`gobuster` is a popular tool for directory and file brute-forcing on web servers. Here are some `gobuster` commands with examples:
1. Basic Directory Scanning:
gobuster dir -u http://example.com -w wordlist.txt
This command will scan the given URL for directories using a wordlist file.
2. File Extension Scanning:
gobuster dir -u http://example.com -w wordlist.txt -x php,html,txt
This command scans for directories and includes only files with the specified extensions.
3. Recursive Directory Scanning:
gobuster dir -u http://example.com -w wordlist.txt -r
The `-r` flag enables recursive directory scanning, which is useful for finding nested directories.
4. Virtual Host Enumeration:
gobuster vhost -u http://example.com -w subdomains.txt
This command enumerates virtual hosts by checking a list of subdomains from the provided wordlist.
5. Forced User-Agent:
gobuster dir -u http://example.com -w wordlist.txt -a Mozilla/5.0
Use the `-a` flag to set a custom User-Agent string when making requests.
6. Custom Status Codes:
gobuster dir -u http://example.com -w wordlist.txt -s 200,204,301
Specify custom status codes with the `-s` flag to only display the results matching those codes.
7. URL Path Prefix:
gobuster dir -u http://example.com/some/path -w wordlist.txt
You can scan a specific path by including it in the URL.
8. Parallel Requests:
gobuster dir -u http://example.com -w wordlist.txt -t 50
Increase the number of parallel requests with the `-t` flag (default is 10).
9. Output to File:
gobuster dir -u http://example.com -w wordlist.txt -o results.txt
Save the scan results to a file with the `-o` flag.
Remember to replace `http://example.com` with the target URL and `wordlist.txt` with the path to your wordlist file. Also, ensure that you have permission to perform directory and file brute-forcing on the target system, as such activities might be illegal and unethical without proper authorization.