feroxbuster

Discover specific directories and files that match in the wordlist with extensions and 100 threads and a random user-agent

$ feroxbuster --url "[https://example.com]" --wordlist [path/to/file] --threads [100] --extensions "[php,txt]" --random-agent

$ feroxbuster --url "[https://example.com]" --wordlist [path/to/file] --no-recursion --proxy "[http://127.0.0.1:8080]"

$ feroxbuster --url "[https://example.com]" --extract-links

$ feroxbuster --url "[https://example.com]" --filter-status [301] --filter-size [4092]

feroxbuster [OPTIONS] -u URL

-u
    URL to scan. This is the base URL where feroxbuster will start its discovery process.


-w
    Wordlist file to use. Specifies the path to the wordlist file containing potential directory and file names.


-x
    File extensions to search for. Comma-separated list of file extensions to append to each word in the wordlist.


-d
    Recursion depth. Determines how many levels deep feroxbuster will recursively search for content.


-t
    Number of threads to use. Controls the concurrency of the scan, impacting its speed.


-H
    Custom headers to send with requests. Allows specifying additional HTTP headers, e.g., User-Agent.


-s
    Acceptable status codes. Comma-separated list of HTTP status codes to consider as valid results.


-n
    Don't recursively scan. Disables the recursive scan of discovered directories.


-f
    Force wildcard. Forces feroxbuster to assume the target server uses a wildcard response for non-existent resources.


-q
    Quiet mode. Suppresses all output except for discovered URLs.


-v
    Verbose mode. Increases verbosity of the output.


-o
    Output to file. Writes the results of the scan to the specified file.


-p
    Proxy to use. Specifies a proxy server to route traffic through, useful for anonymity or bypassing network restrictions.


--data
    Post data. Send POST request. Needs URL and wordlist.


--config
    Config file to use. Reads configuration options from a file, allowing for more complex setups.

feroxbuster is a powerful, fast, and recursive content discovery tool written in Rust. It's primarily used for brute-forcing directories and files on web servers to identify hidden or undocumented resources. Unlike simple wordlist scanners, feroxbuster intelligently handles responses, filtering out false positives and recursively exploring discovered directories. It leverages concurrency to achieve high scanning speeds, making it a valuable tool for penetration testers, bug bounty hunters, and security researchers. It supports features like custom headers, proxies, user-agent spoofing, and various recursion depths and filtering options to fine-tune the scan.

Some web servers return a 'catch-all' response, known as a wildcard response, for any URL, even if the resource doesn't exist. feroxbuster can detect and handle these cases, but sometimes manual intervention (using the `-f` flag) is required to force wildcard mode.

feroxbuster employs several techniques to minimize false positives. Understanding how it filters responses (e.g., based on status codes, content length) can help in fine-tuning scans for specific environments.

dirb(1), gobuster(1), ffuf(1)