## Exit Codes | Code | Meaning | | ---- | -------------------------------- | | 0 | Success (found at least one hit) | | 1 | Partial success / warnings | | 2 | Error (bad flags or syntax) | ## HTTP Status Codes | Status | Meaning | | ------ | ---------------------------- | | 200 | OK (resource exists) | | 301 | Moved Permanently | | 302 | Found (temporary redirect) | | 307 | Temporary Redirect | | 401 | Unauthorized (auth required) | | 403 | Forbidden (access denied) | | 404 | Not Found | | 500 | Internal Server Error | | 502 | Bad Gateway | | 503 | Service Unavailable | > ⚠️ Gobuster can show **any** HTTP status code—these are just the most frequent. ### Global Flags | Flag | Category | Description | |------------------------------------|--------------------|-------------------------------------------------------------------| | `-w ; --wordlist ` | Wordlist | Path to wordlist. | | `-t ; --threads ` | Performance | Number of concurrent threads (default: 10). | | `-o ; --output ` | Output | Write results to a file instead of stdout. | | `-q; --quiet` | Output | Suppress banner and non‑result output. | | `-v; --verbose` | Output | Show verbose messages and errors. | | `--delay ` | Performance | Delay between requests (e.g. `500ms`, `1s`). | | `--timeout ` | Performance | Request timeout (default: `10s`). | | `--wordlist-offset ` | Wordlist Control | Skip first n entries in wordlist (resume capability). | | `-p ; --pattern ` | Wordlist‑Pattern | File of regex patterns for substitution. | | `--no-color` | Output | Disable colored output. | | `--no-error` | Output | Suppress error messages. | | `-z; --no-progress` | Output | Don’t show progress bar. | | `-h; --help` | Help | Show help for all modes/flags. | | `--version` | Help | Display Gobuster version. | #### Directory Mode Flags (`dir`) | Flag | Category | Description | |-----------------------------------------------|------------------|-------------------------------------------------------------------------------| | `-u ; --url ` | Target | Base URL (e.g. `http:///`). | | `-x ; --extensions ` | File Filtering | Try only these extensions (comma‑separated, e.g. `php,txt`). | | `-r; --follow-redirect` | HTTP | Follow HTTP redirects. | | `-s ; --status-codes ` | Filtering | Only report these status codes (e.g. `200,301`). | | `-b ; --status-codes-blacklist `| Filtering | Exclude these status codes (default: `404`). | | `-e; --expanded` | Output | Print full URLs instead of just paths. | | `-d; --discover-backup` | HTTP | Also look for common backup file extensions on found entries. | | `--exclude-length ` | Filtering | Ignore responses matching these body lengths. | | `-f; --add-slash` | HTTP | Append a slash (`/`) to each word before requesting. | | `-H ; --headers ` | HTTP | Add custom HTTP header(s). | | `-c ; --cookies ` | HTTP | Send cookie(s) with each request. | | `-m ; --method ` | HTTP | HTTP method to use (`GET`, `POST`, `HEAD`; default: `GET`). | | `-n; --no-status` | Output | Don’t display status codes in results. | | `-k; --no-tls-validation` | HTTP | Skip TLS certificate verification. | | `-U ; --username ` | Auth | Username for HTTP Basic Auth. | | `-P ; --password ` | Auth | Password for HTTP Basic Auth. | | `--proxy ` | Proxy | Send all requests via this proxy. | | `--random-agent` | HTTP | Use a random User‑Agent for each request. | #### DNS Mode Flags (`dns`) | Flag | Category | Description | |-------------------------------------|-------------|-------------------------------------------------------------| | `-d ; --domain ` | Target | Base domain to enumerate (e.g. ``). | | `-r ; --resolver ` | DNS | Use this DNS resolver (e.g. `8.8.8.8:53`). | | `--no-fqdn` | DNS | Don’t append system search domains to names. | | `--wildcard` | Filtering | Continue even if wildcard DNS responses are detected. | | `-c; --show-cname` | DNS | Display CNAME records for found subdomains. | | `-i; --show-ips` | DNS | Display IP addresses alongside subdomains. | #### Virtual‑Host Mode Flags (`vhost`) | Flag | Category | Description | |---------------------------------|---------------------|--------------------------------------------| | `-u ; --url ` | Target | Base URL (e.g. `http:///`). | | `--append-domain` | Target Formatting | Auto‑append `.` to each word. | | `-r; --follow-redirect` | HTTP | Follow HTTP redirects. | | `-H ; --headers ` | HTTP | Add custom HTTP header(s). | | `-c ; --cookies ` | HTTP | Send cookie(s) with each request. | | `-k; --no-tls-validation` | HTTP | Skip TLS certificate validation. | | `-U ; --username ` | Auth | Username for HTTP Basic Auth. | | `-P ; --password ` | Auth | Password for HTTP Basic Auth. | | `--proxy ` | Proxy | Send requests via this proxy. | | `--random-agent` | HTTP | Use a random User‑Agent. | #### S3 & GCS Mode Flags (`s3`/`gcs`) | Flag | Category | Description | |------------------------------|------------------|-------------------------------------------------------| | `-m ; --maxfiles ` | Bucket Control | Max objects to list per bucket (verbose only). | | `--proxy ` | Proxy | Send requests via this proxy. | | `--random-agent` | HTTP | Use a random User‑Agent. | | `--timeout ` | Performance | Request timeout (default: `10s`). | #### TFTP Mode Flags (`tftp`) | Flag | Category | Description | |-----------------------------|----------------|------------------------------------------| | `-s ; --server ` | Target | TFTP server address. | | `-p ; --port ` | TFTP Control | TFTP port (default: `69`). | | `-w ; --wordlist `| Wordlist | List of filenames to request. | | `--timeout ` | Performance | Request timeout (default: `1s`). | #### Fuzz Mode Flags (`fuzz`) | Flag | Category | Description | |--------------------------------|------------------|--------------------------------------------------------------| | `-u ; --url ` | Target | URL containing the `FUZZ` placeholder (e.g. `?id=FUZZ`). | | `--data ` | HTTP‑Body | POST body with `FUZZ` placeholders (e.g. `pass=FUZZ`). | | `-H ; --headers ` | HTTP | Header(s) with `FUZZ` placeholders (e.g. `-H "X-API: FUZZ"`). | | `-w ; --wordlist `| Wordlist | Path to wordlist. | | `-m ; --maxfiles ` | Performance | Threads or max items for fuzzing (mode‑dependent). | | `--pattern ` | Wordlist‑Pattern | File of regex patterns for substitution. |