### 디렉토리 및 파일 열거 dir ```bash gobuster dir -u http://$IP -w <wordlist> -x php,html,txt -t 50 gobuster dir -u http://$IP -w <wordlist> -x php,asp,xml,html,js,sql,gz,zip -r -o output.txt sudo gobuster dir -w '/home/kali/Desktop/wordlists/dirbuster/directory-list-2.3-medium.txt' -u http://$IP:80 -t 42 -b 400,401,403,404 ``` - `-b 403,404`: 무시할 상태 코드 지정 - `-k`: SSL 인증서 무시 (https 접속 시 유용) - `--exclude-length <LENGTH>` - `-x php,txt,html,js,css,asp,aspx,jsp` - `-x php,txt,html,js,css,asp,aspx,jsp,bak,zip,tar,gz,conf,old` ### API endpoint ```bash # pattern.txt # -p pattern.txt {GOBUSTER}/v1 {GOBUSTER}/v2 gobuster dir -u http://<IP> -w wordlist -p pattern.txt ``` ### DNS subdomain ```bash gobuster dns -d target.com -w <wordlist> -t 50 ``` ### VHost ```bash gobuster vhost -u http://target.com -w <wordlist> -t 50 ``` ### S3 bucket ```bash gobuster s3 -w buckets.txt ``` ### Wordlists ```bash /usr/share/wordlists/dirbuster/directory-list-2.3-small.txt (or medium) /usr/share/seclists/Discovery/Web-Content/common.txt /usr/share/seclists/Discovery/Web-Content/api/api-endpoints.txt (API) /usr/share/wordlists/dirb/big.txt ```