Gobuster is a popular tool for web enumeration and penetration testing, used to discover directories, subdomains, and virtual hosts. In this article, we go over the tool along with providing the answers for TryHackMe Gobuster: The Basics room.
Gobuster for Web Enumeration & Pentesting
Gobuster is a widely used tool in penetration testing and ethical hacking, primarily designed for web enumeration. It helps security professionals and ethical hackers discover hidden directories, subdomains, and virtual hosts on a web server. This article will provide an in-depth look at Gobuster’s functionalities, practical usage, and best practices.
What is Web Enumeration?
Web enumeration is the process of discovering hidden resources on a web application or server. This includes:
- Directories that may not be publicly listed.
- Subdomains that could lead to undiscovered application areas.
- Virtual hosts running multiple websites on the same IP address.
- Sensitive files such as
.env,admin.php, or.git/
Gobuster automates this enumeration process, making it an essential tool for security auditing and penetration testing
Installation of Gobuster
To install Gobuster, use the following command on a Kali Linux or Debian-based system
sudo apt install gobuster
Alternatively, you can install it via Go:
go install github.com/OJ/gobuster/v3@latest
Ensure that Go is installed before using this method.
Key Features of Gobuster
1. Directory Enumeration
This is the most commonly used mode to find hidden directories on a web server.
gobuster dir -u http://example.com -w /usr/share/wordlists/dirb/common.txt
dir→ Directory enumeration mode-u→ Target URL-w→ Wordlist file path
Useful Flags:
| Flag | Description |
|---|---|
-x php,html | Check for specific file extensions |
-t 50 | Set thread count (default: 10) |
-o results.txt | Output results to a file |
Subdomain Enumeration
This mode is used to discover subdomains of a target domain.
gobuster dns -d example.com -w /usr/share/wordlists/subdomains-top1million-5000.txtdns→ DNS enumeration mode-d→ Target domain-w→ Subdomain wordlist
Useful Flags:
| Flag | Description |
--wildcard | Detect wildcard subdomains |
--delay 1s | Add a delay between requests to avoid rate limits |
3. Virtual Host Enumeration
Used to find multiple websites hosted on the same IP address.
gobuster vhost -u http://example.com -w /usr/share/wordlists/virtual-hosts.txtvhost→ Virtual host enumeration mode-u→ Target URL-w→ Wordlist file
Best Practices for Effective Enumeration
✅ Use the Right Wordlists: Bigger lists take longer but provide better results.
✅ Filter HTTP Status Codes: Use --status-codes to only show relevant responses.
✅ Adjust Thread Count: Using -t 50 can speed up scans but may overload servers.
✅ Avoid Detection: Implement rate limits using --delay 1s to avoid being blocked
TryHackMe Investigating Windows | Room Answers
One of the best ways to learn Gobuster is through a hands-on lab like TryHackMe – Gobuster: The Basics. In this challenge, users learn to:
- Configure DNS settings to interact with a target machine.
- Use directory enumeration to find hidden web files.
- Deploy subdomain and virtual host enumeration for deeper analysis.
A common command from the challenge:
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -x php,html,jsThis scan searches for directories and files with PHP, HTML, and JavaScript extensions.
What flag to we use to specify the target URL?
-u
What command do we use for the subdomain enumeration mode?
dns
Which flag do we have to add to our command to skip the TLS verification? Enter the long flag notation.
–no-tls-validation
Enumerate the directories of www.offensivetools.thm. Which directory catches your attention?
secret
Continue enumerating the directory found in question 2. You will find an interesting file there with a .js extension. What is the flag found in this file?
THM{ReconWasASuccess}
Apart from the dns keyword and the -w flag, which shorthand flag is required for the command to work?
-d
Use the commands learned in this task, how many subdomains are configured for the offensivetools.thm domain?
4
Use the commands learned in this task to answer the following question: How many vhosts on the offensivetools.thm domain reply with a status code 200?
4
Video Walkthrough
Conclusion
Gobuster is a powerful and essential tool for web enumeration in penetration testing. By leveraging different modes (directories, subdomains, and virtual hosts), security professionals can uncover hidden resources and improve the security posture of web applications. Practicing with CTF challenges like TryHackMe helps users build real-world skills in ethical hacking.
Summary
🔍 Introduction to Gobuster: A popular tool for web enumeration and penetration testing, used to discover directories, subdomains, and virtual hosts.
🛠️ Getting Started: Always begin with the help menu (gobuster -h) to understand available commands and flags.
📁 Directory Mode: Use gobuster dir to enumerate web directories and identify hidden files or directories.
🌐 Subdomain Enumeration: The gobuster dns mode helps find subdomains of a target website.
🏠 Virtual Host Enumeration: The gobuster vhost mode checks for multiple websites hosted on the same server.
⚙️ Key Flags & Options:
-o: Output results to a file for later analysis.-t: Threads control to manage system resources.-w: Wordlists are critical for effective enumeration.-c: Cookies for authenticated scanning.--no-tls-validation: Skips SSL/TLS verification for scenarios without certificates.-x: Specifies file extensions like.php, .jsfor targeted scans.
