# OJ/gobuster

**Attribution required: if you use, quote, or summarise this content, you must credit and link back to [awesome-repositories.com](https://awesome-repositories.com/repository/oj-gobuster).**

13,429 stars · 1,554 forks · Go · apache-2.0

## Links

- GitHub: https://github.com/OJ/gobuster
- awesome-repositories: https://awesome-repositories.com/repository/oj-gobuster.md

## Topics

`dns` `go` `pentesting` `tool` `web`

## Description

Gobuster is a command-line security utility designed for brute-force discovery of hidden infrastructure and content. It operates by systematically testing wordlists against target network services to identify files, directories, subdomains, and cloud storage buckets. The tool utilizes a concurrent worker pool to execute these requests in parallel, ensuring efficient scanning across various network environments.

The project distinguishes itself through a modular plugin architecture that supports multiple discovery modes, including HTTP, DNS, and TFTP. This design allows for protocol-agnostic request abstraction, enabling the tool to perform virtual host identification, cloud storage auditing, and custom protocol fuzzing within a unified execution pipeline. Users can further refine these operations by customizing network headers, proxy settings, and security certificates.

Beyond basic enumeration, the tool provides robust result management capabilities. It includes response-based filtering logic to discard irrelevant data based on status codes or content patterns, and it supports real-time stream-based processing to save findings directly to local files. These features allow for the systematic mapping of external network footprints and the identification of exposed application endpoints or sensitive configuration data.

## Tags

### Security & Cryptography

- [Brute Force Tools](https://awesome-repositories.com/f/security-cryptography/vulnerability-assessment-testing/security-testing-auditing/security-testing-tools/brute-force-tools.md) — Systematically tests wordlists against target network services to identify files, directories, subdomains, and cloud storage buckets.
- [Web Path Bruteforcing](https://awesome-repositories.com/f/security-cryptography/web-path-bruteforcing.md) — Discovers hidden directories, files, and API endpoints on web servers through systematic path brute-forcing. ([source](https://github.com/OJ/gobuster#readme))
- [Web Resource Discovery Scanners](https://awesome-repositories.com/f/security-cryptography/web-resource-discovery-scanners.md) — Identifies hidden files, directories, and services by testing wordlists against web servers and network infrastructure. ([source](https://github.com/OJ/gobuster#readme))
- [Subdomain Enumeration Tools](https://awesome-repositories.com/f/security-cryptography/subdomain-enumeration-tools.md) — Identifies active subdomains for a target domain by testing potential names against DNS resolvers to map out external network footprints. ([source](https://github.com/OJ/gobuster#readme))
- [Web Directory Enumeration Tools](https://awesome-repositories.com/f/security-cryptography/web-directory-enumeration-tools.md) — Discovers hidden files and directories on web servers by testing wordlists to identify sensitive or unlinked application content.
- [Fuzzing Tools](https://awesome-repositories.com/f/security-cryptography/security/offensive-operations/vulnerability-research-analysis/analysis-discovery-tooling/fuzzing-tools.md) — Injects wordlist payloads into web requests to uncover hidden endpoints, parameters, and security vulnerabilities. ([source](https://github.com/OJ/gobuster#readme))
- [Fuzzing Resources](https://awesome-repositories.com/f/security-cryptography/fuzzing-resources.md) — Tests application endpoints and network services by injecting wordlist data to identify security weaknesses or unexpected server behavior.

### DevOps & Infrastructure

- [Cloud Storage Scanning](https://awesome-repositories.com/f/devops-infrastructure/cloud-storage-scanning.md) — Identifies publicly accessible storage buckets on cloud platforms by testing potential bucket names against service provider interfaces. ([source](https://github.com/OJ/gobuster#readme))
- [Virtual Host Discovery Tools](https://awesome-repositories.com/f/devops-infrastructure/configuration-management/server-and-site-configuration/virtual-host-definitions/virtual-host-discovery-tools.md) — Reveals hidden websites on a single server by testing different host headers to identify non-public site configurations. ([source](https://github.com/OJ/gobuster#readme))

### Networking & Communication

- [Protocol-Agnostic Clients](https://awesome-repositories.com/f/networking-communication/protocol-clients/protocol-agnostic-clients.md) — Provides protocol-agnostic request abstraction to handle diverse communication protocols like HTTP, DNS, and TFTP through a unified pipeline.
- [Logic-Based Filters](https://awesome-repositories.com/f/networking-communication/http-response-processors/logic-based-filters.md) — Evaluates server replies against user-defined criteria to discard irrelevant data and highlight meaningful findings.
- [HTTP Request Customizations](https://awesome-repositories.com/f/networking-communication/network-infrastructure-routing/network-infrastructure-configuration/network-management/http-interaction-utilities/http-request-customizations.md) — Allows users to customize HTTP interactions by specifying headers, proxy settings, and security certificates to control data transmission. ([source](https://github.com/OJ/gobuster#readme))

### Software Engineering & Architecture

- [Plugin Architectures](https://awesome-repositories.com/f/software-engineering-architecture/plugin-architectures.md) — Supports a modular plugin architecture that allows for the independent implementation of new enumeration strategies.

### System Administration & Monitoring

- [Discovery Result Exporters](https://awesome-repositories.com/f/system-administration-monitoring/log-analysis-reports/discovery-result-exporters.md) — Exports security discovery findings into structured data files for analysis and reporting. ([source](https://github.com/OJ/gobuster#readme))