# Week 17 - GoBuster Tips ## GoBuster: Enumeration Tips It’s week 17 of the Web Hacking Series, and it’s on a Tuesday cause May is off to a busy start over at [Echelon Risk + Cyber](https://www.linkedin.com/company/echelon-risk-cyber/)!\ \ If you are involved in app sec, you probably have a preference between DirBuster vs. GoBuster vs. Dirb. My personal preference (and the correct answer :p) is GoBuster!\ \ One of my favorite things about GoBuster is how you can refine the scanning options. Here are some I find most useful: * -s "204,301,302,307,401,403" ==> Only show results with these status codes * -b "302" ==> Exclude 302 status codes * \--exclude-length 3571 ==> Exclude server responses of length 3571 * -k ==> Disable HTTPS verification\ The –exclude-length is particularly useful for dealing with a 404 error that appears to be a legitimate (200 OK) page. Know any other GoBuster tips & tricks? Share them in the comments below. ![](/files/1iUBNjewqTp9XNY292PC) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://www.webhackingtips.com/weekly-tips/week-17-gobuster-tips.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.