By default, Gobuster shows you the discovered subdomain. If you want to see the corresponding IP address mapping immediately, add the -i flag.
cat giant.txt | gobuster dns -d example.com -w - --threads 200 --output dns.out
# Only show status codes 200, 301, and 302 gobuster dir -u http://target.com -w wordlist.txt -s "200,301,302"
| Flag | Effect | Example | |------|--------|---------| | -s | Show status codes (comma-separated) | -s "200,204,301,302,307" | | -x | File extensions to append | -x "php,html,asp,js,txt" | | -X | HTTP methods | -X "GET,POST,HEAD" | | -r | Follow redirects | -r | | -b | Hide status codes (negate -s) | -b "404,403" | | -l | Include response length in output | -l |
| Flag | Description | Default | |------|-------------|---------| | -t, --threads int | Number of concurrent threads | 10 | | -w, --wordlist string | Path to the wordlist | Required | | -o, --output string | File to write results to | stdout | | -q, --quiet | Suppress banner output | false | | -v, --verbose | Verbose output (show errors) | false | | --delay duration | Delay between requests (e.g., 1500ms) | 0 | | -z, --no-progress | Don't display progress | false | | --no-color | Disable colored output | false | gobuster commands upd
This will update Gobuster to the latest version.
Example:
gobuster dns -d targetdomain.com -w /usr/share/wordlists/SecLists/Discovery/DNS/subdomains-top1million-5000.txt -i Use code with caution. 3. Custom DNS Server Routing
: Sets the number of concurrent threads. Default is 10, but 50-100 is common for faster scans. By default, Gobuster shows you the discovered subdomain
❌ Using -c for cookies without quoting special characters ✅ New: --cookies "session=abc; userid=1"
This will attempt to find virtual hosts on the target web application.
To use these, simply append to any command:
Handle authentication, ignore specific status codes, and bypass self-signed SSL certificates: Example: gobuster dns -d targetdomain
Integrate Gobuster with other reconnaissance tools:
--wildcard : Forces Gobuster to continue scanning if it detects a wildcard DNS deployment. 3. Virtual Host Brute-Forcing ( vhost Mode)
gobuster dir -u https://target.com -w words.txt --random-agent-enumeration --retry --retry-attempts 3 --proxy socks5://127.0.0.1:9050
Several global flags have changed or been added in recent Gobuster updates:
Use the target's IP address as the URL, not the domain name, to ensure the correct virtual host is resolved.