🧭 gobuster — Dizin/VHost brute force
HTTP dizin, sanal host ve DNS keşfi için hızlı brute force aracı.
Söz dizimi
#1
gobuster <mode> -u <url> -w <wordlist> [seçenekler]
#2
mode: dir | vhost | dns
Dizin keşfi (dir)
#1
gobuster dir -u http://site -w /usr/share/wordlists/dirb/common.txt
#2
gobuster dir -u https://site -w wl.txt -x php,txt,js # uzantılar
#3
gobuster dir -u http://site -w wl.txt -t 80 # eşzamanlı istek
#4
gobuster dir -u http://site -w wl.txt -b 404,500 # hariç tut (blacklist)
#5
gobuster dir -u http://site -w wl.txt -s 200,204,301,302 # sadece bu durumlar
#6
gobuster dir -u http://site -w wl.txt -k -H "Cookie: auth=1"
Sanal host (vhost)
#1
gobuster vhost -u http://site -w hosts.txt -t 60 -k
#2
gobuster vhost -u http://IP -w hosts.txt -H "Host: FUZZ.site"
DNS alt alan (dns)
#1
gobuster dns -d example.com -w subdomains.txt -t 100
#2
gobuster dns -d example.com -w subs.txt -r 1.1.1.1 # özel DNS
Çıktı & proxy
#1
gobuster dir -u http://site -w wl.txt -o out.txt -z
#2
gobuster dir -u http://site -w wl.txt -p http://127.0.0.1:8080 -q