Member-only story
Gobuster: Introduction
Gobuster is an open-source tool in Golang for enumerating web directories, DNS subdomains, vhosts, Amazon S3 buckets, and Google Cloud Storage via brute force with wordlists. It’s widely used in penetration testing and bug bounty hunting, fitting between reconnaissance and scanning phases.
Enumeration
Enumeration lists all available resources, accessible or not (e.g., web directories).
Brute Force
Brute force tries every possibility until a match is found, similar to testing multiple keys on a lock.
Gobuster: Overview
Gobuster is included in Kali Linux. To view its functionalities, run gobuster --help:
Usage: gobuster [command]
Available Commands:
- completion: Generate autocompletion script.
- dir: Directory/file enumeration mode.
- dns: DNS subdomain enumeration mode.
- fuzz: Fuzzing mode.
- gcs: GCS bucket enumeration mode.
- help: Help for any command.
- s3: AWS bucket enumeration mode.
- tftp: TFTP enumeration mode.
- version: Show current version.
- vhost: VHOST enumeration mode.
