Gobuster
Gobuster is a tool used to do fuzzing web, this technique uses bruteforce in all the directories giving an URL. Also can do fuzzing in virtual hosts with specific flags.
Gobuster source
Tool writen in GO, use make to compile and use the tool.
Default wordlist in OS security like Parrot and kali is /usr/share/wordlist/
Clone with git in CLI:
git clone https://github.com/OJ/gobuster.git
Compile using make command.
COMMON FLAGS
INFO:
- d: Domain.
- t: Number of threads.
- w: Wordlist, dictionary.
- i: Show IP samples list.
DNS Mode
./gobuster dns -d [URL] -t 50 -w /wordlists
DIR Mode
./gobuster dir -u https://example.com/path/ -c '[InsertCookies]' -t 50 -w /wordlist
VHOST Mode
./gobuster vhost -u https://example.com -w /wordlist
FUZZ Mode
./gobuster fuzz -u https://example.com?FUZZ=test -w /wordlist