Skip to main content

gobuster-dns

The gobuster-dns tool is designed for DNS subdomain enumeration, facilitating the discovery of valid subdomains for targeted domains within automated security workflows. It enhances reconnaissance processes, enabling users to identify potential entry points for vulnerabilities in a target infrastructure.

Ideal Use Cases & Fit

This tool excels in scenarios requiring extensive subdomain discovery, particularly in red team assessments, security audits, and penetration testing engagements. It is best utilized when the analyst has a list of target domains and a defined wordlist for subdomain exploration. Typical inputs include newline-separated domain names, with an emphasis on environments where rapid enumeration of subdomains is essential. However, it is not suitable for exhaustive enumeration of all DNS records, as it specifically targets subdomain discovery.

Value in Workflows

Integrating gobuster-dns into security workflows enhances reconnaissance phases, providing rapid feedback on existing subdomains. Its output informs other automated tools or processes, enabling streamlined reporting and follow-up actions. Typical positions in workflows include initial scanning stages or as an adjunct to data analysis functions, helping teams prioritize further investigation based on discovered subdomains.

Input Data

The tool expects the following input data:

  • Type: File
  • Format: Newline-separated domains
  • Function: Target
  • Required: Yes
  • Example: 
    example.com
    test.com

Configuration

  • wordlist: Specifies the wordlist to use for subdomain enumeration; a default of deepmagic.com-prefixes-top500.txt is provided.
  • resolver: Optional custom DNS server for queries, specified in the format server.com or server.com:port.
  • show-ips: Controls whether to display IP addresses in the output; defaults to true.
  • show-cname: Determines if CNAME records should be displayed; defaults to false and cannot be used with show-ips.
  • timeout: Sets the DNS resolver timeout, with a default of 1 second.
  • wildcard: Ensures continued operation when a wildcard DNS record is found; defaults to false.
  • delay: Specifies the wait time between requests for each thread (e.g., 1500ms).
  • no-progress: If true, progress updates will not be displayed; defaults to true.
  • no-error: Suppresses error messages in output; defaults to true.
  • quiet: When true, prevents the printing of banners and other non-essential information; defaults to true.
  • no-color: Disables colored output for compatibility with various environments; defaults to true.