Quick Start
What You’ll Learn
By the end of this tutorial, you’ll be able to:
- Install Gobuster on Linux and macOS
- Perform basic directory and file brute-forcing
- Use essential Gobuster flags for web enumeration
- Run simple DNS subdomain discovery
- Interpret basic scan results
Prerequisites
Before starting, ensure you have:
- A Linux or macOS system (Windows users can use WSL2)
- Basic command-line knowledge
- Go 1.19+ installed (for compilation method)
- Permission to scan target systems (own test environment or authorized targets only)
Legal and Ethical Notice: Only use Gobuster on systems you own or have explicit written permission to test. Unauthorized scanning is illegal and unethical. Always conduct security testing responsibly and within legal boundaries.
What is Gobuster?
Gobuster is a high-performance brute-forcing tool written in Go. It helps security professionals discover hidden directories, files, DNS subdomains, and virtual hosts by testing against wordlists.
Why Use Gobuster?
- Fast Performance - Written in Go with concurrent processing for rapid enumeration
- Multiple Modes - Supports directory/file brute-forcing, DNS enumeration, and virtual host discovery
- Simple Interface - Clean command-line interface with straightforward options
Learning Path
%% Color Palette: Blue #0173B2, Orange #DE8F05, Teal #029E73, Purple #CC78BC, Brown #CA9161
flowchart TD
A[Installation] --> B[Basic Directory Scan]
B --> C[Understanding Output]
C --> D[Using Wordlists]
D --> E[DNS Enumeration]
E --> F[Next: Beginner Tutorial]
style A fill:#0173B2,stroke:#000,color:#fff
style B fill:#DE8F05,stroke:#000,color:#000
style C fill:#029E73,stroke:#000,color:#fff
style D fill:#CC78BC,stroke:#000,color:#000
style E fill:#CA9161,stroke:#000,color:#000
style F fill:#0173B2,stroke:#000,color:#fff
Installing Gobuster
Step 1: Choose Installation Method
Option A: Install via Package Manager (Recommended)
On Kali Linux or Debian-based systems:
sudo apt update
sudo apt install gobusterOn macOS with Homebrew:
brew install gobusterOption B: Install from Source
If you have Go installed:
go install github.com/OJ/gobuster/v3@latestThe binary will be installed to $GOPATH/bin/gobuster (usually ~/go/bin/gobuster).
Step 2: Verify Installation
Check that Gobuster is properly installed:
gobuster versionExpected Output:
Gobuster v3.x.x
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@firefart)The version number may vary depending on your installation method and when you installed Gobuster. As of late 2025, versions 3.6.0 through 3.8+ are common.
Step 3: Download a Basic Wordlist
Gobuster requires wordlists to function. Download a common wordlist:
mkdir -p ~/wordlists
curl -o ~/wordlists/common.txt \
https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/common.txtAlternatively, if you have SecLists installed:
Your First Directory Scan
Let’s perform a basic directory brute-force scan against a test target.
For this example, we’ll use
http://testphp.vulnweb.com - a public vulnerable web application designed for security testing practice.Basic Directory Enumeration
Run Gobuster in directory mode:
gobuster dir -u http://testphp.vulnweb.com -w ~/wordlists/common.txtCommand Breakdown:
gobuster dir- Use directory/file brute-forcing mode-u http://testphp.vulnweb.com- Target URL-w ~/wordlists/common.txt- Wordlist file path
Sample Output:
===============================================================
Gobuster v3.6.0
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@firefart)
===============================================================
[+] Url: http://testphp.vulnweb.com
[+] Method: GET
[+] Threads: 10
[+] Wordlist: /home/user/wordlists/common.txt
[+] Negative Status codes: 404
[+] User Agent: gobuster/3.6.0
[+] Timeout: 10s
===============================================================
Starting gobuster in directory enumeration mode
===============================================================
/admin (Status: 301) [Size: 185] [--> http://testphp.vulnweb.com/admin/]
/images (Status: 301) [Size: 186] [--> http://testphp.vulnweb.com/images/]
/index (Status: 200) [Size: 4958]
/login (Status: 200) [Size: 3267]
===============================================================
Finished
===============================================================Understanding the Output
%% Color Palette: Blue #0173B2, Orange #DE8F05, Teal #029E73, Purple #CC78BC, Brown #CA9161
flowchart LR
A["Path: /admin"] --> B["Status: 301"]
B --> C["Redirect to /admin/"]
D["Path: /images"] --> E["Status: 301"]
E --> F["Redirect to /images/"]
G["Path: /login"] --> H["Status: 200"]
H --> I["Page Found"]
style A fill:#0173B2,stroke:#000,color:#fff
style B fill:#DE8F05,stroke:#000,color:#000
style C fill:#029E73,stroke:#000,color:#fff
style D fill:#0173B2,stroke:#000,color:#fff
style E fill:#DE8F05,stroke:#000,color:#000
style F fill:#029E73,stroke:#000,color:#fff
style G fill:#0173B2,stroke:#000,color:#fff
style H fill:#DE8F05,stroke:#000,color:#000
style I fill:#029E73,stroke:#000,color:#fff
Key Status Codes:
- 200 OK - Resource exists and is accessible
- 301 Moved Permanently - Redirect (directory/file exists)
- 302 Found - Temporary redirect
- 403 Forbidden - Resource exists but access is denied
- 401 Unauthorized - Authentication required
Essential Gobuster Flags
Customize your scans with these common flags:
Thread Control
Speed up scans by increasing concurrent threads:
gobuster dir -u http://testphp.vulnweb.com -w ~/wordlists/common.txt -t 50-t 50- Use 50 concurrent threads (default: 10)- Higher threads = faster scans, but may trigger rate limiting
File Extensions
Search for specific file types:
gobuster dir -u http://testphp.vulnweb.com -w ~/wordlists/common.txt -x php,html,txt-x php,html,txt- Append these extensions to each wordlist entry- Example: “admin” becomes “admin.php”, “admin.html”, “admin.txt”
Status Code Filtering
Show only specific status codes:
gobuster dir -u http://testphp.vulnweb.com -w ~/wordlists/common.txt -s 200,301,302-s 200,301,302- Only display results with these status codes- Useful for filtering out noise from 403/401 responses
DNS Subdomain Enumeration
Gobuster can also discover DNS subdomains.
Basic DNS Enumeration
gobuster dns -d example.com -w ~/wordlists/common.txtCommand Breakdown:
gobuster dns- Use DNS enumeration mode-d example.com- Target domain-w ~/wordlists/common.txt- Wordlist with potential subdomain names
Sample Output:
===============================================================
Gobuster v3.6.0
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@firefart)
===============================================================
[+] Domain: example.com
[+] Threads: 10
[+] Wordlist: /home/user/wordlists/common.txt
===============================================================
Starting gobuster in DNS enumeration mode
===============================================================
Found: www.example.com
Found: mail.example.com
Found: ftp.example.com
Found: admin.example.com
===============================================================
Finished
===============================================================Recommended DNS Wordlist
For DNS enumeration, use subdomain-specific wordlists:
curl -o ~/wordlists/subdomains.txt \
https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/DNS/subdomains-top1million-5000.txt
gobuster dns -d example.com -w ~/wordlists/subdomains.txtPractical Example: Web Application Enumeration
Let’s combine what we’ve learned to enumerate a web application thoroughly.
gobuster dir -u http://testphp.vulnweb.com \
-w ~/wordlists/common.txt \
-x php,html,txt,zip \
-t 30 \
-s 200,301,302
gobuster dir -u http://testphp.vulnweb.com/admin \
-w ~/wordlists/common.txt \
-x php,html \
-t 30Analysis Workflow:
- Run initial scan with extensions
- Identify interesting directories (admin, login, config, etc.)
- Enumerate subdirectories recursively
- Document findings for further investigation
Common Issues and Solutions
Issue: “Error: the server returns a status code that matches the provided options”
Cause: The server returns wildcard responses (same status code for all requests).
Solution: Use -b flag to exclude specific status codes:
gobuster dir -u http://example.com -w ~/wordlists/common.txt -b 404Issue: Scan is too slow
Solutions:
- Increase threads:
-t 50 - Use a smaller wordlist
- Reduce timeout:
--timeout 5s
Issue: Getting rate-limited or blocked
Solutions:
- Reduce threads:
-t 5 - Add delay between requests:
--delay 100ms - Use custom User-Agent:
-a "Mozilla/5.0"
Next Steps
Now that you understand Gobuster basics, continue learning:
- Gobuster Beginner Tutorial - Learn all three modes (dir, dns, vhost), advanced options, output formats, and real-world scenarios
- Practice on legal testing platforms like DVWA, HackTheBox, or TryHackMe
- Explore other reconnaissance tools like Nmap, Nikto, and Wappalyzer
Summary
In this tutorial, you learned:
- How to install Gobuster via package managers or from source
- Running basic directory brute-force scans with essential flags
- Understanding HTTP status codes in scan results
- Using
-t,-w, and-xflags for customization - Performing simple DNS subdomain enumeration
- Troubleshooting common scanning issues
Gobuster is a powerful tool for web application reconnaissance. Use it responsibly and always ensure you have proper authorization before scanning any systems.
Security Reminder: Gobuster generates significant traffic and logs. Always obtain written permission before scanning systems you don’t own. Unauthorized scanning may violate laws like the Computer Fraud and Abuse Act (CFAA) in the United States or similar legislation in other countries.
Last updated