LabEx
Log InJoin Free

Install and Verify Gobuster on Kali Linux

Beginner
Practice Now

Introduction

Gobuster is a powerful tool used for directory and file brute-forcing, DNS subdomain brute-forcing, and S3 bucket enumeration. It's an essential utility for penetration testers and security enthusiasts to discover hidden paths and resources on web servers.

In this lab, you will learn the fundamental steps to install Gobuster on a Kali Linux environment. You will use the apt package manager to install the tool, and then verify its successful installation by checking its version and exploring its help menu. This hands-on experience will provide you with the necessary skills to get started with Gobuster for your security assessments.

Open a Terminal in Kali Linux

In this step, you will open a terminal window in your Kali Linux environment. The terminal is where you will execute all the commands for installing and verifying Gobuster.

To open a terminal, you can usually find an icon on the desktop or in the application menu. Once opened, you will see a command prompt, typically showing your username and current directory, like labex@labex-vm:~/project$.

## No command to execute here, just open the terminal.

Update the Package List with apt

In this step, you will update the package list for your Kali Linux system. This ensures that your system has the latest information about available packages and their versions, which is crucial before installing new software.

Use the sudo apt update command to refresh the package list. The sudo command allows you to run commands with superuser privileges, which is necessary for system-wide operations like updating package lists.

sudo apt update

You should see output similar to the following, indicating that the package lists are being updated:

Hit:1 http://kali.download/kali kali-rolling InRelease
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
All packages are up to date.

Install Gobuster using apt

In this step, you will install Gobuster using the apt package manager. Kali Linux repositories include Gobuster, making the installation process straightforward.

Execute the sudo apt install gobuster -y command. The -y flag automatically confirms any prompts during the installation, allowing for a non-interactive installation.

sudo apt install gobuster -y

You should see output indicating the installation progress, similar to this:

Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following NEW packages will be installed:
  gobuster
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 3,500 kB of archives.
After this operation, 12.5 MB of additional disk space will be used.
Get:1 http://kali.download/kali kali-rolling/main amd64 gobuster amd64 3.1.0-1kali1 [3,500 kB]
Fetched 3,500 kB in 1s (3,000 kB/s)
Selecting previously unselected package gobuster.
(Reading database ... 300000 files and directories currently installed.)
Preparing to unpack .../gobuster_3.1.0-1kali1_amd64.deb ...
Unpacking gobuster (3.1.0-1kali1) ...
Setting up gobuster (3.1.0-1kali1) ...
Processing triggers for man-db (2.10.2-1) ...

Verify the Installation by Checking the Version

In this step, you will verify that Gobuster has been successfully installed by checking its version. This is a common way to confirm that a command-line tool is accessible and functioning correctly.

Run the gobuster --version command. This command will output the installed version of Gobuster.

gobuster --version

You should see output similar to the following, indicating the version number:

gobuster v3.1.0

In this final step, you will display the Gobuster help menu. This is a good way to get an overview of the tool's capabilities, available commands, and options. It also confirms that the Gobuster executable is fully functional.

Execute the gobuster -h command to display the main help menu.

gobuster -h

You will see a comprehensive output listing various Gobuster modes (e.g., dir, dns, vhost, s3, gcs, fuzz) and their respective options. This indicates that Gobuster is ready for use.

Usage:
  gobuster [command]

Available Commands:
  dir         Uses directory/file brute-forcing mode
  dns         Uses DNS subdomain brute-forcing mode
  fuzz        Uses fuzzing mode
  help        Help about any command
  s3          Uses AWS S3 bucket enumeration mode
  gcs         Uses Google Cloud Storage bucket enumeration mode
  vhost       Uses VHOST brute-forcing mode

Flags:
  -z, --no-color          Disable color output
  -q, --quiet             Don't print the banner and other noise
  -v, --verbose           Verbose output (errors)
  -h, --help              help for gobuster
  -V, --version           version for gobuster

Use "gobuster [command] --help" for more information about a command.

Summary

In this lab, you successfully installed Gobuster on your Kali Linux environment using the apt package manager. You learned how to update your system's package list, install new software, and then verify the installation by checking the tool's version and displaying its help menu.

You now have Gobuster set up and ready to use for various security tasks, such as directory and file brute-forcing. This foundational knowledge is crucial for anyone looking to perform web application security assessments or explore hidden resources on target systems.