> gobuster

Brute force directories, files, DNS subdomains, and virtual hosts with Gobuster. Use when a user asks to discover hidden endpoints, enumerate subdomains, find backup files, or perform web content discovery during penetration testing.

fetch

$curl "https://skillshub.wtf/TerminalSkills/skills/gobuster?format=md"

SKILL.md•gobuster

Gobuster

Overview

Gobuster is a fast brute-force tool for discovering hidden web content. Written in Go for speed (multi-threaded), it discovers directories, files, DNS subdomains, virtual hosts, and S3 buckets. Essential for finding admin panels, backup files, API documentation, and forgotten endpoints that weren't meant to be public.

Instructions

Step 1: Directory and File Discovery

# Basic directory brute force
gobuster dir -u https://target.example.com -w /usr/share/wordlists/dirb/common.txt
# dir: directory/file mode
# -w: wordlist (common.txt has ~4,600 entries)

# With extensions — find backup files, configs, source code
gobuster dir -u https://target.example.com \
  -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt \
  -x php,txt,html,js,json,xml,bak,old,sql,zip,tar.gz,env \
  -t 50 \
  --status-codes 200,204,301,302,307,401,403
# -x: file extensions to append
# -t 50: 50 concurrent threads
# --status-codes: only show these HTTP status codes

# Authenticated scanning
gobuster dir -u https://target.example.com/api/v1 \
  -w api-wordlist.txt \
  -H "Authorization: Bearer eyJ..." \
  -H "Cookie: session=abc123"

# Recursive scanning
gobuster dir -u https://target.example.com \
  -w common.txt \
  --no-error \
  -o results.txt
# -o: save results to file
# Run again against discovered directories

Step 2: DNS Subdomain Enumeration

# Discover subdomains
gobuster dns -d example.com \
  -w /usr/share/wordlists/seclists/Discovery/DNS/subdomains-top1million-5000.txt \
  -t 50
# Finds: dev.example.com, staging.example.com, admin.example.com, etc.

# Use custom DNS resolver
gobuster dns -d example.com \
  -w subdomains.txt \
  -r 8.8.8.8
# -r: custom DNS resolver (bypass local DNS caching)

# Show IP addresses
gobuster dns -d example.com -w subdomains.txt --show-ips

Step 3: Virtual Host Discovery

# Find virtual hosts on the same IP
gobuster vhost -u https://target.example.com \
  -w /usr/share/wordlists/seclists/Discovery/DNS/subdomains-top1million-5000.txt \
  --append-domain
# Sends requests with different Host headers
# Finds virtual hosts not in public DNS

# Filter by response size (exclude default pages)
gobuster vhost -u https://10.0.0.1 \
  -w vhosts.txt \
  --exclude-length 11234

Step 4: S3 Bucket Enumeration

# Discover S3 buckets related to a company
gobuster s3 -w company-names.txt
# Tests: company.s3.amazonaws.com, company-dev, company-backup, etc.
# Finds: misconfigured public buckets with sensitive data

Guidelines

Use quality wordlists. SecLists (/usr/share/wordlists/seclists/) is the standard.
-x extensions matter — .bak, .old, .env, .sql, .zip often contain sensitive data.
Start with common.txt (fast), then directory-list-2.3-medium.txt (thorough).
403 Forbidden is interesting — it confirms the path exists even if access is denied.
DNS mode bypasses web servers entirely — finds subdomains directly via DNS resolution.
VHost mode finds internal apps hosted on the same server but different Host headers.
Combine with Nmap: scan discovered subdomains for additional attack surface.
Save output (-o results.txt) — you'll reference it throughout the engagement.

> related_skills --same-repo

> zustand

You are an expert in Zustand, the small, fast, and scalable state management library for React. You help developers manage global state without boilerplate using Zustand's hook-based stores, selectors for performance, middleware (persist, devtools, immer), computed values, and async actions — replacing Redux complexity with a simple, un-opinionated API in under 1KB.

> zoho

Integrate and automate Zoho products. Use when a user asks to work with Zoho CRM, Zoho Books, Zoho Desk, Zoho Projects, Zoho Mail, or Zoho Creator, build custom integrations via Zoho APIs, automate workflows with Deluge scripting, sync data between Zoho apps and external systems, manage leads and deals, automate invoicing, build custom Zoho Creator apps, set up webhooks, or manage Zoho organization settings. Covers Zoho CRM, Books, Desk, Projects, Creator, and cross-product integrations.

> zod

You are an expert in Zod, the TypeScript-first schema declaration and validation library. You help developers define schemas that validate data at runtime AND infer TypeScript types at compile time — eliminating the need to write types and validators separately. Used for API input validation, form validation, environment variables, config files, and any data boundary.

> zipkin

Deploy and configure Zipkin for distributed tracing and request flow visualization. Use when a user needs to set up trace collection, instrument Java/Spring or other services with Zipkin, analyze service dependencies, or configure storage backends for trace data.

┌ stats

installs/wk0

░░░░░░░░░░

github stars17

███░░░░░░░

first seenMar 17, 2026

└────────────

┌ repo

TerminalSkills/skills

by TerminalSkills

└────────────

┌ tags

#security #testing #writing

└────────────