Gobuster
The DNS mode is used for DNS subdomain brute-forcing.
gobuster dns -d <target domain> -w <wordlist>
Good wordlist: /usr/share/seclists/Discovery/DNS/namelist.txt
The Dir mode is used to find additional content on a specific domain or subdomain.
gobuster dir -u <target url> -w <wordlist>
Lastly, you can use the Vhost mode to find virtual hosts of a target server.
Virtual hosting is used when organizations host multiple domain names on a single server or cluster of servers.
gobuster vhost -u <target url> --append-domain -w <wordlist>
TIPS:
- To brute force files with specific extensions, we can use
-xflag. - We can use -k to skip the SSL certificate verification and suppress SSL errors.
- We can even specify cookies that should accompany our requests by using -c.
gobuster dir -u <target url> -w <wordlist> -c 'session=123456'