How to do it...

Since GoBuster is built on Go, we first need to install Go on Kali:

  1. Do this by using the following command:
apt install golang
  1. First, we clone the Git repository from the following URL: https://github.com/OJ/gobuster. You will see the following output:
  1. Now, browse into the directory and pull the external dependencies before building the binary using the following command:
go get -u github.com/OJ/gobuster && go build

The following screenshot shows the output of the preceding command:

As we can see from the preceding screenshot, the build command completed successfully without any error.

  1. Now, run the help command and see what options are available for us to use:

Gobuster has lots of features such as brute forcing directories that are behind HTTP authentication, setting a custom user-agent, and so on. Let's try it.

By default, Gobuster needs a wordlist. We can use the -w flag to specify a list and -x to specify the extension of the file we are trying to brute force:

./gobuster -x php -u "http://testphp.vulnweb.com/" -w /usr/share/wordlists/dirbuster/directory-list-2.3-small.txt

The following screenshot shows the output of the preceding command:

As we can see in the preceding screenshot, the tool successfully starts brute forcing and returns the page responses for everything it finds.

上一章目录下一章