{"id":13539981,"url":"https://github.com/oj/gobuster","last_synced_at":"2025-05-12T13:03:42.018Z","repository":{"id":23280555,"uuid":"26639347","full_name":"OJ/gobuster","owner":"OJ","description":"Directory/File, DNS and VHost busting tool written in Go","archived":false,"fork":false,"pushed_at":"2025-05-06T06:08:21.000Z","size":964,"stargazers_count":11557,"open_issues_count":25,"forks_count":1356,"subscribers_count":169,"default_branch":"master","last_synced_at":"2025-05-12T13:03:28.632Z","etag":null,"topics":["dns","go","pentesting","tool","web"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/OJ.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null},"funding":{"github":["OJ","firefart"],"patreon":"OJReeves","open_collective":"gobuster","ko_fi":"OJReeves"}},"created_at":"2014-11-14T13:18:35.000Z","updated_at":"2025-05-12T08:59:52.000Z","dependencies_parsed_at":"2023-02-13T03:45:34.641Z","dependency_job_id":"fb0cb366-99f6-4663-87cd-82c6f717fed2","html_url":"https://github.com/OJ/gobuster","commit_stats":{"total_commits":304,"total_committers":26,"mean_commits":"11.692307692307692","dds":0.4703947368421053,"last_synced_commit":"308cf9fbafb94d364408fcc6394468b489590b09"},"previous_names":[],"tags_count":20,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OJ%2Fgobuster","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OJ%2Fgobuster/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OJ%2Fgobuster/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OJ%2Fgobuster/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/OJ","download_url":"https://codeload.github.com/OJ/gobuster/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253745055,"owners_count":21957317,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["dns","go","pentesting","tool","web"],"created_at":"2024-08-01T09:01:36.313Z","updated_at":"2025-05-12T13:03:41.963Z","avatar_url":"https://github.com/OJ.png","language":"Go","readme":"# Gobuster\n\nGobuster is a tool used to brute-force:\n\n- URIs (directories and files) in web sites.\n- DNS subdomains (with wildcard support).\n- Virtual Host names on target web servers.\n- Open Amazon S3 buckets\n- Open Google Cloud buckets\n- TFTP servers\n\n## Tags, Statuses, etc\n\n[![Build Status](https://travis-ci.com/OJ/gobuster.svg?branch=master)](https://travis-ci.com/OJ/gobuster) [![Backers on Open Collective](https://opencollective.com/gobuster/backers/badge.svg)](https://opencollective.com/gobuster) [![Sponsors on Open Collective](https://opencollective.com/gobuster/sponsors/badge.svg)](https://opencollective.com/gobuster)\n\n\n## Love this tool? Back it!\n\nIf you're backing us already, you rock. If you're not, that's cool too! Want to back us? [Become a backer](https://opencollective.com/gobuster#backer)!\n\n[![Backers](https://opencollective.com/gobuster/backers.svg?width=890)](https://opencollective.com/gobuster#backers)\n\nAll funds that are donated to this project will be donated to charity. A full log of charity donations will be available in this repository as they are processed.\n\n# Changes\n\n## 3.6\n\n- Wordlist offset parameter to skip x lines from the wordlist\n- prevent double slashes when building up an url in dir mode\n- allow for multiple values and ranges on `--exclude-length`\n- `no-fqdn` parameter on dns bruteforce to disable the use of the systems search domains. This should speed up the run if you have configured some search domains. [https://github.com/OJ/gobuster/pull/418](https://github.com/OJ/gobuster/pull/418)\n\n## 3.5\n\n- Allow Ranges in status code and status code blacklist. Example: 200,300-305,404\n\n## 3.4\n\n- Enable TLS1.0 and TLS1.1 support\n- Add TFTP mode to search for files on tftp servers\n\n## 3.3\n\n- Support TLS client certificates / mtls\n- support loading extensions from file\n- support fuzzing POST body, HTTP headers and basic auth\n- new option to not canonicalize header names\n\n## 3.2\n\n- Use go 1.19\n- use contexts in the correct way\n- get rid of the wildcard flag (except in DNS mode)\n- color output\n- retry on timeout\n- google cloud bucket enumeration\n- fix nil reference errors\n\n## 3.1\n\n- enumerate public AWS S3 buckets\n- fuzzing mode\n- specify HTTP method\n- added support for patterns. You can now specify a file containing patterns that are applied to every word, one by line. Every occurrence of the term `{GOBUSTER}` in it will be replaced with the current wordlist item. Please use with caution as this can cause increase the number of requests issued a lot.\n- The shorthand `p` flag which was assigned to proxy is now used by the pattern flag\n\n## 3.0\n\n- New CLI options so modes are strictly separated (`-m` is now gone!)\n- Performance Optimizations and better connection handling\n- Ability to enumerate vhost names\n- Option to supply custom HTTP headers\n\n# License\n\nSee the LICENSE file.\n\n# Manual\n\n## Available Modes\n\n- dir - the classic directory brute-forcing mode\n- dns - DNS subdomain brute-forcing mode\n- s3 - Enumerate open S3 buckets and look for existence and bucket listings\n- gcs - Enumerate open google cloud buckets\n- vhost - virtual host brute-forcing mode (not the same as DNS!)\n- fuzz - some basic fuzzing, replaces the `FUZZ` keyword\n- tftp - bruteforce tftp files\n\n## Easy Installation\n\n### Binary Releases\n\nWe are now shipping binaries for each of the releases so that you don't even have to build them yourself! How wonderful is that!\n\nIf you're stupid enough to trust binaries that I've put together, you can download them from the [releases](https://github.com/OJ/gobuster/releases) page.\n\n### Docker\n\nYou can also grab a prebuilt docker image from [https://github.com/OJ/gobuster/pkgs/container/gobuster](https://github.com/OJ/gobuster/pkgs/container/gobuster)\n\n```bash\ndocker pull ghcr.io/oj/gobuster:latest\n```\n\n### Using `go install`\n\nIf you have a [Go](https://golang.org/) environment ready to go (at least go 1.19), it's as easy as:\n\n```bash\ngo install github.com/OJ/gobuster/v3@latest\n```\n\nPS: You need at least go 1.19 to compile gobuster.\n\n### Building From Source\n\nSince this tool is written in [Go](https://golang.org/) you need to install the Go language/compiler/etc. Full details of installation and set up can be found [on the Go language website](https://golang.org/doc/install). Once installed you have two options. You need at least go 1.19 to compile gobuster.\n\n### Compiling\n\n`gobuster` has external dependencies, and so they need to be pulled in first:\n\n```bash\ngo get \u0026\u0026 go build\n```\n\nThis will create a `gobuster` binary for you. If you want to install it in the `$GOPATH/bin` folder you can run:\n\n```bash\ngo install\n```\n\n## Modes\n\nHelp is built-in!\n\n- `gobuster help` - outputs the top-level help.\n- `gobuster help \u003cmode\u003e` - outputs the help specific to that mode.\n\n## `dns` Mode\n\n### Options\n\n```text\nUses DNS subdomain enumeration mode\n\nUsage:\n gobuster dns [flags]\n\nFlags:\n -d, --domain string The target domain\n -h, --help help for dns\n -r, --resolver string Use custom DNS server (format server.com or server.com:port)\n -c, --show-cname Show CNAME records (cannot be used with '-i' option)\n -i, --show-ips Show IP addresses\n --timeout duration DNS resolver timeout (default 1s)\n --wildcard Force continued operation when wildcard found\n\nGlobal Flags:\n --delay duration Time each thread waits between requests (e.g. 1500ms)\n --no-color Disable color output\n --no-error Don't display errors\n -z, --no-progress Don't display progress\n -o, --output string Output file to write results to (defaults to stdout)\n -p, --pattern string File containing replacement patterns\n -q, --quiet Don't print the banner and other noise\n -t, --threads int Number of concurrent threads (default 10)\n -v, --verbose Verbose output (errors)\n -w, --wordlist string Path to the wordlist\n```\n\n### Examples\n\n\n```text\ngobuster dns -d mysite.com -t 50 -w common-names.txt\n```\n\nNormal sample run goes like this:\n\n```text\ngobuster dns -d google.com -w ~/wordlists/subdomains.txt\n\n===============================================================\nGobuster v3.2.0\nby OJ Reeves (@TheColonial) \u0026 Christian Mehlmauer (@firefart)\n===============================================================\n[+] Mode : dns\n[+] Url/Domain : google.com\n[+] Threads : 10\n[+] Wordlist : /home/oj/wordlists/subdomains.txt\n===============================================================\n2019/06/21 11:54:20 Starting gobuster\n===============================================================\nFound: chrome.google.com\nFound: ns1.google.com\nFound: admin.google.com\nFound: www.google.com\nFound: m.google.com\nFound: support.google.com\nFound: translate.google.com\nFound: cse.google.com\nFound: news.google.com\nFound: music.google.com\nFound: mail.google.com\nFound: store.google.com\nFound: mobile.google.com\nFound: search.google.com\nFound: wap.google.com\nFound: directory.google.com\nFound: local.google.com\nFound: blog.google.com\n===============================================================\n2019/06/21 11:54:20 Finished\n===============================================================\n```\n\nShow IP sample run goes like this:\n\n```text\ngobuster dns -d google.com -w ~/wordlists/subdomains.txt -i\n\n===============================================================\nGobuster v3.2.0\nby OJ Reeves (@TheColonial) \u0026 Christian Mehlmauer (@firefart)\n===============================================================\n[+] Mode : dns\n[+] Url/Domain : google.com\n[+] Threads : 10\n[+] Wordlist : /home/oj/wordlists/subdomains.txt\n===============================================================\n2019/06/21 11:54:54 Starting gobuster\n===============================================================\nFound: www.google.com [172.217.25.36, 2404:6800:4006:802::2004]\nFound: admin.google.com [172.217.25.46, 2404:6800:4006:806::200e]\nFound: store.google.com [172.217.167.78, 2404:6800:4006:802::200e]\nFound: mobile.google.com [172.217.25.43, 2404:6800:4006:802::200b]\nFound: ns1.google.com [216.239.32.10, 2001:4860:4802:32::a]\nFound: m.google.com [172.217.25.43, 2404:6800:4006:802::200b]\nFound: cse.google.com [172.217.25.46, 2404:6800:4006:80a::200e]\nFound: chrome.google.com [172.217.25.46, 2404:6800:4006:802::200e]\nFound: search.google.com [172.217.25.46, 2404:6800:4006:802::200e]\nFound: local.google.com [172.217.25.46, 2404:6800:4006:80a::200e]\nFound: news.google.com [172.217.25.46, 2404:6800:4006:802::200e]\nFound: blog.google.com [216.58.199.73, 2404:6800:4006:806::2009]\nFound: support.google.com [172.217.25.46, 2404:6800:4006:802::200e]\nFound: wap.google.com [172.217.25.46, 2404:6800:4006:802::200e]\nFound: directory.google.com [172.217.25.46, 2404:6800:4006:802::200e]\nFound: translate.google.com [172.217.25.46, 2404:6800:4006:802::200e]\nFound: music.google.com [172.217.25.46, 2404:6800:4006:802::200e]\nFound: mail.google.com [172.217.25.37, 2404:6800:4006:802::2005]\n===============================================================\n2019/06/21 11:54:55 Finished\n===============================================================\n```\n\nBase domain validation warning when the base domain fails to resolve. This is a warning rather than a failure in case the user fat-fingers while typing the domain.\n\n```text\ngobuster dns -d yp.to -w ~/wordlists/subdomains.txt -i\n\n===============================================================\nGobuster v3.2.0\nby OJ Reeves (@TheColonial) \u0026 Christian Mehlmauer (@firefart)\n===============================================================\n[+] Mode : dns\n[+] Url/Domain : yp.to\n[+] Threads : 10\n[+] Wordlist : /home/oj/wordlists/subdomains.txt\n===============================================================\n2019/06/21 11:56:43 Starting gobuster\n===============================================================\n2019/06/21 11:56:53 [-] Unable to validate base domain: yp.to\nFound: cr.yp.to [131.193.32.108, 131.193.32.109]\n===============================================================\n2019/06/21 11:56:53 Finished\n===============================================================\n```\n\nWildcard DNS is also detected properly:\n\n```text\ngobuster dns -d 0.0.1.xip.io -w ~/wordlists/subdomains.txt\n\n===============================================================\nGobuster v3.2.0\nby OJ Reeves (@TheColonial) \u0026 Christian Mehlmauer (@firefart)\n===============================================================\n[+] Mode : dns\n[+] Url/Domain : 0.0.1.xip.io\n[+] Threads : 10\n[+] Wordlist : /home/oj/wordlists/subdomains.txt\n===============================================================\n2019/06/21 12:13:48 Starting gobuster\n===============================================================\n2019/06/21 12:13:48 [-] Wildcard DNS found. IP address(es): 1.0.0.0\n2019/06/21 12:13:48 [!] To force processing of Wildcard DNS, specify the '--wildcard' switch.\n===============================================================\n2019/06/21 12:13:48 Finished\n===============================================================\n```\n\nIf the user wants to force processing of a domain that has wildcard entries, use `--wildcard`:\n\n```text\ngobuster dns -d 0.0.1.xip.io -w ~/wordlists/subdomains.txt --wildcard\n\n===============================================================\nGobuster v3.2.0\nby OJ Reeves (@TheColonial) \u0026 Christian Mehlmauer (@firefart)\n===============================================================\n[+] Mode : dns\n[+] Url/Domain : 0.0.1.xip.io\n[+] Threads : 10\n[+] Wordlist : /home/oj/wordlists/subdomains.txt\n===============================================================\n2019/06/21 12:13:51 Starting gobuster\n===============================================================\n2019/06/21 12:13:51 [-] Wildcard DNS found. IP address(es): 1.0.0.0\nFound: 127.0.0.1.xip.io\nFound: test.127.0.0.1.xip.io\n===============================================================\n2019/06/21 12:13:53 Finished\n===============================================================\n```\n\n## `dir` Mode\n\n### Options\n\n```text\nUses directory/file enumeration mode\n\nUsage:\n gobuster dir [flags]\n\nFlags:\n -f, --add-slash Append / to each request\n -c, --cookies string Cookies to use for the requests\n -d, --discover-backup Also search for backup files by appending multiple backup extensions\n --exclude-length ints exclude the following content length (completely ignores the status). Supply multiple times to exclude multiple sizes.\n -e, --expanded Expanded mode, print full URLs\n -x, --extensions string File extension(s) to search for\n -r, --follow-redirect Follow redirects\n -H, --headers stringArray Specify HTTP headers, -H 'Header1: val1' -H 'Header2: val2'\n -h, --help help for dir\n --hide-length Hide the length of the body in the output\n -m, --method string Use the following HTTP method (default \"GET\")\n -n, --no-status Don't print status codes\n -k, --no-tls-validation Skip TLS certificate verification\n -P, --password string Password for Basic Auth\n --proxy string Proxy to use for requests [http(s)://host:port]\n --random-agent Use a random User-Agent string\n --retry Should retry on request timeout\n --retry-attempts int Times to retry on request timeout (default 3)\n -s, --status-codes string Positive status codes (will be overwritten with status-codes-blacklist if set)\n -b, --status-codes-blacklist string Negative status codes (will override status-codes if set) (default \"404\")\n --timeout duration HTTP Timeout (default 10s)\n -u, --url string The target URL\n -a, --useragent string Set the User-Agent string (default \"gobuster/3.2.0\")\n -U, --username string Username for Basic Auth\n\nGlobal Flags:\n --delay duration Time each thread waits between requests (e.g. 1500ms)\n --no-color Disable color output\n --no-error Don't display errors\n -z, --no-progress Don't display progress\n -o, --output string Output file to write results to (defaults to stdout)\n -p, --pattern string File containing replacement patterns\n -q, --quiet Don't print the banner and other noise\n -t, --threads int Number of concurrent threads (default 10)\n -v, --verbose Verbose output (errors)\n -w, --wordlist string Path to the wordlist\n```\n\n### Examples\n\n```text\ngobuster dir -u https://mysite.com/path/to/folder -c 'session=123456' -t 50 -w common-files.txt -x .php,.html\n```\n\nDefault options looks like this:\n\n```text\ngobuster dir -u https://buffered.io -w ~/wordlists/shortlist.txt\n\n===============================================================\nGobuster v3.2.0\nby OJ Reeves (@TheColonial) \u0026 Christian Mehlmauer (@firefart)\n===============================================================\n[+] Mode : dir\n[+] Url/Domain : https://buffered.io/\n[+] Threads : 10\n[+] Wordlist : /home/oj/wordlists/shortlist.txt\n[+] Status codes : 200,204,301,302,307,401,403\n[+] User Agent : gobuster/3.2.0\n[+] Timeout : 10s\n===============================================================\n2019/06/21 11:49:43 Starting gobuster\n===============================================================\n/categories (Status: 301)\n/contact (Status: 301)\n/posts (Status: 301)\n/index (Status: 200)\n===============================================================\n2019/06/21 11:49:44 Finished\n===============================================================\n```\n\nDefault options with status codes disabled looks like this:\n\n```text\ngobuster dir -u https://buffered.io -w ~/wordlists/shortlist.txt -n\n\n===============================================================\nGobuster v3.2.0\nby OJ Reeves (@TheColonial) \u0026 Christian Mehlmauer (@firefart)\n===============================================================\n[+] Mode : dir\n[+] Url/Domain : https://buffered.io/\n[+] Threads : 10\n[+] Wordlist : /home/oj/wordlists/shortlist.txt\n[+] Status codes : 200,204,301,302,307,401,403\n[+] User Agent : gobuster/3.2.0\n[+] No status : true\n[+] Timeout : 10s\n===============================================================\n2019/06/21 11:50:18 Starting gobuster\n===============================================================\n/categories\n/contact\n/index\n/posts\n===============================================================\n2019/06/21 11:50:18 Finished\n===============================================================\n```\n\nVerbose output looks like this:\n\n```text\ngobuster dir -u https://buffered.io -w ~/wordlists/shortlist.txt -v\n\n===============================================================\nGobuster v3.2.0\nby OJ Reeves (@TheColonial) \u0026 Christian Mehlmauer (@firefart)\n===============================================================\n[+] Mode : dir\n[+] Url/Domain : https://buffered.io/\n[+] Threads : 10\n[+] Wordlist : /home/oj/wordlists/shortlist.txt\n[+] Status codes : 200,204,301,302,307,401,403\n[+] User Agent : gobuster/3.2.0\n[+] Verbose : true\n[+] Timeout : 10s\n===============================================================\n2019/06/21 11:50:51 Starting gobuster\n===============================================================\nMissed: /alsodoesnotexist (Status: 404)\nFound: /index (Status: 200)\nMissed: /doesnotexist (Status: 404)\nFound: /categories (Status: 301)\nFound: /posts (Status: 301)\nFound: /contact (Status: 301)\n===============================================================\n2019/06/21 11:50:51 Finished\n===============================================================\n```\n\nExample showing content length:\n\n```text\ngobuster dir -u https://buffered.io -w ~/wordlists/shortlist.txt -l\n\n===============================================================\nGobuster v3.2.0\nby OJ Reeves (@TheColonial) \u0026 Christian Mehlmauer (@firefart)\n===============================================================\n[+] Mode : dir\n[+] Url/Domain : https://buffered.io/\n[+] Threads : 10\n[+] Wordlist : /home/oj/wordlists/shortlist.txt\n[+] Status codes : 200,204,301,302,307,401,403\n[+] User Agent : gobuster/3.2.0\n[+] Show length : true\n[+] Timeout : 10s\n===============================================================\n2019/06/21 11:51:16 Starting gobuster\n===============================================================\n/categories (Status: 301) [Size: 178]\n/posts (Status: 301) [Size: 178]\n/contact (Status: 301) [Size: 178]\n/index (Status: 200) [Size: 51759]\n===============================================================\n2019/06/21 11:51:17 Finished\n===============================================================\n```\n\nQuiet output, with status disabled and expanded mode looks like this (\"grep mode\"):\n\n```text\ngobuster dir -u https://buffered.io -w ~/wordlists/shortlist.txt -q -n -e\nhttps://buffered.io/index\nhttps://buffered.io/contact\nhttps://buffered.io/posts\nhttps://buffered.io/categories\n```\n\n## `vhost` Mode\n\n### Options\n\n```text\nUses VHOST enumeration mode (you most probably want to use the IP address as the URL parameter)\n\nUsage:\n gobuster vhost [flags]\n\nFlags:\n --append-domain Append main domain from URL to words from wordlist. Otherwise the fully qualified domains need to be specified in the wordlist.\n -c, --cookies string Cookies to use for the requests\n --domain string the domain to append when using an IP address as URL. If left empty and you specify a domain based URL the hostname from the URL is extracted\n --exclude-length ints exclude the following content length (completely ignores the status). Supply multiple times to exclude multiple sizes.\n -r, --follow-redirect Follow redirects\n -H, --headers stringArray Specify HTTP headers, -H 'Header1: val1' -H 'Header2: val2'\n -h, --help help for vhost\n -m, --method string Use the following HTTP method (default \"GET\")\n -k, --no-tls-validation Skip TLS certificate verification\n -P, --password string Password for Basic Auth\n --proxy string Proxy to use for requests [http(s)://host:port]\n --random-agent Use a random User-Agent string\n --retry Should retry on request timeout\n --retry-attempts int Times to retry on request timeout (default 3)\n --timeout duration HTTP Timeout (default 10s)\n -u, --url string The target URL\n -a, --useragent string Set the User-Agent string (default \"gobuster/3.2.0\")\n -U, --username string Username for Basic Auth\n\nGlobal Flags:\n --delay duration Time each thread waits between requests (e.g. 1500ms)\n --no-color Disable color output\n --no-error Don't display errors\n -z, --no-progress Don't display progress\n -o, --output string Output file to write results to (defaults to stdout)\n -p, --pattern string File containing replacement patterns\n -q, --quiet Don't print the banner and other noise\n -t, --threads int Number of concurrent threads (default 10)\n -v, --verbose Verbose output (errors)\n -w, --wordlist string Path to the wordlist\n```\n\n### Examples\n\n\n```text\ngobuster vhost -u https://mysite.com -w common-vhosts.txt\n```\n\nNormal sample run goes like this:\n\n```text\ngobuster vhost -u https://mysite.com -w common-vhosts.txt\n\n===============================================================\nGobuster v3.2.0\nby OJ Reeves (@TheColonial) \u0026 Christian Mehlmauer (@firefart)\n===============================================================\n[+] Url: https://mysite.com\n[+] Threads: 10\n[+] Wordlist: common-vhosts.txt\n[+] User Agent: gobuster/3.2.0\n[+] Timeout: 10s\n===============================================================\n2019/06/21 08:36:00 Starting gobuster\n===============================================================\nFound: www.mysite.com\nFound: piwik.mysite.com\nFound: mail.mysite.com\n===============================================================\n2019/06/21 08:36:05 Finished\n===============================================================\n```\n\n## `fuzz` Mode\n\n### Options\n\n```text\nUses fuzzing mode\n\nUsage:\n gobuster fuzz [flags]\n\nFlags:\n -c, --cookies string Cookies to use for the requests\n --exclude-length ints exclude the following content length (completely ignores the status). Supply multiple times to exclude multiple sizes.\n -b, --excludestatuscodes string Negative status codes (will override statuscodes if set)\n -r, --follow-redirect Follow redirects\n -H, --headers stringArray Specify HTTP headers, -H 'Header1: val1' -H 'Header2: val2'\n -h, --help help for fuzz\n -m, --method string Use the following HTTP method (default \"GET\")\n -k, --no-tls-validation Skip TLS certificate verification\n -P, --password string Password for Basic Auth\n --proxy string Proxy to use for requests [http(s)://host:port]\n --random-agent Use a random User-Agent string\n --retry Should retry on request timeout\n --retry-attempts int Times to retry on request timeout (default 3)\n --timeout duration HTTP Timeout (default 10s)\n -u, --url string The target URL\n -a, --useragent string Set the User-Agent string (default \"gobuster/3.2.0\")\n -U, --username string Username for Basic Auth\n\nGlobal Flags:\n --delay duration Time each thread waits between requests (e.g. 1500ms)\n --no-color Disable color output\n --no-error Don't display errors\n -z, --no-progress Don't display progress\n -o, --output string Output file to write results to (defaults to stdout)\n -p, --pattern string File containing replacement patterns\n -q, --quiet Don't print the banner and other noise\n -t, --threads int Number of concurrent threads (default 10)\n -v, --verbose Verbose output (errors)\n -w, --wordlist string Path to the wordlist\n```\n\n### Examples\n\n```text\ngobuster fuzz -u https://example.com?FUZZ=test -w parameter-names.txt\n```\n\n## `s3` Mode\n\n### Options\n\n```text\nUses aws bucket enumeration mode\n\nUsage:\n gobuster s3 [flags]\n\nFlags:\n -h, --help help for s3\n -m, --maxfiles int max files to list when listing buckets (only shown in verbose mode) (default 5)\n -k, --no-tls-validation Skip TLS certificate verification\n --proxy string Proxy to use for requests [http(s)://host:port]\n --random-agent Use a random User-Agent string\n --retry Should retry on request timeout\n --retry-attempts int Times to retry on request timeout (default 3)\n --timeout duration HTTP Timeout (default 10s)\n -a, --useragent string Set the User-Agent string (default \"gobuster/3.2.0\")\n\nGlobal Flags:\n --delay duration Time each thread waits between requests (e.g. 1500ms)\n --no-color Disable color output\n --no-error Don't display errors\n -z, --no-progress Don't display progress\n -o, --output string Output file to write results to (defaults to stdout)\n -p, --pattern string File containing replacement patterns\n -q, --quiet Don't print the banner and other noise\n -t, --threads int Number of concurrent threads (default 10)\n -v, --verbose Verbose output (errors)\n -w, --wordlist string Path to the wordlist\n```\n\n### Examples\n\n```text\ngobuster s3 -w bucket-names.txt\n```\n\n## `gcs` Mode\n\n### Options\n\n```text\nUses gcs bucket enumeration mode\n\nUsage:\n gobuster gcs [flags]\n\nFlags:\n -h, --help help for gcs\n -m, --maxfiles int max files to list when listing buckets (only shown in verbose mode) (default 5)\n -k, --no-tls-validation Skip TLS certificate verification\n --proxy string Proxy to use for requests [http(s)://host:port]\n --random-agent Use a random User-Agent string\n --retry Should retry on request timeout\n --retry-attempts int Times to retry on request timeout (default 3)\n --timeout duration HTTP Timeout (default 10s)\n -a, --useragent string Set the User-Agent string (default \"gobuster/3.2.0\")\n\nGlobal Flags:\n --delay duration Time each thread waits between requests (e.g. 1500ms)\n --no-color Disable color output\n --no-error Don't display errors\n -z, --no-progress Don't display progress\n -o, --output string Output file to write results to (defaults to stdout)\n -p, --pattern string File containing replacement patterns\n -q, --quiet Don't print the banner and other noise\n -t, --threads int Number of concurrent threads (default 10)\n -v, --verbose Verbose output (errors)\n -w, --wordlist string Path to the wordlist\n```\n\n### Examples\n\n```text\ngobuster gcs -w bucket-names.txt\n```\n\n## `tftp` Mode\n\n### Options\n\n```text\nUses TFTP enumeration mode\n\nUsage:\n gobuster tftp [flags]\n\nFlags:\n -h, --help help for tftp\n -s, --server string The target TFTP server\n --timeout duration TFTP timeout (default 1s)\n\nGlobal Flags:\n --delay duration Time each thread waits between requests (e.g. 1500ms)\n --no-color Disable color output\n --no-error Don't display errors\n -z, --no-progress Don't display progress\n -o, --output string Output file to write results to (defaults to stdout)\n -p, --pattern string File containing replacement patterns\n -q, --quiet Don't print the banner and other noise\n -t, --threads int Number of concurrent threads (default 10)\n -v, --verbose Verbose output (errors)\n -w, --wordlist string Path to the wordlist\n```\n\n### Examples\n\n```text\ngobuster tftp -s tftp.example.com -w common-filenames.txt\n```\n\n\n## Wordlists via STDIN\n\nWordlists can be piped into `gobuster` via stdin by providing a `-` to the `-w` option:\n\n```bash\nhashcat -a 3 --stdout ?l | gobuster dir -u https://mysite.com -w -\n```\n\nNote: If the `-w` option is specified at the same time as piping from STDIN, an error will be shown and the program will terminate.\n\n## Patterns\n\nYou can supply pattern files that will be applied to every word from the wordlist.\nJust place the string `{GOBUSTER}` in it and this will be replaced with the word.\nThis feature is also handy in s3 mode to pre- or postfix certain patterns.\n\n**Caution:** Using a big pattern file can cause a lot of request as every pattern is applied to every word in the wordlist.\n\n### Example file\n\n```text\n{GOBUSTER}Partial\n{GOBUSTER}Service\nPRE{GOBUSTER}POST\n{GOBUSTER}-prod\n{GOBUSTER}-dev\n```\n\n#### Use case in combination with patterns\n\n- Create a custom wordlist for the target containing company names and so on\n- Create a pattern file to use for common bucket names.\n\n```bash\ncurl -s --output - https://raw.githubusercontent.com/eth0izzle/bucket-stream/master/permutations/extended.txt | sed -s 's/%s/{GOBUSTER}/' \u003e patterns.txt\n```\n\n- Run gobuster with the custom input. Be sure to turn verbose mode on to see the bucket details\n\n```text\ngobuster s3 --wordlist my.custom.wordlist -p patterns.txt -v\n```\n\nNormal sample run goes like this:\n\n```text\nPS C:\\Users\\firefart\\Documents\\code\\gobuster\u003e .\\gobuster.exe s3 --wordlist .\\wordlist.txt\n===============================================================\nGobuster v3.2.0\nby OJ Reeves (@TheColonial) \u0026 Christian Mehlmauer (@firefart)\n===============================================================\n[+] Threads: 10\n[+] Wordlist: .\\wordlist.txt\n[+] User Agent: gobuster/3.2.0\n[+] Timeout: 10s\n[+] Maximum files to list: 5\n===============================================================\n2019/08/12 21:48:16 Starting gobuster in S3 bucket enumeration mode\n===============================================================\nwebmail\nhacking\ncss\nimg\nwww\ndav\nweb\nlocalhost\n===============================================================\n2019/08/12 21:48:17 Finished\n===============================================================\n```\n\nVerbose and sample run\n\n```text\nPS C:\\Users\\firefart\\Documents\\code\\gobuster\u003e .\\gobuster.exe s3 --wordlist .\\wordlist.txt -v\n===============================================================\nGobuster v3.2.0\nby OJ Reeves (@TheColonial) \u0026 Christian Mehlmauer (@firefart)\n===============================================================\n[+] Threads: 10\n[+] Wordlist: .\\wordlist.txt\n[+] User Agent: gobuster/3.2.0\n[+] Verbose: true\n[+] Timeout: 10s\n[+] Maximum files to list: 5\n===============================================================\n2019/08/12 21:49:00 Starting gobuster in S3 bucket enumeration mode\n===============================================================\nwww [Error: All access to this object has been disabled (AllAccessDisabled)]\nhacking [Error: Access Denied (AccessDenied)]\ncss [Error: All access to this object has been disabled (AllAccessDisabled)]\nwebmail [Error: All access to this object has been disabled (AllAccessDisabled)]\nimg [Bucket Listing enabled: GodBlessPotomac1.jpg (1236807b), HOMEWORKOUTAUDIO.zip (203908818b), ProductionInfo.xml (11946b), Start of Perpetual Motion Logo-1.mp3 (621821b), addressbook.gif (3115b)]\nweb [Error: Access Denied (AccessDenied)]\ndav [Error: All access to this object has been disabled (AllAccessDisabled)]\nlocalhost [Error: Access Denied (AccessDenied)]\n===============================================================\n2019/08/12 21:49:01 Finished\n===============================================================\n```\n\nExtended sample run\n\n```text\nPS C:\\Users\\firefart\\Documents\\code\\gobuster\u003e .\\gobuster.exe s3 --wordlist .\\wordlist.txt -e\n===============================================================\nGobuster v3.2.0\nby OJ Reeves (@TheColonial) \u0026 Christian Mehlmauer (@firefart)\n===============================================================\n[+] Threads: 10\n[+] Wordlist: .\\wordlist.txt\n[+] User Agent: gobuster/3.2.0\n[+] Timeout: 10s\n[+] Expanded: true\n[+] Maximum files to list: 5\n===============================================================\n2019/08/12 21:48:38 Starting gobuster in S3 bucket enumeration mode\n===============================================================\nhttp://css.s3.amazonaws.com/\nhttp://www.s3.amazonaws.com/\nhttp://webmail.s3.amazonaws.com/\nhttp://hacking.s3.amazonaws.com/\nhttp://img.s3.amazonaws.com/\nhttp://web.s3.amazonaws.com/\nhttp://dav.s3.amazonaws.com/\nhttp://localhost.s3.amazonaws.com/\n===============================================================\n2019/08/12 21:48:38 Finished\n===============================================================\n```\n","funding_links":["https://github.com/sponsors/OJ","https://github.com/sponsors/firefart","https://patreon.com/OJReeves","https://opencollective.com/gobuster","https://ko-fi.com/OJReeves"],"categories":["\u003ca id=\"a76463feb91d09b3d024fae798b92be6\"\u003e\u003c/a\u003e侦察\u0026\u0026信息收集\u0026\u0026子域名发现与枚举\u0026\u0026OSINT","\u003ca id=\"170048b7d8668c50681c0ab1e92c679a\"\u003e\u003c/a\u003e工具"],"sub_categories":["\u003ca id=\"a695111d8e30d645354c414cb27b7843\"\u003e\u003c/a\u003eDNS"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Foj%2Fgobuster","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Foj%2Fgobuster","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Foj%2Fgobuster/lists"}