20 examples of using gobuster for directory traversal and discovery

Tags

Below are 20 examples of using gobuster for directory traversal and discovery. These examples cover different scenarios, including custom wordlists, extensions, and output formatting.

Basic Examples

  1. Simple directory scan 
    gobuster dir -u http://example.com -w /path/to/wordlist.txt
  2. Directory scan with custom extensions 
    gobuster dir -u http://example.com -w /path/to/wordlist.txt -x php,html,js
  3. Recursive directory scan 
    gobuster dir -u http://example.com -w /path/to/wordlist.txt -r
  4. Ignoring length-based results 
    gobuster dir -u http://example.com -w /path/to/wordlist.txt --exclude-length 0
  5. Directory scan using a proxy 
    gobuster dir -u http://example.com -w /path/to/wordlist.txt --proxy http://127.0.0.1:8080

Advanced Examples

  1. HTTPS with insecure certificate 
    gobuster dir -u https://example.com -w /path/to/wordlist.txt -k
  2. Custom User-Agent 
    gobuster dir -u http://example.com -w /path/to/wordlist.txt -a "MyCustomAgent/1.0"
  3. Custom HTTP headers 
    gobuster dir -u http://example.com -w /path/to/wordlist.txt -H "Authorization: Bearer TOKEN"
  4. Concurrent threads 
    gobuster dir -u http://example.com -w /path/to/wordlist.txt -t 50
  5. Timeout adjustments 
    gobuster dir -u http://example.com -w /path/to/wordlist.txt --timeout 10s

Output Handling

  1. Save output to a file 
    gobuster dir -u http://example.com -w /path/to/wordlist.txt -o results.txt
  2. Verbose output 
    gobuster dir -u http://example.com -w /path/to/wordlist.txt -v
  3. JSON formatted output 
    gobuster dir -u http://example.com -w /path/to/wordlist.txt -o results.json -z
  4. Filtering status codes 
    gobuster dir -u http://example.com -w /path/to/wordlist.txt -s "200,204,301"
  5. Custom DNS resolver 
    gobuster dir -u http://example.com -w /path/to/wordlist.txt --dns-resolver 1.1.1.1

Specialized Scans

  1. Scan specific ports 
    gobuster dir -u http://example.com:8080 -w /path/to/wordlist.txt
  2. Use environment variables for authentication 
    gobuster dir -u http://example.com -w /path/to/wordlist.txt --username $USERNAME --password $PASSWORD
  3. Rate limiting requests 
    gobuster dir -u http://example.com -w /path/to/wordlist.txt --rate-limit 2
  4. Scanning a subdirectory 
    gobuster dir -u http://example.com/admin -w /path/to/wordlist.txt
  5. Using a brute-force strategy 
    gobuster dir -u http://example.com -w /path/to/large-wordlist.txt --wildcard
LinkedIn Reddit