Since GoBuster is built on Go, we first need to install Go on Kali:
- Do this by using the following command:
apt install golang
- First, we clone the Git repository from the following URL: https://github.com/OJ/gobuster. You will see the following output:
- Now, browse into the directory and pull the external dependencies before building the binary using the following command:
go get -u github.com/OJ/gobuster && go build
The following screenshot shows the output of the preceding command:
As we can see from the preceding screenshot, the build command completed successfully without any error.
- Now, run the help command and see what options are available for us to use:
Gobuster has lots of features such as brute forcing directories that are behind HTTP authentication, setting a custom user-agent, and so on. Let's try it.
By default, Gobuster needs a wordlist. We can use the -w flag to specify a list and -x to specify the extension of the file we are trying to brute force:
./gobuster -x php -u "http://testphp.vulnweb.com/" -w /usr/share/wordlists/dirbuster/directory-list-2.3-small.txt
The following screenshot shows the output of the preceding command:
As we can see in the preceding screenshot, the tool successfully starts brute forcing and returns the page responses for everything it finds.