Gobuster Directory/File Brute Forcer Cheat Sheet¶

__HTML_TAG_44_ Todos los comandos_HTML_TAG_45__

Overview¶

Gobuster es una herramienta usada para URIs de fuerza bruta (directorios y archivos) en sitios web, subdominios DNS, nombres de host virtual en servidores web destino, y abrir cubos Amazon S3. Escrito en Go, es rápido, eficiente y soporta múltiples modos de operación para un reconocimiento de aplicaciones web integral.

▪ restablecimiento Advertencia: Esta herramienta está destinada únicamente a pruebas de penetración autorizadas y evaluaciones de seguridad. Asegúrese de tener la autorización adecuada antes de usar contra cualquier objetivo.

Instalación¶

Go installation¶

# Install via Go
go install github.com/OJ/gobuster/v3@latest

# Verify installation
gobuster version

Package Manager Instalación¶

# Ubuntu/Debian
sudo apt update
sudo apt install gobuster

# Arch Linux
sudo pacman -S gobuster

# macOS with Homebrew
brew install gobuster

# Kali Linux (pre-installed)
gobuster --help

Instalación manual¶

# Download latest release
wget https://github.com/OJ/gobuster/releases/download/v3.6.0/gobuster_Linux_x86_64.tar.gz
tar -xzf gobuster_Linux_x86_64.tar.gz
sudo mv gobuster /usr/local/bin/

# Make executable
sudo chmod +x /usr/local/bin/gobuster

Docker Instalación¶

# Pull Docker image
docker pull gobuster/gobuster

# Run with Docker
docker run --rm gobuster/gobuster --help

Uso básico¶

Command Structure¶

# Basic syntax
gobuster [mode] [options]

# Get help
gobuster --help
gobuster [mode] --help

# Check version
gobuster version

Available Modes¶

Mode	Description
INLINE_CODE_36	Directory/file enumeration mode
INLINE_CODE_37	DNS subdomain enumeration mode
INLINE_CODE_38	Fuzzing mode
INLINE_CODE_39	Amazon S3 bucket enumeration
INLINE_CODE_40	Google Cloud Storage enumeration
INLINE_CODE_41	TFTP enumeration mode
INLINE_CODE_42	Virtual host enumeration mode

Directory and File Enumeration¶

Basic Directory Brute Force¶

# Basic directory enumeration
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt

# With specific extensions
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -x php,html,txt

# Multiple extensions
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -x php,html,txt,js,css

# Custom status codes
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -s 200,204,301,302,307,401,403

Opciones de directorio avanzado¶

# Increase threads for faster scanning
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -t 50

# Add delay between requests
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -d 100ms

# Follow redirects
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -r

# Include length in output
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -l

# Quiet mode (only show found)
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -q

Authentication and Headers¶

# Basic authentication
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -U username -P password

# Custom headers
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -H "Authorization: Bearer token"

# Multiple headers
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -H "X-Forwarded-For: 127.0.0.1" -H "User-Agent: CustomAgent"

# Cookies
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -c "PHPSESSID=abc123; auth=token"

Proxy and SSL Options¶

# Use proxy
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -p http://127.0.0.1:8080

# Skip SSL verification
gobuster dir -u https://target.com -w /usr/share/wordlists/dirb/common.txt -k

# Custom timeout
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt --timeout 30s

# Custom user agent
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -a "Mozilla/5.0 (Custom Agent)"

DNS Subdomain Enumeration¶

Basic DNS Enumeration¶

# Basic subdomain enumeration
gobuster dns -d target.com -w /usr/share/wordlists/SecLists/Discovery/DNS/subdomains-top1million-5000.txt

# Show IP addresses
gobuster dns -d target.com -w /usr/share/wordlists/SecLists/Discovery/DNS/subdomains-top1million-5000.txt -i

# Custom resolver
gobuster dns -d target.com -w /usr/share/wordlists/SecLists/Discovery/DNS/subdomains-top1million-5000.txt -r 8.8.8.8

# Multiple resolvers
gobuster dns -d target.com -w /usr/share/wordlists/SecLists/Discovery/DNS/subdomains-top1million-5000.txt -r 8.8.8.8,1.1.1.1

Opciones avanzadas de DNS¶

# Increase threads
gobuster dns -d target.com -w /usr/share/wordlists/SecLists/Discovery/DNS/subdomains-top1million-5000.txt -t 50

# Wildcard detection
gobuster dns -d target.com -w /usr/share/wordlists/SecLists/Discovery/DNS/subdomains-top1million-5000.txt --wildcard

# Custom timeout
gobuster dns -d target.com -w /usr/share/wordlists/SecLists/Discovery/DNS/subdomains-top1million-5000.txt --timeout 5s

# Output to file
gobuster dns -d target.com -w /usr/share/wordlists/SecLists/Discovery/DNS/subdomains-top1million-5000.txt -o subdomains.txt

Virtual Host Enumeration¶

Basic VHost Enumeration¶

# Basic virtual host enumeration
gobuster vhost -u http://target.com -w /usr/share/wordlists/SecLists/Discovery/DNS/subdomains-top1million-5000.txt

# Append domain
gobuster vhost -u http://target.com -w /usr/share/wordlists/SecLists/Discovery/DNS/subdomains-top1million-5000.txt --append-domain

# Custom domain
gobuster vhost -u http://192.168.1.100 -w /usr/share/wordlists/SecLists/Discovery/DNS/subdomains-top1million-5000.txt -d target.com

Opciones avanzadas de búsqueda¶

# Filter by status code
gobuster vhost -u http://target.com -w /usr/share/wordlists/SecLists/Discovery/DNS/subdomains-top1million-5000.txt -s 200,302

# Exclude status codes
gobuster vhost -u http://target.com -w /usr/share/wordlists/SecLists/Discovery/DNS/subdomains-top1million-5000.txt -b 404,403

# Custom headers
gobuster vhost -u http://target.com -w /usr/share/wordlists/SecLists/Discovery/DNS/subdomains-top1million-5000.txt -H "Authorization: Bearer token"

Fuzzing Mode¶

Basic Fuzzing¶

# Basic fuzzing with FUZZ keyword
gobuster fuzz -u http://target.com/FUZZ -w /usr/share/wordlists/dirb/common.txt

# Multiple FUZZ positions
gobuster fuzz -u http://target.com/FUZZ/FUZZ2 -w /usr/share/wordlists/dirb/common.txt

# Custom extensions in fuzzing
gobuster fuzz -u http://target.com/FUZZ.php -w /usr/share/wordlists/dirb/common.txt

Advanced Fuzzing¶

# Exclude specific responses
gobuster fuzz -u http://target.com/FUZZ -w /usr/share/wordlists/dirb/common.txt --exclude-length 1234

# Filter by response size
gobuster fuzz -u http://target.com/FUZZ -w /usr/share/wordlists/dirb/common.txt -s 200 --exclude-length 0

# POST data fuzzing
gobuster fuzz -u http://target.com/login -w /usr/share/wordlists/dirb/common.txt -d "username=admin&password=FUZZ"

Amazon S3 Bucket Enumeration¶

Basic S3 Enumeration¶

# Basic S3 bucket enumeration
gobuster s3 -w /usr/share/wordlists/dirb/common.txt

# Custom region
gobuster s3 -w /usr/share/wordlists/dirb/common.txt -r us-west-2

# Maximum keys to list
gobuster s3 -w /usr/share/wordlists/dirb/common.txt -m 1000

Opciones avanzadas S3¶

# Increase threads
gobuster s3 -w /usr/share/wordlists/dirb/common.txt -t 50

# Output to file
gobuster s3 -w /usr/share/wordlists/dirb/common.txt -o s3_buckets.txt

# Quiet mode
gobuster s3 -w /usr/share/wordlists/dirb/common.txt -q

Google Cloud Storage Enumeration¶

Basic GCS Enumeration¶

# Basic Google Cloud Storage enumeration
gobuster gcs -w /usr/share/wordlists/dirb/common.txt

# Maximum keys to list
gobuster gcs -w /usr/share/wordlists/dirb/common.txt -m 1000

# Increase threads
gobuster gcs -w /usr/share/wordlists/dirb/common.txt -t 50

Common Wordlists¶

Popular Wordlists¶

# SecLists (comprehensive collection)
/usr/share/wordlists/SecLists/Discovery/Web-Content/directory-list-2.3-medium.txt
/usr/share/wordlists/SecLists/Discovery/Web-Content/common.txt
/usr/share/wordlists/SecLists/Discovery/Web-Content/big.txt

# DirBuster wordlists
/usr/share/wordlists/dirb/common.txt
/usr/share/wordlists/dirb/big.txt
/usr/share/wordlists/dirb/small.txt

# Custom wordlists for specific technologies
/usr/share/wordlists/SecLists/Discovery/Web-Content/CMS/wordpress.txt
/usr/share/wordlists/SecLists/Discovery/Web-Content/CMS/drupal.txt
/usr/share/wordlists/SecLists/Discovery/Web-Content/apache.txt

Crear listas de palabras personalizadas¶

# Combine multiple wordlists
cat /usr/share/wordlists/dirb/common.txt /usr/share/wordlists/dirb/big.txt|sort -u > custom_wordlist.txt

# Generate wordlist from website
cewl http://target.com -w custom_wordlist.txt

# Technology-specific wordlist
echo -e "admin\nadministrator\nlogin\ndashboard\napi\nv1\nv2\ntest\ndev" > custom_dirs.txt

Output and Reporting¶

Formatos de salida¶

# Save to file
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -o results.txt

# JSON output
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -o results.json --format json

# Append to existing file
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt >> results.txt

Verbose Output¶

# Verbose mode
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -v

# Show progress
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt --progress

# No progress bar
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt --no-progress

Advanced Techniques¶

Multi-Target Scanning¶

# Scan multiple targets
for target in $(cat targets.txt); do
    echo "Scanning $target"
    gobuster dir -u $target -w /usr/share/wordlists/dirb/common.txt -o "$\\\\{target//\//_\\\\}_results.txt"
done

# Parallel scanning
parallel -j 5 "gobuster dir -u \\\\{\\\\} -w /usr/share/wordlists/dirb/common.txt -o \\\\{//\\\\}_results.txt" :::: targets.txt

Escáner Recursivo¶

# Manual recursive scanning
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt|grep "Status: 200"|awk '\\\\{print $1\\\\}' > found_dirs.txt

# Scan found directories
while read dir; do
    gobuster dir -u "http://target.com$dir" -w /usr/share/wordlists/dirb/common.txt
done < found_dirs.txt

Tasa de limitación de la evasión¶

# Slow scanning to avoid rate limits
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -t 1 -d 1s

# Random delay
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -d 500ms-2s

# Rotate user agents
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -a "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36"

Integración con otras herramientas¶

Burp Suite Integration¶

# Use Burp as proxy
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -p http://127.0.0.1:8080

# Export Burp findings to wordlist
# From Burp: Target > Site map > Right-click > Copy URLs
# Process URLs to create custom wordlist

Nmap Integration¶

# Scan web ports first
nmap -p 80,443,8080,8443 target.com --open -oG web_ports.txt

# Extract open ports and scan
grep "80/open\|443/open\|8080/open\|8443/open" web_ports.txt|awk '\\\\{print $2\\\\}'|while read host; do
    gobuster dir -u "http://$host" -w /usr/share/wordlists/dirb/common.txt
done

Nuclei Integration¶

# Run gobuster first, then nuclei on found directories
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -q|grep "Status: 200" > found_paths.txt

# Run nuclei on found paths
nuclei -l found_paths.txt -t /path/to/nuclei-templates/

Automation Scripts¶

Amplio script Web Enumeration¶

#!/bin/bash

TARGET=$1
OUTPUT_DIR="gobuster_results_$(date +%Y%m%d_%H%M%S)"

if [ -z "$TARGET" ]; then
    echo "Usage: $0 <target_url>"
    exit 1
fi

mkdir -p $OUTPUT_DIR

echo "[+] Starting comprehensive web enumeration for $TARGET"

# Directory enumeration with common extensions
echo "[+] Running directory enumeration..."
gobuster dir -u $TARGET -w /usr/share/wordlists/SecLists/Discovery/Web-Content/directory-list-2.3-medium.txt -x php,html,txt,js,css,xml,json -t 50 -o "$OUTPUT_DIR/directories.txt"

# Common file enumeration
echo "[+] Running common file enumeration..."
gobuster dir -u $TARGET -w /usr/share/wordlists/SecLists/Discovery/Web-Content/common.txt -x php,html,txt,js,css,xml,json,bak,old,tmp -t 50 -o "$OUTPUT_DIR/files.txt"

# Admin panel enumeration
echo "[+] Running admin panel enumeration..."
gobuster dir -u $TARGET -w /usr/share/wordlists/SecLists/Discovery/Web-Content/CMS/wordpress.txt -t 50 -o "$OUTPUT_DIR/admin.txt"

# API enumeration
echo "[+] Running API enumeration..."
gobuster dir -u $TARGET -w /usr/share/wordlists/SecLists/Discovery/Web-Content/api/api-endpoints.txt -t 50 -o "$OUTPUT_DIR/api.txt"

# Subdomain enumeration (if domain provided)
if [[ $TARGET =~ ^https?://([^/]+) ]]; then
    DOMAIN=$\\\\{BASH_REMATCH[1]\\\\}
    echo "[+] Running subdomain enumeration for $DOMAIN..."
    gobuster dns -d $DOMAIN -w /usr/share/wordlists/SecLists/Discovery/DNS/subdomains-top1million-5000.txt -t 50 -o "$OUTPUT_DIR/subdomains.txt"
fi

echo "[+] Enumeration complete. Results saved in $OUTPUT_DIR/"

Multi-Extension Scanner¶

#!/bin/bash

TARGET=$1
WORDLIST="/usr/share/wordlists/dirb/common.txt"

# Common web extensions
EXTENSIONS=("php" "html" "htm" "txt" "js" "css" "xml" "json" "asp" "aspx" "jsp" "do" "action" "cgi" "pl" "py" "rb" "bak" "old" "tmp" "log")

for ext in "$\\\\{EXTENSIONS[@]\\\\}"; do
    echo "[+] Scanning for .$ext files..."
    gobuster dir -u $TARGET -w $WORDLIST -x $ext -t 30 -q|grep "Status: 200"
done

Recursive Directory Scanner¶

#!/bin/bash

TARGET=$1
WORDLIST="/usr/share/wordlists/dirb/common.txt"
MAX_DEPTH=3
CURRENT_DEPTH=0

scan_directory() \\\\{
    local url=$1
    local depth=$2

    if [ $depth -gt $MAX_DEPTH ]; then
        return
    fi

    echo "[+] Scanning $url (depth: $depth)"

    # Scan current directory
    gobuster dir -u "$url" -w $WORDLIST -t 30 -q|grep "Status: 200"|while read line; do
        found_path=$(echo $line|awk '\\\\{print $1\\\\}')
        full_url="$url$found_path"

        echo "Found: $full_url"

        # If it's a directory, scan recursively
        if [[ $found_path == */ ]]; then
            scan_directory "$full_url" $((depth + 1))
        fi
    done
\\\\}

scan_directory $TARGET 0

Performance Optimization¶

Threading and Speed¶

# Optimal thread count (usually 20-50)
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -t 30

# Adjust timeout for slow servers
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt --timeout 10s

# Disable progress bar for better performance
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt --no-progress

Memory Management¶

# For large wordlists, use streaming
gobuster dir -u http://target.com -w /usr/share/wordlists/SecLists/Discovery/Web-Content/directory-list-2.3-big.txt -t 20

# Monitor memory usage
watch -n 1 'ps aux|grep gobuster'

Troubleshooting¶

Common Issues¶

# SSL certificate issues
gobuster dir -u https://target.com -w /usr/share/wordlists/dirb/common.txt -k

# Connection timeout
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt --timeout 30s

# Rate limiting
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -t 1 -d 1s

# DNS resolution issues
gobuster dns -d target.com -w /usr/share/wordlists/SecLists/Discovery/DNS/subdomains-top1million-5000.txt -r 8.8.8.8

Debug Mode¶

# Enable debug output
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt --debug

# Verbose output
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -v

Buenas prácticas¶

Reconnaissance Strategy¶

Empieza con directorios comunes: Utilizar pequeñas y comunes listas de palabras primero
** enumeración específica de la tecnología**: Utilice listas de palabras específicas de CMS cuando sea aplicable
** enumeración de la tensión**: Siempre incluye extensiones de archivo relevantes
Escaneo recursivo: Escaneo encontró directorios para una enumeración más profunda
El destino limita la conciencia: Ajuste los hilos y los retrasos para evitar la detección

Stealth Considerations¶

# Slow and stealthy scanning
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -t 1 -d 2s -a "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36"

# Use proxy for anonymity
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -p http://proxy:8080

# Random user agent rotation
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -a "$(shuf -n1 user_agents.txt)"

Resources¶

[Repositorio de Gobuster GitHub]
[SecLists Wordlists](URL_50__
[Guía de Pruebas de la OPEP](URL_51__
[Prueba de Penetración de la aplicación web](URL_52__

-...

*Esta hoja de trampa proporciona una referencia completa para usar Gobuster. Siempre asegúrese de tener una autorización adecuada antes de realizar las pruebas de seguridad de aplicaciones web. *