Web Application Analysiscontent discoveryforced browsingdirectory enumerationfile enumerationbrute forcerust

feroxbuster

Fast, simple, recursive content discovery tool written in Rust for performing Forced Browsing. Uses brute force combined with a wordlist to search for unlinked content in target directories.

Description

feroxbuster is designed to perform Forced Browsing, an attack aimed at enumerating and accessing resources not referenced by the web application but still accessible to an attacker. These resources may contain sensitive information such as source code, credentials, or internal network addressing. Also known as Predictable Resource Location, File Enumeration, Directory Enumeration, and Resource Enumeration.

The tool brute-forces directories using wordlists to uncover hidden files and directories. It supports recursion, multiple HTTP methods, custom headers, and various filtering options to refine scans. Ideal for web reconnaissance to identify potential vulnerabilities or exposed data.

feroxbuster offers advanced features like auto-tuning scan rates, dynamic word and extension collection, and integration with proxies like Burp for traffic analysis.

How It Works

feroxbuster sends HTTP requests to target URLs using provided wordlists, appending paths to enumerate directories and files. It supports recursion up to a specified depth, extracts links from responses unless disabled, and filters results by status codes, sizes, word counts, and regex patterns. Multiple threads enable concurrent requests with rate limiting; dynamic collection gathers words and extensions from responses to expand the scan. Proxies and custom headers allow integration with analysis tools.

Installation

bash

sudo apt install feroxbuster

Flags

-u, --url <URL>The target URL (required, unless [--stdin || --resume-from || --request-file] used)

-w, --wordlist <FILE>Path or URL of the wordlist

-t, --threads <THREADS>Number of concurrent threads (default: 50)

-x, --extensions <FILE_EXTENSION>...File extension(s) to search for (ex: -x php -x pdf js); reads values (newline-separated) from file if input starts with an @ (ex: @ext.txt)

-s, --status-codes <STATUS_CODE>...Status Codes to include (allow list) (default: All Status Codes)

--burpSet --proxy to http://127.0.0.1:8080 and set --insecure to true

-p, --proxy <PROXY>Proxy to use for requests (ex: http(s)://host:port, socks5(h)://host:port)

-d, --depth <RECURSION_DEPTH>Maximum recursion depth, a depth of 0 is infinite recursion (default: 4)

-o, --output <FILE>Output file to write results to (use w/ --json for JSON entries)

Examples

Multiple headers

feroxbuster -u http://127.1 -H Accept:application/json "Authorization: Bearer {token}"

IPv6, non-recursive scan with INFO-level logging enabled

feroxbuster -u http://[::1] --no-recursion -vv

Read urls from STDIN; pipe only resulting urls out to another tool

cat targets | feroxbuster --stdin --silent -s 200 301 302 --redirects -x js | fff -s 200 -o js-files

Proxy traffic through Burp

feroxbuster -u http://127.1 --burp

Proxy traffic through a SOCKS proxy

feroxbuster -u http://127.1 --proxy socks5://127.0.0.1:9050

Pass auth token via query parameter

feroxbuster -u http://127.1 --query token=0123456789ABCDEF

Ludicrous speed... go!

feroxbuster -u http://127.1 --threads 200

Limit to a total of 60 active requests at any given time (threads * scan limit)

feroxbuster -u http://127.1 --threads 30 --scan-limit 2

Updated 2026-04-16kali.org ↗