testing on /admin and /hidden/login.