Gobuster

Gobuster options grouped by mode (dir, fuzz, s3, dns, tftp) and global flags. Flags in English, descriptions follow your language.

Global Flags

-w, --wordlist string — Path to the wordlist.

-t, --threads int — Number of concurrent threads (default 10).

--delay duration — Time each thread waits between requests.

-v, --verbose — Verbose output (errors).

-q, --quiet — Don't print the banner and other noise.

-p, --pattern string — File containing replacement patterns.

-o, --output string — Output file to write results to.

--no-color — Disable color output.

--no-error — Don't display errors.

-z, --no-progress — Don't display progress.

-h, --help — Help for gobuster.

Dir Mode

-u, --url string — The target URL.

-x, --extensions string — File extension(s) to search for.

-f, --add-slash — Append / to each request.

-c, --cookies string — Cookies to use for the requests.

-d, --discover-backup — Also search for backup files (multiple extensions).

--exclude-length ints — Exclude responses of these content lengths.

-e, --expanded — Expanded mode, print full URLs.

-r, --follow-redirect — Follow redirects.

-H, --headers stringArray — Specify HTTP headers (-H 'Name: val').

--hide-length — Hide the body length in the output.

-m, --method string — HTTP method to use (default GET).

-s, --status-codes string — Positive status codes.

-b, --status-codes-blacklist string — Negative status codes (default 404).

-U, --username string — Username for Basic Auth.

-P, --password string — Password for Basic Auth.

-a, --useragent string — Set the User-Agent (default gobuster/3.4).

--random-agent — Use a random User-Agent string.

--proxy string — Proxy to use [http(s)://host:port].

--timeout duration — HTTP timeout (default 10s).

--retry — Should retry on request timeout.

--retry-attempts int — Times to retry on timeout (default 3).

-k, --no-tls-validation — Skip TLS certificate verification.

-n, --no-status — Don't print status codes.

--no-canonicalize-headers — Send header names as-is.

--client-cert-p12 string — A p12 file for TLS client certificates.

--client-cert-p12-password string — Password to the p12 file.

--client-cert-pem string — Public key (PEM) for TLS client certs.

--client-cert-pem-key string — Private key (PEM, no password).

Fuzz Mode

-u, --url string — The target URL.

-B, --body string — Request body.

-m, --method string — HTTP method to use (default GET).

-c, --cookies string — Cookies to use for the requests.

-H, --headers stringArray — Specify HTTP headers.

--exclude-length ints — Exclude these content lengths (repeatable).

-b, --excludestatuscodes string — Negative status codes.

-r, --follow-redirect — Follow redirects.

-U, --username string — Username for Basic Auth.

-P, --password string — Password for Basic Auth.

-a, --useragent string — Set the User-Agent string.

--random-agent — Use a random User-Agent string.

--proxy string — Proxy to use for requests.

--retry / --retry-attempts int — Retry on timeout (default 3 attempts).

-k, --no-tls-validation — Skip TLS certificate verification.

--no-canonicalize-headers — Send header names as-is.

--client-cert-p12 string — A p12 file for TLS client certificates.

--client-cert-pem string — Public key (PEM) for client certs.

--client-cert-pem-key string — Private key (PEM, no password).

s3 Mode

-m, --maxfiles int — Max files to list when listing buckets (default 5).

-a, --useragent string — Set the User-Agent string.

--random-agent — Use a random User-Agent string.

--proxy string — Proxy to use for requests.

--timeout duration — HTTP timeout (default 10s).

--retry / --retry-attempts int — Retry on timeout (default 3).

-k, --no-tls-validation — Skip TLS certificate verification.

--client-cert-p12 string — A p12 file for TLS client certificates.

--client-cert-p12-password string — Password to the p12 file.

--client-cert-pem string — Public key (PEM) for client certs.

--client-cert-pem-key string — Private key (PEM, no password).

-h, --help — Help for s3.

DNS Mode

-d, --domain string — The target domain.

--wildcard — Force continued operation when wildcard found.

-r, --resolver string — Use custom DNS server.

--timeout duration — DNS resolver timeout (default 1s).

-i, --show-ips — Show IP addresses.

-c, --show-cname — Show CNAME records (not with -i).

-h, --help — Help for dns.

Tftp Mode

-s, --server string — The target TFTP server.

--timeout duration — TFTP timeout (default 1s).

-h, --help — Help for tftp.

Completion & Other

gobuster completion bash — Generate the bash autocompletion script.

gobuster completion zsh — Generate the zsh autocompletion script.

gobuster completion fish — Generate the fish autocompletion script.

gobuster completion powershell — Generate the powershell autocompletion script.

gobuster version — Show the current version.

gobuster help — Help about any command.

Compiled from the “Gobuster” chart by Hacking Articles (Ignite Technologies); descriptions condensed.