gobuster

Brute-forces hidden paths on web servers and more. More information: https://github.com/OJ/gobuster.

• Discover directories and files that match in the wordlist:

gobuster dir --url https://example.com/ --wordlist path/to/file

• Discover subdomains:

gobuster dns --domain example.com --wordlist path/to/file

• Discover Amazon S3 buckets:

gobuster s3 --wordlist path/to/file

• Discover other virtual hosts on the server:

gobuster vhost --url https://example.com/ --wordlist path/to/file

• Fuzz the value of a parameter:

gobuster fuzz --url https://example.com/?parameter=FUZZ --wordlist path/to/file

• Fuzz the name of a parameter:

gobuster fuzz --url https://example.com/?FUZZ=value --wordlist path/to/file