Feroxbuster

Feroxbuster Icon
Feroxbuster is a fast, recursive content discovery tool designed for web penetration testing. It efficiently scans websites and directories for hidden files, endpoints, and misconfigurations using brute-force techniques. With its multi-threaded approach, Feroxbuster helps pentesters uncover attack surfaces, aiding in web application pentesting and bug hunting.

Installation and Setup

Using apt

curl -sLO https://github.com/epi052/feroxbuster/releases/latest/download/feroxbuster_amd64.deb.zip
unzip feroxbuster_amd64.deb.zip
sudo apt install ./feroxbuster_*_amd64.deb

Using Pacman for the Arch Linux

pacman -S feroxbuster

Using Chocolatey community repos

choco install feroxbuster

Using Docker

docker pull epi052/feroxbuster
sudo docker run --init -it epi052/feroxbuster -u http://example.com -x js,html

Using Homebrew on MacOS

brew install feroxbuster

Using Kali Linux

sudo apt update && sudo apt install -y feroxbuster

Using Snap

sudo snap install feroxbuster

Basic Usage

feroxbuster -u http://example.com             #Basic Scan
feroxbuster -u http://example.com -v          #Verbose Output
feroxbuster -u http://example.com --silent    #Silent Mode (Only Results)
feroxbuster -u http://example.com --json      #JSON Output

Wordlists and Extensions

feroxbuster -u http://example.com -w /path/to/wordlist.txt                                  #Use Custom Wordlist
feroxbuster -u http://example.com -x php,html,txt                                           #Append File Extensions
feroxbuster -u http://example.com -x js,json,css -w mylist.txt                              #Combine Extensions & Wordlist
feroxbuster -u http://example.com -w /usr/share/seclists/Discovery/Web-Content/common.txt   #Use SecLists

Recursive Scanning

feroxbuster -u http://example.com -r                          #Enable Recursive Scanning
feroxbuster -u http://example.com -r --depth 3                #Set Maximum Recursion Depth
feroxbuster -u http://example.com -r --auto-tune              #Optimize for Recursion
feroxbuster -u http://example.com -r --scan-complete-signal   #Stop When Scan is Done

Installation and Setup

feroxbuster -u http://example.com -r                           #Enable Recursive Scanning
feroxbuster -u http://example.com -r --depth 3                 #Set Maximum Recursion Depth
feroxbuster -u http://example.com -r --auto-tune               #Optimize for Recursion
feroxbuster -u http://example.com -r --scan-complete-signal    #Stop When Scan is Done

Filtering and Output

feroxbuster -u http://example.com --filter-size 1234              #Exclude Responses of Specific Size
feroxbuster -u http://example.com --filter-words 100              #Exclude Responses with X Words
feroxbuster -u http://example.com --filter-lines 20               #Exclude Responses with X Lines
feroxbuster -u http://example.com -o results.txt                  #Save Results to a File
feroxbuster -u http://example.com -o results.json -f json         #Save as JSON
feroxbuster -u http://example.com -s 200,204,301,302              #Include Only Certain Status Codes
feroxbuster -u http://example.com -C 403,404                      #Exclude Specific Status Codes
feroxbuster -u http://example.com --output-format=json --quiet    #JSON Output, No Progress Display

Performance Tuning

feroxbuster -u http://example.com -t 100                #Increase Threads for Faster Scanning
feroxbuster -u http://example.com --rate-limit 10       #Limit Requests Per Second
feroxbuster -u http://example.com --timeout 5           #Set Request Timeout
feroxbuster -u http://example.com --auto-tune           #Auto-Optimize for Speed
feroxbuster -u http://example.com --no-state            #Disable State File (For Large Scans)
feroxbuster -u http://example.com --scan-limit 5000     #Stop After 5000 Requests

Authentication and Proxies

feroxbuster -u http://example.com -H "Authorization: Basic <base64_credentials>"     #Basic Auth
feroxbuster -u http://example.com --proxy http://127.0.0.1:8080                      #Use HTTP Proxy
feroxbuster -u http://example.com --proxy socks5://127.0.0.1:9050                    #Use SOCKS5 Proxy
feroxbuster -u http://example.com --proxy 127.0.0.1:8080 --proxy-cred user:pass      #Proxy with Authentication
feroxbuster -u http://example.com -H "Cookie: sessionid=abc123"                      #Use Custom Cookies

Wildcard Handling

feroxbuster -u http://example.com --dont-filter                           #Disable Automatic Wildcard Filtering
feroxbuster -u http://example.com --filter-lines 10                       #Filter Responses with 10 Lines (Helps with Wildcards)
feroxbuster -u http://example.com --replay-proxy http://127.0.0.1:8080    #Replay Requests Through Proxy

Bypass Techniques

feroxbuster -u http://example.com -H "X-Original-URL: /admin"                  #Bypass Security Filters
feroxbuster -u http://example.com -H "X-Rewrite-URL: /admin"                   #Another Bypass Method
feroxbuster -u http://example.com -H "X-Custom-IP-Authorization: 127.0.0.1"    #WAF Evasion
feroxbuster -u http://example.com -H "X-Originating-IP: 127.0.0.1"             #Another WAF Bypass
feroxbuster -u http://example.com --url-encode                                 #Encode URLs to Evade Detection

Custom Headers and User-Agents

feroxbuster -u http://example.com -H "User-Agent: Mozilla/5.0"            #Set Custom User-Agent
feroxbuster -u http://example.com -H "Referer: https://google.com"        #Spoof Referrer
feroxbuster -u http://example.com --random-agent                          #Use Random User-Agent
feroxbuster -u http://example.com -H "X-Forwarded-For: 127.0.0.1"         #Spoof X-Forwarded-For

Combining Options

feroxbuster -u http://example.com -w /path/to/wordlist.txt -x php,html -r -t 100 -o results.txt          #Large Scan
feroxbuster -u http://example.com -w adminlist.txt --proxy socks5://127.0.0.1:9050                       #Stealth Scan via Proxy
feroxbuster -u http://example.com -H "Authorization: Bearer <token>" -r -o admin_panels.txt              #Admin Panel Discovery
feroxbuster -u http://example.com -H "User-Agent: Googlebot" -x php,html,js -o bot_scan_results.txt      #Mimic Googlebot

Troubleshooting

feroxbuster -u http://example.com --debug-log ferox_debug.log    #Debugging
feroxbuster -u http://example.com --verbose                      #Enable Verbose Output
feroxbuster -u http://example.com --no-recursion                 #Disable Recursion if Stuck
feroxbuster -u http://example.com --resume-from results.txt      #Resume from Last Scan

Best Practices

feroxbuster -u http://example.com -w /usr/share/seclists/Discovery/Web-Content/raft-large-words.txt -t 100 -r -o ferox_results.txt   #Large Scale Scanning
feroxbuster -u http://example.com -w custom-wordlist.txt --proxy socks5://127.0.0.1:9050                                             #Stealth Scanning via Proxy
feroxbuster -u http://example.com -x php,html,js -H "User-Agent: Googlebot" -o bot_scan_results.txt                                  #Mimic Web Crawlers
feroxbuster -u http://example.com --auto-tune --rate-limit 5 --proxy socks5://127.0.0.1:9050                                         #Optimized Stealth Scan