[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-4930":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":10,"language":11,"languages":10,"totalLinesOfCode":10,"stars":12,"forks":13,"watchers":14,"openIssues":15,"contributorsCount":16,"subscribersCount":16,"size":16,"stars1d":17,"stars7d":18,"stars30d":19,"stars90d":16,"forks30d":16,"starsTrendScore":20,"compositeScore":21,"rankGlobal":10,"rankLanguage":10,"license":22,"archived":23,"fork":23,"defaultBranch":24,"hasWiki":25,"hasPages":23,"topics":26,"createdAt":10,"pushedAt":10,"updatedAt":32,"readmeContent":33,"aiSummary":34,"trendingCount":16,"starSnapshotCount":16,"syncStatus":35,"lastSyncTime":36,"discoverSource":37},4930,"gobuster","OJ\u002Fgobuster","OJ","Directory\u002FFile, DNS and VHost busting tool written in Go","",null,"Go",13796,1587,175,13,0,1,27,117,12,95.1,"Apache License 2.0",false,"master",true,[27,28,29,30,31],"dns","go","pentesting","tool","web","2026-06-12 04:00:24","# Gobuster\n\n[![Go Report Card](https:\u002F\u002Fgoreportcard.com\u002Fbadge\u002Fgithub.com\u002FOJ\u002Fgobuster\u002Fv3)](https:\u002F\u002Fgoreportcard.com\u002Freport\u002Fgithub.com\u002FOJ\u002Fgobuster\u002Fv3) [![License](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FLicense-Apache%202.0-blue.svg)](https:\u002F\u002Fgithub.com\u002FOJ\u002Fgobuster\u002Fblob\u002Fmaster\u002FLICENSE) [![Backers on Open Collective](https:\u002F\u002Fopencollective.com\u002Fgobuster\u002Fbackers\u002Fbadge.svg)](https:\u002F\u002Fopencollective.com\u002Fgobuster) [![Sponsors on Open Collective](https:\u002F\u002Fopencollective.com\u002Fgobuster\u002Fsponsors\u002Fbadge.svg)](https:\u002F\u002Fopencollective.com\u002Fgobuster)\n\n## 💻 Introduction\n\n> A fast and flexible brute-forcing tool written in Go\n\n**Gobuster** is a high-performance directory\u002Ffile, DNS and virtual host brute-forcing tool written in Go. It's designed to be fast, reliable, and easy to use for security professionals and penetration testers.\n\n## ✨ Features\n\n- 🚀 **High Performance**: Multi-threaded scanning with configurable concurrency\n- 🔍 **Multiple Modes**: Directory, DNS, virtual host, S3, GCS, TFTP, and fuzzing modes\n- 🛡️ **Security Focused**: Built for penetration testing and security assessments\n- 🐳 **Docker Support**: Available as a Docker container\n- 🔧 **Extensible**: Pattern-based scanning and custom wordlists\n\n## 🎯 What Can Gobuster Do?\n\n- **Web Directory\u002FFile Enumeration**: Discover hidden directories and files on web servers\n- **DNS Subdomain Discovery**: Find subdomains with wildcard support\n- **Virtual Host Detection**: Identify virtual hosts on target web servers\n- **Cloud Storage Enumeration**: Discover open Amazon S3 and Google Cloud Storage buckets\n- **TFTP File Discovery**: Find files on TFTP servers\n- **Custom Fuzzing**: Flexible fuzzing with customizable parameters\n\n## 🚀 Quick Start\n\n```bash\n# Install gobuster\ngo install github.com\u002FOJ\u002Fgobuster\u002Fv3@latest\n\n# Basic directory enumeration\ngobuster dir -u https:\u002F\u002Fexample.com -w \u002Fpath\u002Fto\u002Fwordlist.txt\n\n# DNS subdomain enumeration\ngobuster dns -do example.com -w \u002Fpath\u002Fto\u002Fwordlist.txt\n\n# Virtual host discovery\ngobuster vhost -u https:\u002F\u002Fexample.com -w \u002Fpath\u002Fto\u002Fwordlist.txt\n\n# S3 bucket enumeration\ngobuster s3 -w \u002Fpath\u002Fto\u002Fbucket-names.txt\n```\n\n## 📦 Installation\n\n### Quick Install (Recommended)\n\n```bash\ngo install github.com\u002FOJ\u002Fgobuster\u002Fv3@latest\n```\n\n**Requirements**: Go 1.24 or higher\n\n### Alternative Installation Methods\n\n#### Using Binary Releases\n\nDownload pre-compiled binaries from the [releases page](https:\u002F\u002Fgithub.com\u002FOJ\u002Fgobuster\u002Freleases).\n\n#### Using Docker\n\n```bash\n# Pull the latest image\ndocker pull ghcr.io\u002Foj\u002Fgobuster:latest\n\n# Run gobuster in Docker\ndocker run --rm -it ghcr.io\u002Foj\u002Fgobuster:latest dir -u https:\u002F\u002Fexample.com -w \u002Fusr\u002Fshare\u002Fwordlists\u002Fdirb\u002Fcommon.txt\n```\n\n#### Building from Source\n\n```bash\ngit clone https:\u002F\u002Fgithub.com\u002FOJ\u002Fgobuster.git\ncd gobuster\ngo mod tidy\ngo build\n```\n\n### Troubleshooting Installation\n\nIf you encounter issues:\n\n- Ensure Go version 1.24+ is installed: `go version`\n- Check your `$GOPATH` and `$GOBIN` environment variables\n- Verify `$GOPATH\u002Fbin` is in your `$PATH`\n\n## 🎯 Usage\n\nGobuster uses a mode-based approach. Each mode is designed for specific enumeration tasks:\n\n```bash\ngobuster [mode] [options]\n```\n\n### Getting Help\n\n```bash\ngobuster help                   # Show general help\ngobuster help [mode]            # Show help for specific mode\ngobuster [mode] --help          # Alternative help syntax\n```\n\n### 📊 Available Modes\n\n#### 🌐 Directory Mode (`dir`)\n\nEnumerate directories and files on web servers.\n\n**Basic Usage:**\n\n```bash\ngobuster dir -u https:\u002F\u002Fexample.com -w wordlist.txt\n```\n\n**Advanced Options:**\n\n```bash\n# With file extensions\ngobuster dir -u https:\u002F\u002Fexample.com -w wordlist.txt -x php,html,js,txt\n\n# With custom headers and cookies\ngobuster dir -u https:\u002F\u002Fexample.com -w wordlist.txt -H \"Authorization: Bearer token\" -c \"session=value\"\n\n# Show response length\ngobuster dir -u https:\u002F\u002Fexample.com -w wordlist.txt -l\n\n# Filter by status codes\ngobuster dir -u https:\u002F\u002Fexample.com -w wordlist.txt -s 200,301,302\n```\n\n#### 🔍 DNS Mode (`dns`)\n\nDiscover subdomains through DNS resolution.\n\n**Basic Usage:**\n\n```bash\ngobuster dns -do example.com -w wordlist.txt\n```\n\n**Advanced Options:**\n\n```bash\n# Use custom DNS server\ngobuster dns -do example.com -w wordlist.txt -r 8.8.8.8:53\n\n# Increase threads for faster scanning\ngobuster dns -do example.com -w wordlist.txt -t 50\n```\n\n#### 🏠 Virtual Host Mode (`vhost`)\n\nDiscover virtual hosts on web servers.\n\n**Basic Usage:**\n\n```bash\ngobuster vhost -u https:\u002F\u002Fexample.com --append-domain -w wordlist.txt\n```\n\n#### ☁️ S3 Mode (`s3`)\n\nEnumerate Amazon S3 buckets.\n\n**Basic Usage:**\n\n```bash\ngobuster s3 -w bucket-names.txt\n```\n\n**With Debug Output:**\n\n```bash\ngobuster s3 -w bucket-names.txt --debug\n```\n\n#### 🖥️ TFTP Mode (`tftp`)\n\nEnumerate files on tftp servers.\n\n**Basic Usage:**\n\n```bash\ngobuster tftp -s 10.0.0.1 -w wordlist.txt\n```\n\n#### ☁️ GCS Mode (`gcs`)\n\nEnumerate Google Cloud Storage Buckets.\n\n**Basic Usage:**\n\n```bash\ngobuster gcs -w bucket-names.txt\n```\n\n**With Debug Output:**\n\n```bash\ngobuster gcs -w bucket-names.txt --debug\n```\n\n#### 🔧 Fuzz Mode (`fuzz`)\n\nCustom fuzzing with the `FUZZ` keyword.\n\n**Basic Usage:**\n\n```bash\ngobuster fuzz -u https:\u002F\u002Fexample.com?FUZZ=test -w wordlist.txt\n```\n\n**Advanced Examples:**\n\n```bash\n# Fuzz URL parameters\ngobuster fuzz -u https:\u002F\u002Fexample.com?param=FUZZ -w wordlist.txt\n\n# Fuzz headers\ngobuster fuzz -u https:\u002F\u002Fexample.com -H \"X-Custom-Header: FUZZ\" -w wordlist.txt\n\n# Fuzz POST data\ngobuster fuzz -u https:\u002F\u002Fexample.com -d \"username=admin&password=FUZZ\" -w passwords.txt\n```\n\n## 💰 Support\n\n[![Backers on Open Collective](https:\u002F\u002Fopencollective.com\u002Fgobuster\u002Fbackers\u002Fbadge.svg)](https:\u002F\u002Fopencollective.com\u002Fgobuster) [![Sponsors on Open Collective](https:\u002F\u002Fopencollective.com\u002Fgobuster\u002Fsponsors\u002Fbadge.svg)](https:\u002F\u002Fopencollective.com\u002Fgobuster)\n\n### Love this tool? Back it!\n\nIf you're backing us already, you rock. If you're not, that's cool too! Want to back us? [Become a backer](https:\u002F\u002Fopencollective.com\u002Fgobuster#backer)!\n\n[![Backers](https:\u002F\u002Fopencollective.com\u002Fgobuster\u002Fbackers.svg?width=890)](https:\u002F\u002Fopencollective.com\u002Fgobuster#backers)\n\nAll funds that are donated to this project will be donated to charity. A full log of charity donations will be available in this repository as they are processed.\n\n## 💡 Common Use Cases\n\n### Web Application Security Testing\n\n```bash\n# Comprehensive directory enumeration\ngobuster dir -u https:\u002F\u002Ftarget.com -w \u002Fusr\u002Fshare\u002Fwordlists\u002Fdirbuster\u002Fdirectory-list-2.3-medium.txt -x php,html,js,txt,asp,aspx,jsp\n\n# API endpoint discovery\ngobuster dir -u https:\u002F\u002Fapi.target.com -w \u002Fusr\u002Fshare\u002Fwordlists\u002Fdirb\u002Fcommon.txt -x json\n\n# Admin panel discovery\ngobuster dir -u https:\u002F\u002Ftarget.com -w admin-panels.txt -s 200,301,302,403\n```\n\n### DNS Reconnaissance\n\n```bash\n# Comprehensive subdomain enumeration\ngobuster dns -do target.com -w \u002Fusr\u002Fshare\u002Fwordlists\u002Fdnsrecon\u002Fsubdomains-top1mil-5000.txt -t 50\n```\n\n### Cloud Storage Assessment\n\n```bash\n# S3 bucket enumeration with patterns\ngobuster s3 -w company-names.txt -v\n\n# GCS bucket enumeration\ngobuster gcs -w company-names.txt -v\n```\n\n## 🔧 Troubleshooting\n\n### Common Issues\n\n#### \"Permission Denied\" or \"Access Denied\"\n\n- Try reducing thread count with `-t` flag\n- Add delays between requests with `--delay`\n- Use different user agent with `-a` flag\n\n#### \"Connection Timeout\"\n\n- Increase timeout with `--timeout` flag\n- Reduce thread count for slower targets\n- Check your internet connection\n\n#### \"No Results Found\"\n\n- Verify the target URL is accessible\n- Try different wordlists\n- Check status code filtering with `-s` flag\n\n### Performance Issues\n\n#### Slow Scanning\n\n- Increase thread count with `-t` flag (but be careful not to overwhelm the target)\n- Use smaller, more targeted wordlists\n\n## 🎯 Best Practices\n\n### Security Testing Guidelines\n\n1. **Always get proper authorization** before testing any target\n2. **Start with low thread counts** to avoid overwhelming servers\n3. **Use appropriate wordlists** for the target technology\n4. **Respect rate limits** and implement delays if needed\n5. **Monitor your network traffic** to avoid detection\n\n### Wordlist Selection\n\n- **For web applications**: Use technology-specific wordlists (PHP, ASP.NET, etc.)\n- **For APIs**: Focus on common API endpoints and versioning patterns\n- **For DNS**: Use subdomain-specific wordlists with common patterns\n- **For cloud storage**: Use company\u002Fbrand-specific patterns\n\n### Output Management\n\n```bash\n# Save results to file\ngobuster dir -u https:\u002F\u002Fexample.com -w wordlist.txt -o results.txt\n\n# Use quiet mode for clean output\ngobuster dir -u https:\u002F\u002Fexample.com -w wordlist.txt -q\n```\n\n## 📚 Additional Resources\n\n### Recommended Wordlists\n\n- **SecLists**: [https:\u002F\u002Fgithub.com\u002Fdanielmiessler\u002FSecLists](https:\u002F\u002Fgithub.com\u002Fdanielmiessler\u002FSecLists)\n- **FuzzDB**: [https:\u002F\u002Fgithub.com\u002Ffuzzdb-project\u002Ffuzzdb](https:\u002F\u002Fgithub.com\u002Ffuzzdb-project\u002Ffuzzdb)\n- **Seclists DNS**: [https:\u002F\u002Fgithub.com\u002Fdanielmiessler\u002FSecLists\u002Ftree\u002Fmaster\u002FDiscovery\u002FDNS](https:\u002F\u002Fgithub.com\u002Fdanielmiessler\u002FSecLists\u002Ftree\u002Fmaster\u002FDiscovery\u002FDNS)\n\n---\n\n**Happy hacking! 🚀**\n\n_Remember: Always test responsibly and with proper authorization._\n\n# Changes\n\n\u003Cdetails>\n\n\u003Csummary>3.8.2\u003C\u002Fsummary>\n\n## 3.8.2\n\n- Fix expanded mode to show the full url again\n\n\u003C\u002Fdetails>\n\n\u003Cdetails>\n\n\u003Csummary>3.8.1\u003C\u002Fsummary>\n\n## 3.8.1\n\n- Fix expanded mode showing the entries twice\n\n\u003C\u002Fdetails>\n\n\u003Cdetails>\n\n\u003Csummary>3.8\u003C\u002Fsummary>\n\n## 3.8\n\n- Add exclude-hostname-length flag to dynamically adjust exclude-length by @0xyy66\n- Fix Fuzzing query parameters\n- Add `--force` flag in `dir` mode to continue execution if precheck errors occur\n\n\u003C\u002Fdetails>\n\n\u003Cdetails>\n\n\u003Csummary>3.7\u003C\u002Fsummary>\n\n## 3.7\n\n- use new cli library\n- a lot more short options due to the new cli library\n- more user friendly error messages\n- clean up DNS mode\n- renamed `show-cname` to `check-cname` in dns mode\n- got rid of `verbose` flag and introduced `debug` instead\n- the version command now also shows some build variables for more info\n- switched to another pkcs12 library to support p12s generated with openssl3 that use SHA256 HMAC\n- comments in wordlists (strings starting with #) are no longer ignored\n- warn in vhost mode if the --append-domain switch might have been forgotten\n- allow to exclude status code and length in vhost mode\n- added automaxprocs for use in docker with cpu limits\n- log http requests with debug enabled\n- allow fuzzing of Host header in fuzz mode\n- automatically disable progress output when output is redirected\n- fix extra special characters when run with `--no-progress`\n- warn when using vhost mode with a proxy and http based urls as this might not work as expected\n- add `interface` and `local-ip` parameters to specify the outgoing interface for http requests\n- add support for tls renegotiation\n- fix progress with patterns by @acammack\n- fix backup discovery by @acammack\n- support tcp protocol on dns servers\n- add support for URL query parameters\n\n\u003C\u002Fdetails>\n\n\u003Cdetails>\n\u003Csummary>3.6\u003C\u002Fsummary>\n\n## 3.6\n\n- Wordlist offset parameter to skip x lines from the wordlist\n- prevent double slashes when building up an url in dir mode\n- allow for multiple values and ranges on `--exclude-length`\n- `no-fqdn` parameter on dns bruteforce to disable the use of the systems search domains. This should speed up the run if you have configured some search domains. [https:\u002F\u002Fgithub.com\u002FOJ\u002Fgobuster\u002Fpull\u002F418](https:\u002F\u002Fgithub.com\u002FOJ\u002Fgobuster\u002Fpull\u002F418)\n\n\u003C\u002Fdetails>\n\n\u003Cdetails>\n\u003Csummary>3.5\u003C\u002Fsummary>\n\n## 3.5\n\n- Allow Ranges in status code and status code blacklist. Example: 200,300-305,404\n\n\u003C\u002Fdetails>\n\n\u003Cdetails>\n\u003Csummary>3.4\u003C\u002Fsummary>\n\n## 3.4\n\n- Enable TLS1.0 and TLS1.1 support\n- Add TFTP mode to search for files on tftp servers\n\n\u003C\u002Fdetails>\n\n\u003Cdetails>\n\u003Csummary>3.3\u003C\u002Fsummary>\n\n## 3.3\n\n- Support TLS client certificates \u002F mtls\n- support loading extensions from file\n- support fuzzing POST body, HTTP headers and basic auth\n- new option to not canonicalize header names\n\n\u003C\u002Fdetails>\n\n\u003Cdetails>\n\u003Csummary>3.2\u003C\u002Fsummary>\n\n## 3.2\n\n- Use go 1.19\n- use contexts in the correct way\n- get rid of the wildcard flag (except in DNS mode)\n- color output\n- retry on timeout\n- google cloud bucket enumeration\n- fix nil reference errors\n\n\u003C\u002Fdetails>\n\n\u003Cdetails>\n\u003Csummary>3.1\u003C\u002Fsummary>\n\n## 3.1\n\n- enumerate public AWS S3 buckets\n- fuzzing mode\n- specify HTTP method\n- added support for patterns. You can now specify a file containing patterns that are applied to every word, one by line. Every occurrence of the term `{GOBUSTER}` in it will be replaced with the current wordlist item. Please use with caution as this can cause increase the number of requests issued a lot.\n- The shorthand `p` flag which was assigned to proxy is now used by the pattern flag\n\n\u003C\u002Fdetails>\n\n\u003Cdetails>\n\u003Csummary>3.0\u003C\u002Fsummary>\n\n## 3.0\n\n- New CLI options so modes are strictly separated (`-m` is now gone!)\n- Performance Optimizations and better connection handling\n- Ability to enumerate vhost names\n- Option to supply custom HTTP headers\n\n\u003C\u002Fdetails>\n","Gobuster 是一个用 Go 语言编写的高性能目录\u002F文件、DNS 和虚拟主机暴力破解工具。它支持多线程扫描和可配置的并发，提供包括目录枚举、DNS 子域名发现、虚拟主机检测以及云存储桶枚举等多种模式。该工具专为安全专业人员和渗透测试者设计，具有高效率、可靠性和易用性，并且支持 Docker 容器化部署与自定义模糊测试。适用于需要对网站结构进行探索、查找潜在安全漏洞或评估网络资产暴露情况的场景。",2,"2026-06-11 03:01:32","top_language"]