This is more intuitive for modern rate‑limiting scenarios.

gobuster dir -u https://example.com -w common.txt -x zip,tar.gz,sql,old,bak,env,git,htaccess -t 40

Note: -w - reads wordlist from stdin.

To see the IP addresses of found subdomains, use the -v flag.

Here are some common options that can be used with Gobuster:

Old approach used --delay 0.2 (seconds). Updated Gobuster introduces --rate-limit (requests per second):

On Kali Linux (which often comes with an older version):

gobuster dir -u http://example.com -w wordlist.txt --delay 100ms

# Only show status codes 200, 301, and 302 gobuster dir -u http://target.com -w wordlist.txt -s "200,301,302"