How to Install and Use Gobuster on Kali Linux

Installing Gobuster on Kali Linux is one of those quick steps that can seriously level up your recon game during a pentest. I’ve personally used it when digging through hidden directories or trying to spot forgotten admin panels and it’s surprisingly fast.

The whole point of tools like Gobuster is to help you uncover things that developers didn’t mean to leave exposed: old login pages, backup files, misconfigured folders, or even subdomains. In this short guide, I’ll walk you through the exact steps to install Gobuster on Kali Linux, plus show you how to use it in real scans.

Oh and if you’re running tests on a remote server, you might want a solid VPS. I usually go with Eldernode’s cheap Linux plans they’ve done the job for me so far.

What’s Gobuster anyway?

It’s a simple CLI tool that helps you find hidden stuff on websites like directories, files, or subdomains using wordlists. It’s written in Go, so it’s fast. Nothing fancy, just gets the job done.

So let’s jump into the setup. Alright, let’s get to the install part. It only takes a minute.

Installing Gobuster on Kali Linux

Here’s how to install Gobuster on Kali Linux. Follow the steps below and enter the required commands.

First of all, update your system packages by running the following command:

sudo apt update

Now install Gobuster using the following command:

sudo apt install gobuster

You can run the Gobuster tool with the following command:

gobuster -h

How to Use Gobuster on Kali Linux

Let’s see how it actually works in a real scan.

If you want to scan a website for directories and print the full URLs of discovered paths, run the following command:

gobuster -e -u http://IP_address/ -w /usr/share/wordlists/dirb/common.txt

Example output:

When you run that command on a test target, you might see results like this:

/admin (Status: 301)

/login (Status: 200)

/backup.zip (Status: 403)

/old-site (Status: 200)

Options available in the command:

-> -u http://IP_address/: Scanning the website

-> -w /usr/share/wordlists/dirb/common.txt: using Wordlist

-> -e: Printing the full URLs of discovered paths

When Should You Use Gobuster Over Other Tools?

I’ve used a bunch of tools like Dirb, Wfuzz, and FFUF but honestly, Gobuster is the one I reach for when I just want to run a quick scan without messing around with config files. It’s fast (thanks to Go), and it just works.

Sure, if I need more advanced stuff like recursive brute-forcing or filtering by response size FFUF gives me more control. But for everyday use, especially during quick recon, Gobuster is usually enough to get the job done.

Real Example from a Recent Scan

I once used Gobuster on a staging WordPress server. It quickly revealed paths like /wp-admin/old/, /db-backup/, and even /test-site/, which weren’t linked anywhere on the site. One of those paths had an unprotected zip file with SQL dumps exactly the kind of stuff you want to catch before attackers do.

How to Uninstall Gobuster on Kali Linux

If you want to remove the Gobuster package from the Kali Linux enter the following command:

sudo apt remove gobuster

To remove all the Gobuster dependencies, use the command below:

sudo apt autoclean   

sudo apt autoremove

That’s it! The installation of Gobuster on Kali Linux is completed successfully.

Conclusion

Gobuster doesn’t try to do everything but what it does, it does well. It’s fast, dead simple, and perfect for quick directory or subdomain brute-force scans when you don’t need fancy UIs or extra noise.

Anyway, if you followed along, you should now have Gobuster installed, know how to run a basic scan, and even remove it if needed. That’s pretty much it.

If anything was unclear or didn’t work on your system, feel free to leave a comment. I’ll try to help if I can.