Disclaimer: Please only use these commands if you have permission to use them on the IP address of your choice.
GoBuster is a tool for brute forcing URIs, DNS subdomains, virtual host names, Amazon s3 buckets, Google cloud buckets and TFTP servers.
Example 1: Searching for subdomains.
This example makes use of the subdomains-top1million-5000.txt word list. If you don't have it yet, install it with:
sudo apt install seclists
Then run this command to search for the above mentioned things on the target machine. Please make sure to add the flag "--append-domain" if you are using GoBuster v3.2 or higher.
sudo gobuster vhost -u http://targetwebaddress.com -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-5000.txt --append-domain
A positive result for an open s3 bucket could look like this:
Found: s3.targetwebaddress.com Status: 404 [Size: 21]
Example 2: Find a .php file that could be used to authenticate.
gobuster dir --url http://yourmachinesipaddress/ --wordlist /usr/share/wordlists/dirbuster/directory-list-2.3-small.txt -x php,html
In this case, GoBuster found a file called "login.php", which was exactly what we were looking for.
More examples to be added in the future.