$loading...
Complete gobuster reference for directory brute-forcing, DNS subdomain discovery, vhost enumeration, and fuzzing. (26 payloads)
gobuster dir -u http://target.com -w /usr/share/seclists/Discovery/Web-Content/common.txtgobuster dir -u http://target.com -w wordlist.txt -x php,html,txt,bak,zipgobuster dir -u http://target.com -w wordlist.txt -s 200,204,301,302,307,403gobuster dir -u http://target.com -w wordlist.txt -b 404,500gobuster dir -u http://target.com -w wordlist.txt -t 50gobuster dir -u http://target.com -w wordlist.txt -o results.txtgobuster dns -d target.com -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-5000.txtgobuster dns -d target.com -w subdomains.txt --show-cnamegobuster dns -d target.com -w subdomains.txt -r 8.8.8.8gobuster dns -d target.com -w subdomains.txt -t 100gobuster vhost -u http://target.com -w subdomains.txtgobuster vhost -u http://target.com -w subdomains.txt --append-domaingobuster vhost -u http://10.10.10.10 -w subdomains.txt -H "Host: FUZZ.target.com"gobuster fuzz -u "http://target.com/page?id=FUZZ" -w ids.txtgobuster fuzz -u "http://target.com/FUZZ/page" -w wordlist.txtgobuster fuzz -u http://target.com -H "X-FUZZ: test" -w headers.txtgobuster dir -u http://target.com -w wordlist.txt -c "session=abc123"gobuster dir -u http://target.com -w wordlist.txt -H "Authorization: Bearer eyJ..."gobuster dir -u http://target.com -w wordlist.txt -U admin -P passwordgobuster dir -u http://target.com -w wordlist.txt -kgobuster dir -u http://target.com -w wordlist.txt -p http://127.0.0.1:8080/usr/share/seclists/Discovery/Web-Content/common.txt/usr/share/seclists/Discovery/Web-Content/raft-large-directories.txt/usr/share/seclists/Discovery/DNS/subdomains-top1million-5000.txt/usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt/usr/share/seclists/Discovery/Web-Content/api/objects.txtLevel up your security testing
Install the CLI
npx payload-playgroundExplore All Tools
Encoding, hashing, JWT & more
Browse Cheat Sheets
Quick-reference payload guides