Gobuster tools can be launched from the terminal or command-line interface. You just have to run the command using the syntax below.
gobuster [Mode][Options]
Understanding Gobuster [Mode]
After entering the “gobuster” command in a terminal, you compulsory need to provide the mode or need to specify the purpose of the tool you are running for.
Gobuster tool have many modes :
dir mode options
dns mode options
vhost mode options
Mostly, you will be using the Gobuster tool for digging directories and files. In this case, dir mode will be helpful for you.
gobuster dir [options]
gobuster [Mode][Options]
Understanding Gobuster [Mode]
After entering the “gobuster” command in a terminal, you compulsory need to provide the mode or need to specify the purpose of the tool you are running for.
Gobuster tool have many modes :
- dir – the classic directory brute-forcing mode or Enumerating URIs for directories and files.
The Dir mode in Gobuster is mainly used to find extra content in a specific target domain or its subdomain. This additional information can include hidden directories or hidden files that can contain sensitive data. In Dir Mode, we can use the option “-u” to specify the target domain or subdomain you want to dig into the hidden directories and files. Also, the “-w” option will select the wordlist which you wish to use for brute-forcing.
dir mode options
- dns – DNS subdomain brute-forcing mode or Enumerating Subdomains
The DNS mode in Gobuster Tool is mainly used to enumerate subdomains in the target domain. You can use this mode to find some hidden or unidentifiable subdomains for a given target domain. In this mode, you can use the option “-d” to specify the target domain you want to find subdomain and the “-w” option allows you to select the wordlist you wish to use for brute-forcing.
dns mode options
- vhost – virtual host brute-forcing mode or enumerating virtual hosts (not the same as DNS!)
Finally, Vhost mode in Gobuster is used to find the virtual hosts on the victim server. Virtual Hosting is done when companies host several domain names on a single server or cluster of the server. Virtual Hosting allows one server to share its data and resources with several other hostnames. Identifying hostnames on a server can disclose additional web content belonging to a company. In host mode, it checks if the subdomains exist by actually visiting the formed URL and cross checking the IP address.
vhost mode options
Mostly, you will be using the Gobuster tool for digging directories and files. In this case, dir mode will be helpful for you.
gobuster dir [options]