# Gobuster — Fast Directory and DNS Brute-Force Scanner

> A fast brute-force tool written in Go for discovering hidden directories, files, DNS subdomains, virtual hosts, and S3 buckets during security assessments.

## Install

Save the content below to `.claude/skills/` or append to your `CLAUDE.md`:

# Gobuster — Fast Directory and DNS Brute-Force Scanner

## Quick Use
```bash
# Install via Go
go install github.com/OJ/gobuster/v3@latest

# Directory brute-force
gobuster dir -u https://target.com -w /usr/share/wordlists/dirb/common.txt

# DNS subdomain enumeration
gobuster dns -d target.com -w subdomains.txt

# Virtual host discovery
gobuster vhost -u https://target.com -w vhosts.txt
```

## Introduction
Gobuster is a command-line tool for brute-forcing URIs, DNS subdomains, virtual host names, S3 buckets, and TFTP servers. Written in Go for speed and concurrency, it is a staple in web application penetration testing for discovering attack surfaces that are not linked in the visible application.

## What Gobuster Does
- Brute-forces directories and files on web servers using wordlists
- Enumerates DNS subdomains through dictionary-based queries
- Discovers virtual hosts by fuzzing the Host header against a target
- Searches for open Amazon S3 buckets and Google Cloud Storage buckets
- Supports custom status code filtering, authentication headers, and proxy routing

## Architecture Overview
Gobuster is written in Go and uses goroutines for massively concurrent requests. Each mode (dir, dns, vhost, s3, tftp, fuzz) implements a shared interface for target generation, request dispatch, and result processing. The wordlist reader streams entries to a worker pool, keeping memory usage constant regardless of wordlist size.

## Self-Hosting & Configuration
- Single static binary with no external dependencies
- Install via Go toolchain or download prebuilt binaries from GitHub Releases
- Wordlists are provided externally; SecLists and dirb ship common options
- Configure threads, timeouts, and proxy settings via CLI flags
- Supports output to file in plain text or JSON format

## Key Features
- High concurrency with configurable thread count for speed tuning
- Wildcard DNS detection to avoid false positives during subdomain enumeration
- Custom header injection and cookie support for authenticated scanning
- Pattern-based file extension brute-forcing (e.g., .php, .bak, .conf)
- Quiet mode and machine-readable JSON output for pipeline integration

## Comparison with Similar Tools
- **Feroxbuster** — Rust-based recursive content discovery; Gobuster is non-recursive by default and lighter
- **ffuf** — flexible web fuzzer with more fuzzing modes; Gobuster focuses on brute-force simplicity
- **dirb** — classic directory scanner; Gobuster is significantly faster due to Go concurrency
- **dirsearch** — Python-based with smart wordlist features; Gobuster trades features for raw speed
- **wfuzz** — Python web fuzzer with advanced payload processing; heavier than Gobuster for simple tasks

## FAQ
**Q: How fast is Gobuster compared to dirb?**
A: Gobuster is typically 5-10x faster due to Go goroutine-based concurrency, depending on thread count and target response time.

**Q: Can Gobuster do recursive scanning?**
A: The dir mode does not recurse by default. For recursive content discovery, consider pairing Gobuster with a wrapper script or using Feroxbuster.

**Q: What wordlists should I use?**
A: The SecLists project provides comprehensive wordlists. Common starting points are common.txt and raft-medium-directories.txt for directory scanning.

**Q: Does it support authenticated endpoints?**
A: Yes. You can pass cookies, authorization headers, and client certificates via CLI flags to scan authenticated areas.

## Sources
- https://github.com/OJ/gobuster
- https://github.com/danielmiessler/SecLists

---
Source: https://tokrepo.com/en/workflows/gobuster-fast-directory-dns-brute-force-scanner-a6cb1aa6
Author: Script Depot