Gobuster vhosts brutefoce

The gobuster command to bruteforce vhosts generally looks like this:

gobuster vhost -u http://<target_IP_address> -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt --append-domain -t 1000

There are a couple of other arguments that are worth knowing:

Consider using the -t flag to increase the number of threads for faster scanning.
The -k flag can ignore SSL/TLS certificate errors.
You can use the -o flag to save the output to a file for later analysis.

Last updated 11 months ago