### 디렉토리 및 파일 열거 dir ```bash gobuster dir -u <IP> -w <wordlist> -x php,html,txt -t 50 ``` - `-b 403,404`: 무시할 상태 코드 지정 - `-k`: SSL 인증서 무시 (https 접속 시 유용) ### API endpoint ```bash # pattern.txt {GOBUSTER}/v1 # gobuster gobuster dir -u http://<IP> -w wordlist -p pattern.txt ``` ### DNS subdomain ```bash gobuster dns -d target.com -w <wordlist> -t 50 ``` ### VHost ```bash gobuster vhost -u http://target.com -w <wordlist> -t 50 ``` ### S3 bucket ```bash gobuster s3 -w buckets.txt ``` ### Wordlists ```bash /usr/share/wordlists/dirbuster/directory-list-2.3-small.txt (or medium) /usr/share/seclists/Discovery/Web-Content/common.txt /usr/share/seclists/Discovery/Web-Content/api/api-endpoints.txt (API) /usr/share/wordlists/dirb/big.txt ```