DirBuster is an application made in Java; it can be called from Kali's main menu or from a terminal using the dirbuster command. The following are the steps required to make such call:

1. Navigate to Applications | 03 - Web Application Analysis | Web Crawlers & Directory Bruteforcing | Dirbuster.
2. In the DirBuster window, set the target URL to http://192.168.56.11/.
3. Set the number of threads to 20 to have a decent testing speed.
4. Select List based brute force and click on Browse.
5. In the browsing window, select the file we just created (dir_dictionary.txt).
6. Uncheck the Be Recursive option.
7. For this recipe, we will leave the rest of options at their defaults:

8. Click on Start.
9. If we go to the Results tab, we will see that DirBuster has found at least two of the files in our dictionary: cgi-bin and phpmyadmin. The response code 200 means that the file or directory exists and can be read. phpmyadmin is a web-based MySQL database administrator; finding a directory with this name tells us that there is a database management system (DBMS) in the server and it may contain relevant information about the application and its users: