If the target DNS server is blocking queries.
gobuster dns -d targetdomain.com -w /usr/share/wordlists/Discovery/DNS/subdomains.txt -i Use code with caution. Wildcard DNS Handling
The -u flag specifies the target URL, and -w points to your wordlist file.
gobuster vhost -u http://target.com -w /usr/share/wordlists/vhosts.txt -t 30 gobuster commands upd
On macOS with Homebrew:
: Use -x to find files like .php or .txt . gobuster dir -u http://example.com -w wordlist.txt -x php,html,txt .
Or add a session cookie:
Higher thread counts significantly reduce scan duration but can overwhelm the target or trigger rate limiting. Monitor system resources with htop to avoid performance degradation.
gobuster vhost -u http://10.10.11 -w wordlist.txt --exclude-length 1452 Use code with caution. Global Performance and Optimization Flags
Are you scanning a , DNS names , or cloud buckets ? Are you trying to bypass a firewall or rate limits ? If the target DNS server is blocking queries
gobuster dir -u https://target.com \ -w /usr/share/wordlists/seclists/Discovery/Web-Content/raft-medium-directories.txt \ -x php,html,js,txt,bak,zip \ -t 50 \ -k \ --random-agent
-t, --threads int : Number of concurrent threads (default 10). Increase this for faster scans (e.g., -t 50 ). -v, --verbose : Verbose output (shows all attempts). -q, --quiet : Don't print the banner and other noise. -o, --output string : Output file to write results to. -z, --no-progress : Don't display progress. -h, --help : Help for gobuster. 3. Directory and File Enumeration ( dir )
: Your results are only as good as your wordlist. Popular choices include the SecLists GitHub repository or the built-in lists in Kali Linux. gobuster vhost -u http://target
gobuster dns -d target.com -w /usr/share/wordlists/SecLists/Discovery/DNS/clean-jhaddix.txt --wildcard -r 1.1.1.1 Use code with caution. Virtual Host Mode ( vhost )