The vhost mode is used to find virtual hosts on a target web server (not subdomains, but different domain names on the same IP).

This command will brute-force files on the target URL http://example.com using the wordlist rockyou.txt .

To maximize the efficiency of your , utilize these flags:

Wildcard DNS configurations can ruin a scan by returning false positives. Use the --wildcard flag to force Gobuster to handle them, and -r to specify a fast, reliable DNS server.

gobuster dir -u https://api.target.com/v2 -w api_words.txt -x json,js,php -H "Authorization: Bearer eyJhbGciOiJ..." -s 200,201,401

Find the for specific targets (API, Web, DNS). Troubleshoot connection errors or timeout issues. Set up recursive scans for deep directory hunting.

gobuster dir -u http://10.10.10 -w /usr/share/wordlists/dirb/common.txt -s "200,301" Use code with caution.

gobuster -t <target>

Verify your version:

Gobuster works by taking a wordlist and sending requests to a target server to see how it responds. Based on the HTTP status codes or DNS response flags returned, it determines whether a resource exists.

Example: