General Syntax
gobuster <mode> [flag] // modes: dir,vhost,dnsComman flags
-u <url> // target URL (dir/vhost)
-d <domain> // domain (dns)
-w <wordlist> // wordlist (required)
-t <threads> // concurrent workers
-x <exts> // extensions (dir), e.g. php,html,txt
-s <codes> // show only these status codes, e.g. "200,301,302,403"
-o <file> // output file
-e // show full URL / expanded results
-k // ignore TLS cert errors
-p <proxy> // use HTTP proxy (http://127.0.0.1:8080)
-a <agent> // custom User-Agent
-H <header> // add custom header (repeatable)
-q // quiet mode
Directory Scan
gobuster dir -u <url> -w <wordlist> -t<threads> -o <output file> Dir scan with Extensions
gobuster dir -u <url> -w <wordlist> -t<threads> -x <File Extensions> -s <codes> -o <output file> Example: gobuster dir -u https://example.com -w wordlists/common.txt -x php,html,txt -t 40 -s “200,301,302,403”
Virtual Host Discovery
gobuster vhost -u <url> -w <wordlists> -t <threads> -o <output file> DNS/Subdomain Discovery
gobuster dns -d <domain> -w <wordlist> -o <output file> --dns-server <server ip>