Gobuster
Go-based directory/DNS/vhost brute-forcer with threading tuned for pentest wordlists.
Why it is included
Stable alternative to Python-era tools; common in certification lab exercises.
Best for
Directory busting and DNS enumeration on approved targets.
Strengths
- Fast
- Simple flags
- Multiple modes
Limitations
- Wordlist quality drives results; legal scope required
Good alternatives
ffuf · feroxbuster
Related tools
Security & Privacy
ffuf
Fast web fuzzer for directories, virtual hosts, parameters, and raw HTTP—common in bug bounty playbooks.
Security & Privacy
feroxbuster
Recursive content discovery written in Rust with intelligent filtering and replay-friendly output.
Security & Privacy
Dalfox
XSS parameter analyzer and reflected/stored/DOM-focused fuzzer with mining and pipeline modes.
Security & Privacy
OWASP ZAP
OWASP flagship web app scanner and proxy: automated checks, manual request tampering, scripting, and CI integrations.
Security & Privacy
sqlmap
Automatic SQL injection and database takeover helper with fingerprinting, data exfiltration, and OS-shell paths.
Security & Privacy
Nikto
Web server scanner that probes for dangerous files, outdated software, and misconfigurations via many checks.