feroxbuster

Fast, recursive content discovery tool written in Rust. Excels at finding unlinked content.

Install:

curl -sL https://raw.githubusercontent.com/epi052/feroxbuster/main/install-nix.sh | sudo bash -s /usr/local/bin

Basic Usage

# Default scan (uses built-in wordlist)
feroxbuster -u http://TARGET

# Custom wordlist
feroxbuster -u http://TARGET -w /usr/share/seclists/Discovery/Web-Content/common.txt

Recursive Scanning

Feroxbuster is recursive by default - automatically scans discovered directories.

# Limit recursion depth
feroxbuster -u http://TARGET -d 2

# Disable recursion
feroxbuster -u http://TARGET -n

# Only recurse on specific status codes
feroxbuster -u http://TARGET --force-recursion -s 200,301

Extensions

# Add file extensions
feroxbuster -u http://TARGET -x php,html,txt,bak,js

# Multiple extensions
feroxbuster -u http://TARGET -x php -x html -x txt

Filtering Output

Flag

Description

-s

Status codes to include (whitelist)

-C

Status codes to exclude (blacklist)

-S

Filter by response size

-W

Filter by word count

-N

Filter by line count

-X

Filter by regex pattern

--filter-similar-to

Exclude pages similar to a reference

--dont-scan

Exclude specific paths from scanning

Examples

# Only show 200 responses
feroxbuster -u http://TARGET -s 200

# Exclude 404 and 500
feroxbuster -u http://TARGET -C 404,500

# Exclude by response size
feroxbuster -u http://TARGET -S 1234

# Filter by word count
feroxbuster -u http://TARGET -W 100

# Filter by regex (exclude error pages)
feroxbuster -u http://TARGET -X "not found|error"

# Don't scan specific paths
feroxbuster -u http://TARGET --dont-scan /uploads --dont-scan /static

Performance

# Threads (default 50)
feroxbuster -u http://TARGET -t 100

# Rate limit (requests per second)
feroxbuster -u http://TARGET --rate-limit 100

# Timeout
feroxbuster -u http://TARGET -T 10

Authentication

# Cookie
feroxbuster -u http://TARGET -b "session=abc123"

# Header
feroxbuster -u http://TARGET -H "Authorization: Bearer TOKEN"

Proxy

# Through Burp
feroxbuster -u http://TARGET --insecure --proxy http://127.0.0.1:8080

# Through SOCKS proxy
feroxbuster -u http://TARGET --proxy socks5h://127.0.0.1:9050

Output

# Save to file
feroxbuster -u http://TARGET -o results.txt

# JSON output
feroxbuster -u http://TARGET --json -o results.json

# Quiet mode (less output)
feroxbuster -u http://TARGET -q

Advanced Options

# Follow redirects
feroxbuster -u http://TARGET -r

# Custom User-Agent
feroxbuster -u http://TARGET -a "Mozilla/5.0"

# Scan multiple URLs from file
feroxbuster --stdin < urls.txt

# Resume scan from state file
feroxbuster --resume-from ferox-state.json

# Auto-tune (smart throttling)
feroxbuster -u http://TARGET --auto-tune

Quick Reference

# Standard recursive scan
feroxbuster -u http://TARGET -w /usr/share/seclists/Discovery/Web-Content/common.txt -x php,html -d 2

# Fast scan with filtering
feroxbuster -u http://TARGET -t 100 -C 404,403 -S 0

# Through proxy
feroxbuster -u http://TARGET --insecure --proxy http://127.0.0.1:8080 -k

# Save results
feroxbuster -u http://TARGET -o scan_results.txt

Previouscrackmapexec Pastable Commands Nextffuf

Last updated 5 days ago

hashtagBasic Usage

hashtagRecursive Scanning

hashtagExtensions

hashtagFiltering Output

hashtagExamples

hashtagPerformance

hashtagAuthentication

hashtagProxy

hashtagOutput

hashtagAdvanced Options

hashtagQuick Reference