gobuster:tldr:b2cdf
The command "gobuster dns --domain ${example-com} --wordlist ${filename}" is used to perform a DNS subdomain brute-forcing attack using the tool called "gobuster." Below is the breakdown of the different components of the command:
-
"gobuster": Refers to the name of the tool being used. Gobuster is a popular tool for performing directory and DNS subdomain brute-forcing.
-
"dns": Specifies the mode of operation for gobuster, indicating that we want to perform a DNS subdomain brute-forcing attack.
-
"--domain ${example-com}": Specifies the target domain on which the brute-forcing attack will be performed. The placeholder "${example-com}" should be replaced with the actual domain name you want to target. The domain name should not include "https://" or "www" prefixes.
-
"--wordlist ${filename}": Specifies the wordlist to be used for the brute-forcing attack. The placeholder "${filename}" should be replaced with the path and name of the wordlist file containing a list of subdomains to be tested. The wordlist typically contains a large number of common subdomains, allowing the tool to guess and discover valid subdomains.
By running this command, gobuster will perform a DNS subdomain brute-forcing attack, trying out different subdomains from the provided wordlist against the specified domain. The tool will query the DNS server for each subdomain combination and check if it resolves to a valid IP address. If a DNS response is received, it indicates the existence of a valid subdomain.