Cyberithub

How to Install gobuster on Ubuntu 20.04 LTS (Focal Fossa)

Advertisements

In this article, I will take you through the steps to install gobuster on Ubuntu 20.04 LTS (Focal Fossa). Gobuster is a free and open source tool written in GO language. It is used to brute force URIs in web sites, DNS subdomains, virtual host names on target web server and open amazon S3 buckets. More on official GitHub website. It is particularly useful for performing testing of web sites and web servers.

Most of the time you will see this tool to be used from a Kali Linux machine along with other wide variety of brute force tools but if you want, this tool can also be installed on Ubuntu/Debian based Systems. Here we will see the steps to install gobuster on Ubuntu 20.04 LTS based system.

Advertisements

How to Install gobuster on Ubuntu 20.04 LTS (Focal Fossa)

How to Install gobuster on Ubuntu 20.04 LTS (Focal Fossa)

Also Read: How to Install SDKMAN on Linux Using 7 Easy Steps

Step 1: Prerequisites

a) You should have a running Ubuntu 20.04 LTS System.

Advertisements

b) You should have sudo or root access to run privileged commands.

c) You should have apt or apt-get utility available in your System.

Advertisements

 

Step 2: Update Your System

In the first step, you need to sync the installed packages with the latest available versions from the default Ubuntu repo by using sudo apt update command as shown below.

cyberithub@ubuntu:~$ sudo apt update
[sudo] password for cyberithub:
Hit:1 https://download.docker.com/linux/ubuntu focal InRelease
Hit:2 http://in.archive.ubuntu.com/ubuntu focal InRelease
Hit:3 http://ppa.launchpad.net/ubuntu-toolchain-r/test/ubuntu focal InRelease
Get:4 https://dl.google.com/linux/chrome/deb stable InRelease [1,811 B]
Get:5 http://in.archive.ubuntu.com/ubuntu focal-updates InRelease [114 kB]
Get:6 http://security.ubuntu.com/ubuntu focal-security InRelease [114 kB]
Get:7 http://in.archive.ubuntu.com/ubuntu focal-backports InRelease [108 kB]
Get:8 https://apt.boltops.com stable InRelease [3,961 B]
Get:9 https://dl.google.com/linux/chrome/deb stable/main amd64 Packages [1,092 B]
Get:10 http://in.archive.ubuntu.com/ubuntu focal-updates/main i386 Packages [733 kB]
Get:11 http://in.archive.ubuntu.com/ubuntu focal-updates/main amd64 Packages [2,152 kB]
Get:12 https://apt.boltops.com stable/main amd64 Packages [11.6 kB]
Get:13 http://in.archive.ubuntu.com/ubuntu focal-updates/main Translation-en [379 kB]
...............................................................

If any of the packages needs to be upgraded then run sudo apt upgrade command as shown below.

Advertisements
cyberithub@ubuntu:~$ sudo apt upgrade
Reading package lists... Done
Building dependency tree
Reading state information... Done
Calculating upgrade... Done
Try Ubuntu Pro beta with a free personal subscription on up to 5 machines.
Learn more at https://ubuntu.com/pro
The following NEW packages will be installed:
linux-headers-5.15.0-50-generic linux-hwe-5.15-headers-5.15.0-50 linux-image-5.15.0-50-generic linux-modules-5.15.0-50-generic
linux-modules-extra-5.15.0-50-generic
The following packages will be upgraded:
google-chrome-stable linux-generic-hwe-20.04 linux-headers-generic-hwe-20.04 linux-image-generic-hwe-20.04 linux-libc-dev
5 upgraded, 5 newly installed, 0 to remove and 0 not upgraded.
4 standard LTS security updates
Need to get 198 MB of archives.
After this operation, 587 MB of additional disk space will be used.
Do you want to continue? [Y/n] Y
....................................................................

 

Step 3: Install gobuster

There are multiple ways to install gobuster on Ubuntu 20.04 LTS based systems depending on which version you are looking to install.

a) Using apt or apt-get

If you are looking to install the old version of gobuster then you can install it from default Ubuntu repo by using sudo apt install gobuster command as shown below.

cyberithub@ubuntu:~$ sudo apt install gobuster
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
linux-headers-5.15.0-46-generic linux-hwe-5.15-headers-5.15.0-46 linux-image-5.15.0-46-generic linux-modules-5.15.0-46-generic
linux-modules-extra-5.15.0-46-generic
Use 'sudo apt autoremove' to remove them.
The following NEW packages will be installed:
gobuster
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 1,279 kB of archives.
After this operation, 4,300 kB of additional disk space will be used.
Get:1 http://in.archive.ubuntu.com/ubuntu focal/universe amd64 gobuster amd64 2.0.1-1 [1,279 kB]
Fetched 1,279 kB in 3s (503 kB/s)
Selecting previously unselected package gobuster.
(Reading database ... 292131 files and directories currently installed.)
Preparing to unpack .../gobuster_2.0.1-1_amd64.deb ...
Unpacking gobuster (2.0.1-1) ...
Setting up gobuster (2.0.1-1) ...
Processing triggers for man-db (2.9.1-1) ...

b) Using go install

If you are looking to install the latest version of gobuster tool then you need to install it through go install command as shown below.

NOTE:

Please note that you need at least go 1.19 to compile gobuster using below step.
cyberithub@ubuntu:~$ go install github.com/OJ/gobuster/v3@latest
go: downloading github.com/OJ/gobuster/v3 v3.2.0
go: downloading github.com/OJ/gobuster v2.0.1+incompatible
go: downloading github.com/fatih/color v1.13.0
go: downloading github.com/spf13/cobra v1.5.0
go: downloading golang.org/x/term v0.0.0-20220919170432-7a66f970e087
go: downloading github.com/google/uuid v1.3.0
go: downloading github.com/mattn/go-colorable v0.1.13
go: downloading github.com/mattn/go-isatty v0.0.16
go: downloading github.com/spf13/pflag v1.0.5
go: downloading golang.org/x/sys v0.0.0-20221006211917-84dc82d7e875

After successful installation, you need to set the gobuster bin path to the global PATH environment variable as shown below.

cyberithub@ubuntu:~$ export PATH=$PATH:~/go/bin

To set the path permanently, insert an entry into ~/.profile file and then logout and login again to the system to reflect the updated changes.

 

Step 4: Check Version

After successful installation, you can test it by using gobuster version command as shown below.

cyberithub@ubuntu:~$ gobuster version
3.2.0-dev

 

Step 5: Using gobuster

Gobuster can be used in different modes. We will see the brute force example on dir, dns and vhost mode below.

a) DIR Mode

If you want to brute force URIs then use DIR mode as shown below.

cyberithub@ubuntu:~$ gobuster dir -u http://192.168.0.107 -w ~/directory/words.txt
===============================================================
Gobuster v3.2.0-dev
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@firefart)
===============================================================
[+] Url: http://192.168.0.107
[+] Method: GET
[+] Threads: 10
[+] Wordlist: /home/cyberithub/directory/words.txt
[+] Negative Status codes: 404
[+] User Agent: gobuster/3.2.0-dev
[+] Timeout: 10s
===============================================================
2022/10/13 01:35:30 Starting gobuster in directory enumeration mode
===============================================================
Error: the server returns a status code that matches the provided options for non existing urls. http://192.168.0.107/920db973-8976-46a5-b8fe-c200a5d0714c => 200 (Length: 901). To continue please exclude the status code or the length

b) DNS Mode

If you want to brute force dns subdomains then use DNS mode as shown below.

cyberithub@ubuntu:~$ gobuster dns -d example.com -w ~/dnsdomain/words.txt
===============================================================
Gobuster v3.2.0-dev
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@firefart)
===============================================================
[+] Domain: example.com
[+] Threads: 10
[+] Timeout: 1s
[+] Wordlist: /home/cyberithub/dnsdomain/words.txt
===============================================================
2022/10/13 01:36:18 Starting gobuster in DNS enumeration mode
===============================================================
===============================================================
2022/10/13 01:36:18 Finished
===============================================================

c) VHOST Mode

If you want to brute force virtual host on target webserver then use vhost mode as shown below.

cyberithub@ubuntu:~$ gobuster vhost -u example.com -w ~/vhosts/common.txt
===============================================================
Gobuster v3.2.0-dev
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@firefart)
===============================================================
[+] Url: http://example.com
[+] Method: GET
[+] Threads: 10
[+] Wordlist: /home/cyberithub/vhosts/common.txt
[+] User Agent: gobuster/3.2.0-dev
[+] Timeout: 10s
[+] Append Domain: false
===============================================================
2022/10/13 01:36:57 Starting gobuster in VHOST enumeration mode
===============================================================
Found: Moreover, it is important to note that for all the different available models, a specific set of Status: 400 [Size: 349]
Found: 5],[-2, 2],[-2, 3]]) Status: 400 [Size: 349]
Found: source, it can be contributed to by people who know something which can be done in a Status: 400 [Size: 349]
===============================================================
2022/10/13 01:37:00 Finished
===============================================================

 

Step 6: Check all the Available Options

You can check all the options available with gobuster command using gobuster help as shown below.

cyberithub@ubuntu:~$ gobuster help
Usage:
gobuster [command]

Available  Commands:
completion Generate the autocompletion script for the specified shell
dir        Uses directory/file enumeration mode
dns        Uses DNS subdomain enumeration mode
fuzz       Uses fuzzing mode
gcs        Uses gcs bucket enumeration mode
help       Help about any command
s3         Uses aws bucket enumeration mode
version    shows the current version
vhost      Uses VHOST enumeration mode (you most probably want to use the IP adress as the URL parameter

 

Step 7: Uninstall gobuster

Once you are done with gobuster, you can choose to remote it from your System by using sudo apt remove gobuster command as shown below.

NOTE:

Please be very sure before running below command on a production or critical server for any unwanted package removal. Make sure you do not remove any packages which are critical for running other applications in the server.
cyberithub@ubuntu:~$ sudo apt remove gobuster
[sudo] password for cyberithub:
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
linux-headers-5.15.0-46-generic linux-hwe-5.15-headers-5.15.0-46 linux-image-5.15.0-46-generic linux-modules-5.15.0-46-generic
linux-modules-extra-5.15.0-46-generic
Use 'sudo apt autoremove' to remove them.
The following packages will be REMOVED:
gobuster
0 upgraded, 0 newly installed, 1 to remove and 0 not upgraded.
After this operation, 4,300 kB disk space will be freed.
Do you want to continue? [Y/n] y
(Reading database ... 292136 files and directories currently installed.)
Removing gobuster (2.0.1-1) ...
Processing triggers for man-db (2.9.1-1) ...

1 thought on “How to Install gobuster on Ubuntu 20.04 LTS (Focal Fossa)”

Leave a Comment