feroxbuster

Discover specific directories and files that match in the wordlist with extensions and 100 threads and a random user-agent

$ feroxbuster --url "[https://example.com]" --wordlist [path/to/file] --threads [100] --extensions "[php,txt]" --random-agent

$ feroxbuster --url "[https://example.com]" --wordlist [path/to/file] --no-recursion --proxy "[http://127.0.0.1:8080]"

$ feroxbuster --url "[https://example.com]" --extract-links

$ feroxbuster --url "[https://example.com]" --filter-status [301] --filter-size [4092]

feroxbuster [OPTIONS] <URL>

-u, --url <URL>
    Target base URL to fuzz

-w, --wordlist <WORDLIST>
    Path to wordlist file (required)

-t, --threads <N>
    Number of concurrent threads (default: 50)

-x <EXTS>
    File extensions to append, e.g., php,html,txt

-r, --recursion
    Enable recursive directory scanning

-l, --maxlength <N>
    Ignore responses over N bytes

-d, --depth <N>
    Maximum recursion depth (default: 4)

-H, --header <HEADER:VALUE>
    Add custom HTTP header

-m, --method <METHOD>
    HTTP method (default: GET)

-q, --quiet
    Suppress output except discovered items

-o, --output <FILE>
    Save output to file

-s, --status-codes <CODES>
    Filter by status codes, e.g., 200,301,403

--proxy <PROXY>
    Use HTTP/SOCKS proxy

-a, --auto-tune
    Automatically tune scan parameters

-k, --insecure
    Skip SSL/TLS certificate validation

-f, --force-recursion
    Recurse even on non-2XX responses

--wildcard
    Detect and filter wildcard responses

-D, --deny-code <CODES>
    Do not scan links with these status codes

-R, --requests-per-host <N>
    Max requests per host per second

-T, --timeout <N>
    Request timeout in seconds (default: 7)

Feroxbuster is a high-speed, multi-threaded content discovery tool written in Rust, designed for brute-forcing directories, files, and subdomains on web servers. It excels in performance compared to tools like Gobuster or DirB, leveraging Rust's concurrency for rapid scanning.

Key features include recursive fuzzing, automatic extension appending, customizable HTTP methods, status code filtering, wildcard support for false positive reduction, and output in JSON, HTML, or plain text. Users specify a target URL, wordlist, and options like thread count or headers to mimic requests. It's particularly useful in penetration testing, bug bounty hunting, and security assessments to uncover hidden endpoints, backups, or admin panels.

The tool supports proxy integration (e.g., Burp Suite), rate limiting to avoid detection, and auto-tuning for optimal performance. Filters allow ignoring specific status codes or response sizes, enhancing accuracy. Feroxbuster outputs discovered URLs with response details, aiding further enumeration.

Generates high traffic; use --requests-per-host for rate limiting to avoid bans. Recursive scans can be resource-intensive. Requires wordlists; lacks built-in ones. Not for production sites without permission.

Install via Cargo: cargo install feroxbuster. Or download prebuilt binaries from GitHub releases for Linux/macOS/Windows.

feroxbuster -u http://example.com -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -t 100 -x php,html,txt -r
Discovers directories recursively with common extensions.

Compatible with SecLists, DirB, or custom lists. Larger lists increase scan time but coverage.

Developed by @epi052 starting in 2019 as a faster alternative to Gobuster. Written in Rust for performance gains. Actively maintained on GitHub with frequent updates, v2.0+ introducing auto-tune and improved recursion. Widely adopted in security communities.

gobuster(1), ffuf(1), dirb(1), dirbuster(1)