While the -u flag provides the destination, the -w flag provides the ammunition. The -w flag points to a wordlist file on the local system containing a list of directory and file names to be tested. The quality and relevance of this wordlist are directly proportional to the effectiveness of the scan. Common sources for these lists include the popular SecLists repository, which offers lists ranging from common administrative paths (like /admin or /login ) to massive comprehensive lists containing millions of potential paths. For instance, a user might specify -w /usr/share/wordlists/dirb/common.txt . Gobuster iterates through this file line by line, appending each entry to the target URL specified in the -u flag.
: Use -r if you want Gobuster to follow 301/302 redirects to see where they lead.
gobuster dir -u http://example.com -w dir_list.txt gobuster dir usage -u -w
Gobuster will then begin scanning the target URL, sending requests for each directory name in the wordlist file. The output will look something like this:
gobuster dir -u https://target.com -w /usr/share/wordlists/dirb/common.txt -t 50 While the -u flag provides the destination, the
gobuster dir -u http://targetsite.com -w /path/to/wordlist.txt
gobuster dir -u <URL> -w <wordlist_path> Common sources for these lists include the popular
Once you master the basic -u and -w flags, you can add modifiers to make your scans more effective. 1. Filtering by Extensions ( -x )
The command structure is designed for speed and simplicity. Here is what each part of the gobuster dir -u -w syntax does:
