Directory Enumeration

Gobuster

Gobuster is a command-line tool for directory and file brute-forcing on web servers. It helps discover hidden paths and files by trying different combinations. Security testers utilize Gobuster to identify potential entry points and sensitive files on web applications during penetration testing.

Gobuster Usage Examples

Here are various ways to use Gobuster for directory enumeration:

Basic Directory Enumeration:
Enumerate directories using a common wordlist (common.txt):
```
gobuster dir -u https://www.example.com -w common.txt
```
Custom Wordlist and Extension:
Use a custom wordlist (custom.txt) and specify file extensions to search for (php,html):
```
gobuster dir -u https://www.example.com -w custom.txt -x php,html
```
Recursive Directory Enumeration:
Enable recursive mode to explore subdirectories (-r flag):
```
gobuster dir -u https://www.example.com -w wordlist.txt -r
```
Directory Enumeration with URL Path:
Enumerate directories starting from a specific URL path (/subdir/):
```
gobuster dir -u https://www.example.com/subdir/ -w common.txt
```
HTTP Methods and Insecure Types:
Specify HTTP methods and check for specific HTTP status codes (-s 200,204):
```
gobuster dir -u https://www.example.com -w wordlist.txt -x php,html -s 200,204
```
Using Different HTTP Methods:
Use different HTTP methods (GET,POST) during directory enumeration (-X flag):
```
gobuster dir -u https://www.example.com -w wordlist.txt -x php -X GET,POST
```
URL Path Prefix:
Add a URL path prefix (/app/) to each request:
```
gobuster dir -u https://www.example.com -w wordlist.txt -P /app/
```
Ignoring Response Length:
Ignore response length to quickly identify existing paths (-z flag):
```
gobuster dir -u https://www.example.com -w wordlist.txt -z
```

These examples demonstrate how Gobuster can be configured for different scenarios in web application penetration testing to discover hidden directories and files. Adjust parameters based on specific testing requirements and site structure.

Hacker's Mantra:With the rise of technology came a new term: hackers.

PreviousIntro to Web NextBurpSuite and ZAP-Proxy Overview

Last updated 11 months ago

Was this helpful?

Gobuster

Gobuster Usage Examples

Here are various ways to use Gobuster for directory enumeration:

Basic Directory Enumeration:

Enumerate directories using a common wordlist (common.txt):

gobuster dir -u https://www.example.com -w common.txt

Custom Wordlist and Extension:

Use a custom wordlist (custom.txt) and specify file extensions to search for (php,html):

gobuster dir -u https://www.example.com -w custom.txt -x php,html

Recursive Directory Enumeration:

Enable recursive mode to explore subdirectories (-r flag):

gobuster dir -u https://www.example.com -w wordlist.txt -r

Directory Enumeration with URL Path:

Enumerate directories starting from a specific URL path (/subdir/):

gobuster dir -u https://www.example.com/subdir/ -w common.txt

HTTP Methods and Insecure Types:

Specify HTTP methods and check for specific HTTP status codes (-s 200,204):

gobuster dir -u https://www.example.com -w wordlist.txt -x php,html -s 200,204

Using Different HTTP Methods:

Use different HTTP methods (GET,POST) during directory enumeration (-X flag):

gobuster dir -u https://www.example.com -w wordlist.txt -x php -X GET,POST

URL Path Prefix:

Add a URL path prefix (/app/) to each request:

gobuster dir -u https://www.example.com -w wordlist.txt -P /app/

Ignoring Response Length:

Ignore response length to quickly identify existing paths (-z flag):

gobuster dir -u https://www.example.com -w wordlist.txt -z

Hacker's Mantra:With the rise of technology came a new term: hackers.