: Use -r if you want Gobuster to follow 301/302 redirects to see where they lead.

: Tells Gobuster to use the directory/file enumeration mode.

Upon execution, Gobuster begins the rapid process of sending requests. By default, it filters out responses with a 404 status code (Not Found) and displays results that return valid status codes, such as 200 (OK), 301 (Permanent Redirect), or 403 (Forbidden). This output is the "gold" of directory enumeration. A 301 redirect might point to a hidden subdirectory, while a 403 Forbidden status indicates that a sensitive directory exists but is protected by access controls—both valuable pieces of intelligence for a penetration tester.

⚡ : Use gobuster dir -u -w as your starting point, then layer on extensions ( -x ) and threading ( -t ) to transform a basic scan into a comprehensive deep-dive of a target's web surface. To help you get the most out of your scan, Learn how to bypass rate-limiting or WAFs during a scan? See how to use Gobuster for DNS subdomain discovery?

Let's break it down: