How to Install Gobuster Tool on Kali Linux
One of the first steps in attacking an internet application is enumerating hidden directories and files. This can often give useful information that makes it easier to carry out a specific attack, resulting in fewer errors and lost effort. There are numerous tools available to do this, but not all of them are created equally. Gobuster, a record scanner that is written in Go Language, is worth searching for Brute-force scanners such as DirBuster and DIRB function beautifully in popular directories, but they might be slow and responsive to errors.
Gobuster may be a Go implementation of those tools that can be used from the command line. Gobuster's main advantage over other directory scanner is its speed. Go is known for its speed as a programming language. It also provides great concurrency, allowing Gobuster to make use of several threads for faster processing. The one defeat of Gobuster, though, is the lack of recursive directory exploration.
Unfortunately, a second scan will be required for directories that are quite one level deep. This is not such a big deal, and other scanners can accelerate and fill in the gaps for gobusters in this area.
How to Install Gobuster
In order to install Gobuster, we have to follow the following steps:
Step 1: First, we have to create a working directory to keep things organized, and change into it.
Step 2: Next, we will need to install Gobuster tool because it's not comprised on Kali Linux by default.
Step 3: After that, to run the tool, we have to simply type gobuster -h into the terminal.
Step 4: Next, we need to install Additional Seclists for brute-forcing Directories and Files.
By default, Wordlists on Kali are located in the /usr/share/wordlists directory.
How to Use Gobuster Tool for Scanning?
The terminal or command-line interface can be used to launch Gobuster tools. All we have to do now is run the command using the following syntax.
Understanding Gobuster [Mode]
After entering the "gobuster" command into a terminal, we have to provide the mode, and that is compulsory or need to specify the purpose of the tool we are running for.
Gobuster Toot contains numerous modes:
Dir: - The classic directory brute-forcing mode or Enumerating URIs for directories and Files.
Gobuster's Dir mode is mostly intended to find additional content on a certain target domain or subdomain. This additional information comprises hidden directories or hidden files that might include sensitive data.
We can use the option "-u" in Dir Mode to specify the target domain or subdomain we wish to dig into the hidden directories and files. The -w option also allows us to choose the wordlist we want to use for brute-forcing.
Dns: - DNS Subdomain Brute-Forcing Mode or Enumerating Subdomains
Gobuster Tool's DNS mode is mostly used to enumerate subdomains in the target domain. This mode can be used to locate some unidentified or hidden subdomains for a particular target domain. In this mode, the "-d" option is used to specify the target domain we need to find subdomain and the "-w" option permits us to select the wordlist which we need to use for brute-forcing.
Vhost-Virtual Host Brute-Forcing Mode or Enumerating Virtual Hosts (Not the Same as DNS!)
Finally, Gobuster's Vhost mode is utilized to locate the victim server's virtual hosts. When a company hosts multiple domain names on a single server or server cluster, it is referred to as virtual hosting. Virtual Hosting enables a single server to share its data and resources with numerous hostnames. Identifying hostnames on a server can disclose extra web content related to a company. In host mode, it verifies the existence of subdomains by visiting the created URL and double-checking the IP address.
We will mostly be researching through directories and files with the Gobuster tool. In this instance, dir mode will be useful for us.
Understanding Gobuster [Options]
We must specify the requirements after entering the specific mode as required. The Gobuster tool offers a lot of options; to learn about them, use "gobuster -h" and read the help page. It can be used to explore options that are precisely related to the dns mode.
The following are the example of options: