Gobuster Directorio/File Brute Forcer Cheat Sheet
"Clase de la hoja" idbutton id="gobuster-copy-btn" class="copy-btn" onclick="copyAllCommands()" Copiar todos los comandos id="gobuster-pdf-btn" class="pdf-btn" onclick="generatePDF()" Generar PDF seleccionado/button ■/div titulada
Sinopsis
Gobuster es una herramienta usada para URIs de fuerza bruta (directorios y archivos) en sitios web, subdominios DNS, nombres de host virtual en servidores web destino, y abrir cubos Amazon S3. Escrito en Go, es rápido, eficiente y soporta múltiples modos de operación para un reconocimiento de aplicaciones web integral.
NOVEDAD Advertencia: Esta herramienta está destinada únicamente a pruebas de penetración autorizadas y evaluaciones de seguridad. Asegúrese de tener la autorización adecuada antes de usar contra cualquier objetivo.
Instalación
Instalación
# Install via Go
go install github.com/OJ/gobuster/v3@latest
# Verify installation
gobuster version
Paquete Manager Instalación
# Ubuntu/Debian
sudo apt update
sudo apt install gobuster
# Arch Linux
sudo pacman -S gobuster
# macOS with Homebrew
brew install gobuster
# Kali Linux (pre-installed)
gobuster --help
Instalación manual
# Download latest release
wget https://github.com/OJ/gobuster/releases/download/v3.6.0/gobuster_Linux_x86_64.tar.gz
tar -xzf gobuster_Linux_x86_64.tar.gz
sudo mv gobuster /usr/local/bin/
# Make executable
sudo chmod +x /usr/local/bin/gobuster
Docker Instalación
# Pull Docker image
docker pull gobuster/gobuster
# Run with Docker
docker run --rm gobuster/gobuster --help
Uso básico
Estructura del comando
# Basic syntax
gobuster [mode] [options]
# Get help
gobuster --help
gobuster [mode] --help
# Check version
gobuster version
Modos disponibles
| Mode | Description |
|---|---|
dir |
Directory/file enumeration mode |
dns |
DNS subdomain enumeration mode |
fuzz |
Fuzzing mode |
s3 |
Amazon S3 bucket enumeration |
gcs |
Google Cloud Storage enumeration |
tftp |
TFTP enumeration mode |
vhost |
Virtual host enumeration mode |
Directorio y Enumeración de Archivo
Basic Directory Brute Force
# Basic directory enumeration
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt
# With specific extensions
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -x php,html,txt
# Multiple extensions
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -x php,html,txt,js,css
# Custom status codes
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -s 200,204,301,302,307,401,403
Opciones de directorio avanzado
# Increase threads for faster scanning
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -t 50
# Add delay between requests
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -d 100ms
# Follow redirects
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -r
# Include length in output
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -l
# Quiet mode (only show found)
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -q
Authentication and Headers
# Basic authentication
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -U username -P password
# Custom headers
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -H "Authorization: Bearer token"
# Multiple headers
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -H "X-Forwarded-For: 127.0.0.1" -H "User-Agent: CustomAgent"
# Cookies
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -c "PHPSESSID=abc123; auth=token"
Opciones proxy y SSL
# Use proxy
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -p http://127.0.0.1:8080
# Skip SSL verification
gobuster dir -u https://target.com -w /usr/share/wordlists/dirb/common.txt -k
# Custom timeout
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt --timeout 30s
# Custom user agent
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -a "Mozilla/5.0 (Custom Agent)"
DNS Subdominio Enumeración
Basic DNS Enumeration
# Basic subdomain enumeration
gobuster dns -d target.com -w /usr/share/wordlists/SecLists/Discovery/DNS/subdomains-top1million-5000.txt
# Show IP addresses
gobuster dns -d target.com -w /usr/share/wordlists/SecLists/Discovery/DNS/subdomains-top1million-5000.txt -i
# Custom resolver
gobuster dns -d target.com -w /usr/share/wordlists/SecLists/Discovery/DNS/subdomains-top1million-5000.txt -r 8.8.8.8
# Multiple resolvers
gobuster dns -d target.com -w /usr/share/wordlists/SecLists/Discovery/DNS/subdomains-top1million-5000.txt -r 8.8.8.8,1.1.1.1
Opciones avanzadas de DNS
# Increase threads
gobuster dns -d target.com -w /usr/share/wordlists/SecLists/Discovery/DNS/subdomains-top1million-5000.txt -t 50
# Wildcard detection
gobuster dns -d target.com -w /usr/share/wordlists/SecLists/Discovery/DNS/subdomains-top1million-5000.txt --wildcard
# Custom timeout
gobuster dns -d target.com -w /usr/share/wordlists/SecLists/Discovery/DNS/subdomains-top1million-5000.txt --timeout 5s
# Output to file
gobuster dns -d target.com -w /usr/share/wordlists/SecLists/Discovery/DNS/subdomains-top1million-5000.txt -o subdomains.txt
Virtual Host Enumeration
Enumeración Básica VHost
# Basic virtual host enumeration
gobuster vhost -u http://target.com -w /usr/share/wordlists/SecLists/Discovery/DNS/subdomains-top1million-5000.txt
# Append domain
gobuster vhost -u http://target.com -w /usr/share/wordlists/SecLists/Discovery/DNS/subdomains-top1million-5000.txt --append-domain
# Custom domain
gobuster vhost -u http://192.168.1.100 -w /usr/share/wordlists/SecLists/Discovery/DNS/subdomains-top1million-5000.txt -d target.com
Opciones avanzadas VHost
# Filter by status code
gobuster vhost -u http://target.com -w /usr/share/wordlists/SecLists/Discovery/DNS/subdomains-top1million-5000.txt -s 200,302
# Exclude status codes
gobuster vhost -u http://target.com -w /usr/share/wordlists/SecLists/Discovery/DNS/subdomains-top1million-5000.txt -b 404,403
# Custom headers
gobuster vhost -u http://target.com -w /usr/share/wordlists/SecLists/Discovery/DNS/subdomains-top1million-5000.txt -H "Authorization: Bearer token"
Modo de Fuzzing
Fuzzing básico
# Basic fuzzing with FUZZ keyword
gobuster fuzz -u http://target.com/FUZZ -w /usr/share/wordlists/dirb/common.txt
# Multiple FUZZ positions
gobuster fuzz -u http://target.com/FUZZ/FUZZ2 -w /usr/share/wordlists/dirb/common.txt
# Custom extensions in fuzzing
gobuster fuzz -u http://target.com/FUZZ.php -w /usr/share/wordlists/dirb/common.txt
Fuzzing avanzado
# Exclude specific responses
gobuster fuzz -u http://target.com/FUZZ -w /usr/share/wordlists/dirb/common.txt --exclude-length 1234
# Filter by response size
gobuster fuzz -u http://target.com/FUZZ -w /usr/share/wordlists/dirb/common.txt -s 200 --exclude-length 0
# POST data fuzzing
gobuster fuzz -u http://target.com/login -w /usr/share/wordlists/dirb/common.txt -d "username=admin&password=FUZZ"
Amazon S3 Bucket Enumeración
Basic S3 Enumeration
# Basic S3 bucket enumeration
gobuster s3 -w /usr/share/wordlists/dirb/common.txt
# Custom region
gobuster s3 -w /usr/share/wordlists/dirb/common.txt -r us-west-2
# Maximum keys to list
gobuster s3 -w /usr/share/wordlists/dirb/common.txt -m 1000
Opciones avanzadas S3
# Increase threads
gobuster s3 -w /usr/share/wordlists/dirb/common.txt -t 50
# Output to file
gobuster s3 -w /usr/share/wordlists/dirb/common.txt -o s3_buckets.txt
# Quiet mode
gobuster s3 -w /usr/share/wordlists/dirb/common.txt -q
Google Cloud Storage Enumeration
Basic GCS Enumeration
# Basic Google Cloud Storage enumeration
gobuster gcs -w /usr/share/wordlists/dirb/common.txt
# Maximum keys to list
gobuster gcs -w /usr/share/wordlists/dirb/common.txt -m 1000
# Increase threads
gobuster gcs -w /usr/share/wordlists/dirb/common.txt -t 50
Listas de palabras comunes
Listas de palabras populares
# SecLists (comprehensive collection)
/usr/share/wordlists/SecLists/Discovery/Web-Content/directory-list-2.3-medium.txt
/usr/share/wordlists/SecLists/Discovery/Web-Content/common.txt
/usr/share/wordlists/SecLists/Discovery/Web-Content/big.txt
# DirBuster wordlists
/usr/share/wordlists/dirb/common.txt
/usr/share/wordlists/dirb/big.txt
/usr/share/wordlists/dirb/small.txt
# Custom wordlists for specific technologies
/usr/share/wordlists/SecLists/Discovery/Web-Content/CMS/wordpress.txt
/usr/share/wordlists/SecLists/Discovery/Web-Content/CMS/drupal.txt
/usr/share/wordlists/SecLists/Discovery/Web-Content/apache.txt
Creación de listas de palabras personalizadas
# Combine multiple wordlists
cat /usr/share/wordlists/dirb/common.txt /usr/share/wordlists/dirb/big.txt|sort -u > custom_wordlist.txt
# Generate wordlist from website
cewl http://target.com -w custom_wordlist.txt
# Technology-specific wordlist
echo -e "admin\nadministrator\nlogin\ndashboard\napi\nv1\nv2\ntest\ndev" > custom_dirs.txt
Productos y presentación de informes
Formatos de salida
# Save to file
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -o results.txt
# JSON output
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -o results.json --format json
# Append to existing file
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt >> results.txt
Productos de Verbose
# Verbose mode
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -v
# Show progress
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt --progress
# No progress bar
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt --no-progress
Técnicas avanzadas
Escáner multifunción
# Scan multiple targets
for target in $(cat targets.txt); do
echo "Scanning $target"
gobuster dir -u $target -w /usr/share/wordlists/dirb/common.txt -o "$\\\\{target//\//_\\\\}_results.txt"
done
# Parallel scanning
parallel -j 5 "gobuster dir -u \\\\{\\\\} -w /usr/share/wordlists/dirb/common.txt -o \\\\{//\\\\}_results.txt" :::: targets.txt
Escáner Recursivo
# Manual recursive scanning
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt|grep "Status: 200"|awk '\\\\{print $1\\\\}' > found_dirs.txt
# Scan found directories
while read dir; do
gobuster dir -u "http://target.com$dir" -w /usr/share/wordlists/dirb/common.txt
done < found_dirs.txt
Tasa de reducción de la evasión
# Slow scanning to avoid rate limits
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -t 1 -d 1s
# Random delay
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -d 500ms-2s
# Rotate user agents
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -a "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36"
Integración con otras herramientas
Burp Suite Integration
# Use Burp as proxy
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -p http://127.0.0.1:8080
# Export Burp findings to wordlist
# From Burp: Target > Site map > Right-click > Copy URLs
# Process URLs to create custom wordlist
Integración de Nmap
# Scan web ports first
nmap -p 80,443,8080,8443 target.com --open -oG web_ports.txt
# Extract open ports and scan
grep "80/open\|443/open\|8080/open\|8443/open" web_ports.txt|awk '\\\\{print $2\\\\}'|while read host; do
gobuster dir -u "http://$host" -w /usr/share/wordlists/dirb/common.txt
done
Nuclei Integration
# Run gobuster first, then nuclei on found directories
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -q|grep "Status: 200" > found_paths.txt
# Run nuclei on found paths
nuclei -l found_paths.txt -t /path/to/nuclei-templates/
Scripts de automatización
Script de enumeración web completa
#!/bin/bash
TARGET=$1
OUTPUT_DIR="gobuster_results_$(date +%Y%m%d_%H%M%S)"
if [ -z "$TARGET" ]; then
echo "Usage: $0 <target_url>"
exit 1
fi
mkdir -p $OUTPUT_DIR
echo "[+] Starting comprehensive web enumeration for $TARGET"
# Directory enumeration with common extensions
echo "[+] Running directory enumeration..."
gobuster dir -u $TARGET -w /usr/share/wordlists/SecLists/Discovery/Web-Content/directory-list-2.3-medium.txt -x php,html,txt,js,css,xml,json -t 50 -o "$OUTPUT_DIR/directories.txt"
# Common file enumeration
echo "[+] Running common file enumeration..."
gobuster dir -u $TARGET -w /usr/share/wordlists/SecLists/Discovery/Web-Content/common.txt -x php,html,txt,js,css,xml,json,bak,old,tmp -t 50 -o "$OUTPUT_DIR/files.txt"
# Admin panel enumeration
echo "[+] Running admin panel enumeration..."
gobuster dir -u $TARGET -w /usr/share/wordlists/SecLists/Discovery/Web-Content/CMS/wordpress.txt -t 50 -o "$OUTPUT_DIR/admin.txt"
# API enumeration
echo "[+] Running API enumeration..."
gobuster dir -u $TARGET -w /usr/share/wordlists/SecLists/Discovery/Web-Content/api/api-endpoints.txt -t 50 -o "$OUTPUT_DIR/api.txt"
# Subdomain enumeration (if domain provided)
if [[ $TARGET =~ ^https?://([^/]+) ]]; then
DOMAIN=$\\\\{BASH_REMATCH[1]\\\\}
echo "[+] Running subdomain enumeration for $DOMAIN..."
gobuster dns -d $DOMAIN -w /usr/share/wordlists/SecLists/Discovery/DNS/subdomains-top1million-5000.txt -t 50 -o "$OUTPUT_DIR/subdomains.txt"
fi
echo "[+] Enumeration complete. Results saved in $OUTPUT_DIR/"
Escáner multi-extensión
#!/bin/bash
TARGET=$1
WORDLIST="/usr/share/wordlists/dirb/common.txt"
# Common web extensions
EXTENSIONS=("php" "html" "htm" "txt" "js" "css" "xml" "json" "asp" "aspx" "jsp" "do" "action" "cgi" "pl" "py" "rb" "bak" "old" "tmp" "log")
for ext in "$\\\\{EXTENSIONS[@]\\\\}"; do
echo "[+] Scanning for .$ext files..."
gobuster dir -u $TARGET -w $WORDLIST -x $ext -t 30 -q|grep "Status: 200"
done
Escáner de directorio Recursivo
#!/bin/bash
TARGET=$1
WORDLIST="/usr/share/wordlists/dirb/common.txt"
MAX_DEPTH=3
CURRENT_DEPTH=0
scan_directory() \\\\{
local url=$1
local depth=$2
if [ $depth -gt $MAX_DEPTH ]; then
return
fi
echo "[+] Scanning $url (depth: $depth)"
# Scan current directory
gobuster dir -u "$url" -w $WORDLIST -t 30 -q|grep "Status: 200"|while read line; do
found_path=$(echo $line|awk '\\\\{print $1\\\\}')
full_url="$url$found_path"
echo "Found: $full_url"
# If it's a directory, scan recursively
if [[ $found_path == */ ]]; then
scan_directory "$full_url" $((depth + 1))
fi
done
\\\\}
scan_directory $TARGET 0
Optimización del rendimiento
Tracción y velocidad
# Optimal thread count (usually 20-50)
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -t 30
# Adjust timeout for slow servers
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt --timeout 10s
# Disable progress bar for better performance
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt --no-progress
Gestión de memoria
# For large wordlists, use streaming
gobuster dir -u http://target.com -w /usr/share/wordlists/SecLists/Discovery/Web-Content/directory-list-2.3-big.txt -t 20
# Monitor memory usage
watch -n 1 'ps aux|grep gobuster'
Solución de problemas
Cuestiones comunes
# SSL certificate issues
gobuster dir -u https://target.com -w /usr/share/wordlists/dirb/common.txt -k
# Connection timeout
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt --timeout 30s
# Rate limiting
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -t 1 -d 1s
# DNS resolution issues
gobuster dns -d target.com -w /usr/share/wordlists/SecLists/Discovery/DNS/subdomains-top1million-5000.txt -r 8.8.8.8
Modo de depuración
# Enable debug output
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt --debug
# Verbose output
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -v
Buenas prácticas
Estrategia de reconocimiento
- Empieza con directorios comunes: Utilizar pequeñas y comunes listas de palabras primero
- ** enumeración específica de la tecnología**: Utilice listas de palabras específicas de CMS cuando sea aplicable
- ** enumeración de la tensión**: Siempre incluye extensiones de archivo relevantes
- Escaneo recursivo: Escaneo encontró directorios para una enumeración más profunda
- El destino limita la conciencia: Ajuste los hilos y los retrasos para evitar la detección
Consideraciones de integridad
# Slow and stealthy scanning
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -t 1 -d 2s -a "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36"
# Use proxy for anonymity
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -p http://proxy:8080
# Random user agent rotation
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -a "$(shuf -n1 user_agents.txt)"
Recursos
- Repositorio de Gobuster GitHub
- SecLists Wordlists
- Guía de Pruebas de la OPEP
- Prueba de Penetración de la aplicación web
-...
*Esta hoja de trampa proporciona una referencia completa para usar Gobuster. Siempre asegúrese de tener una autorización adecuada antes de realizar las pruebas de seguridad de aplicaciones web. *