One of the first steps in attacking a web application is enumerating hidden directories and files. Doing so can often yield valuable information that makes it easier to execute a precise attack, leaving less room for errors and wasted time. There are many tools available to do this, but not all of them are created equally. Gobuster, a directory scanner written in Go, is definitely worth exploring.
Traditional directory brute-force scanners like DirBuster and DIRB work just fine, but can often be slow and prone to errors. Gobuster is a Go implementation of these tools and is offered in a convenient command-line format.
The main advantage Gobuster has over other directory scanners is speed. As a programming language, Go is known to be fast. It also has excellent support for concurrency so that Gobuster can take advantage of multiple threads for faster processing.
The one downfall of Gobuster, though, is the lack of recursive directory searching. For directories more than one level deep, another scan will be needed, unfortunately. Often this isn't that big of a deal, and other scanners can step up and fill in the gaps for Gobuster in this area.
..
Support the originator by clicking the read the rest link below.
