Step 1: Install Gobuster
If you don’t have Gobuster installed on Kali Linux, you can install it with:
sudo apt update
sudo apt install gobuster

Step 2: Decide on a website you want to scan. For example, http://example.com.

Step 3: Find a Wordlist
Use an existing wordlist from /usr/share/wordlists/dirb/ or download one from SecLists. For this tutorial, we’ll use common.txt.

Step 4: Run Gobuster
Now, run Gobuster to scan for hidden directories and files:

gobuster dir -u http://example.com -w /usr/share/wordlists/dirb/common.txt -t 10

dir: Tells Gobuster to do a directory scan.
-u: The target URL.
-w: The wordlist you’ll use.
-t: The number of concurrent threads for faster results (default is 10, you can set up to 50).

Step 5: Review Results
Gobuster will show directories and files it found. Check for interesting paths (e.g., /admin, /uploads, etc.) that might be vulnerable.

This tutorial provides a quick, practical approach to using Gobuster for directory brute-forcing. You can expand by changing wordlists, using custom extensions, or tuning other options, but this will get you started with the basics.