According its description: Feroxbuster is a simple, fast, recursive content discovery tool written in Rust.
Install
β― curl -sL https://raw.githubusercontent.com/epi052/feroxbuster/main/install-nix.sh | bash -s $HOME/.local/bin
[+] Installing feroxbuster to /home/ruben/.local/bin!
[=] Found 64-bit Linux, downloading from https://github.com/epi052/feroxbuster/releases/latest/download/x86_64-linux-feroxbuster.zip
[=] Installing Noto Emoji Font
[+] Noto Emoji Font installed
[+] Installed feroxbuster
[-] path: /home/ruben/.local/bin/feroxbuster
[-] version: 2.10.0InstallUseful options
Target selection:
-u, --url <URL>
The target URL (required, unless [--stdin || --resume-from] used)
--stdin
Read url(s) from STDINComposite settings:
--burp
Set --proxy to http://127.0.0.1:8080 and set --insecure to true
--burp-replay
Set --replay-proxy to http://127.0.0.1:8080 and set --insecure to trueProxy settings:
-p, --proxy <PROXY>
Proxy to use for requests (ex: http(s)://host:port, socks5(h)://host:port)Request settings:
-a, --user-agent <USER_AGENT>
Sets the User-Agent (default: feroxbuster/2.10.0)
-A, --random-agent
Use a random User-Agent
-x, --extensions <FILE_EXTENSION>...
File extension(s) to search for (ex: -x php -x pdf js)
-m, --methods <HTTP_METHODS>...
Which HTTP request method(s) should be sent (default: GET)
--data <DATA>
Request's Body; can read data from a file if input starts with an @ (ex: @post.bin)
-H, --headers <HEADER>...
Specify HTTP headers to be used in each request (ex: -H Header:val -H 'stuff: things')
-b, --cookies <COOKIE>...
Specify HTTP cookies to be used in each request (ex: -b stuff=things)
-Q, --query <QUERY>...
Request's URL query parameters (ex: -Q token=stuff -Q secret=key)
-f, --add-slash
Append / to each request's URLRequest filters:
--dont-scan <URL>...
URL(s) or Regex Pattern(s) to exclude from recursion/scans
Response filters:
-S, --filter-size <SIZE>...
Filter out messages of a particular size (ex: -S 5120 -S 4927,1970)
-C, --filter-status <STATUS_CODE>...
Filter out status codes (deny list) (ex: -C 200 -C 401)
-s, --status-codes <STATUS_CODE>...
Status Codes to include (allow list) (default: All Status Codes)Client settings:
-r, --redirects
Allow client to follow redirects
-k, --insecure
Disables TLS certificate validation in the clientScan settings:
-t, --threads <THREADS>
Number of concurrent threads (default: 50)
-n, --no-recursion
Do not scan recursively
-w, --wordlist <FILE>
Path or URL of the wordlist
--auto-tune
Automatically lower scan rate when an excessive amount of errors are encountered
--auto-bail
Automatically stop scanning when an excessive amount of errors are encounteredDynamic collection settings:
-E, --collect-extensions
Automatically discover extensions and add them to --extensions (unless they're in
--dont-collect)
-B, --collect-backups
Automatically request likely backup extensions for "found" urls
-g, --collect-words
Automatically discover important words from within responses and add them to the wordlist
-I, --dont-collect <FILE_EXTENSION>...
File extension(s) to Ignore while collecting extensions (only used with
--collect-extensions)Output settings:
-v, --verbosity...
Increase verbosity level (use -vv or more for greater effect. [CAUTION] 4 -v's is probably
too much)
--silent
Only print URLs + turn off logging (good for piping a list of urls to other commands)
-q, --quiet
Hide progress bars and banner (good for tmux windows w/ notifications)
--json
Emit JSON logs to --output and --debug-log instead of normal text
-o, --output <FILE>
Output file to write results to (use w/ --json for JSON entries)Update settings:
-U, --update
Update feroxbuster to the latest versionUsage examples
β― ./feroxbuster -u https://ginandjuice.shop/ -w ~/tools/SecLists/Discovery/Web-Content/raft-medium-directories.txt -s 200
___ ___ __ __ __ __ __ ___
|__ |__ |__) |__) | / ` / \ \_/ | | \ |__
| |___ | \ | \ | \__, \__/ / \ | |__/ |___
by Ben "epi" Risher π€ ver: 2.10.0
ββββββββββββββββββββββββββββ¬ββββββββββββββββββββββ
π― Target Url β https://ginandjuice.shop/
π Threads β 50
π Wordlist β /home/ruben/tools/SecLists/Discovery/Web-Content/raft-medium-directories.txt
π Status Codes β [200]
π₯ Timeout (secs) β 7
𦑠User-Agent β feroxbuster/2.10.0
π Extract Links β true
π HTTP methods β [GET]
π Recursion Depth β 4
ββββββββββββββββββββββββββββ΄ββββββββββββββββββββββ
π Press [ENTER] to use the Scan Management Menuβ’
ββββββββββββββββββββββββββββββββββββββββββββββββββ
200 GET 172l 673w 10923c https://ginandjuice.shop/blog
200 GET 17l 54w 1435c https://ginandjuice.shop/resources/images/icon-cart.svg
200 GET 15l 51w 1175c https://ginandjuice.shop/resources/images/icon-account.svg
200 GET 179l 439w 6307c https://ginandjuice.shop/resources/footer/js/scanme.js
200 GET 92l 222w 3739c https://ginandjuice.shop/resources/js/subscribeNow.js
200 GET 166l 648w 11166c https://ginandjuice.shop/about
200 GET 507l 1589w 17727c https://ginandjuice.shop/resources/labheader/css/scanMeHeader.css
200 GET 98l 236w 5102c https://ginandjuice.shop/catalog/cart
200 GET 4l 27w 1041c https://ginandjuice.shop/resources/images/rating3.png
200 GET 3l 18w 812c https://ginandjuice.shop/resources/images/rating5.png
200 GET 132l 346w 7451c https://ginandjuice.shop/login
200 GET 64l 258w 2128c https://ginandjuice.shop/resources/js/deparam.js
200 GET 23l 55w 657c https://ginandjuice.shop/resources/js/searchLogger.js
200 GET 244l 620w 14092c https://ginandjuice.shop/catalog
200 GET 3592l 8736w 83010c https://ginandjuice.shop/resources/css/labsScanme.css
200 GET 1151l 2602w 23537c https://ginandjuice.shop/resources/css/labsBlog.css
200 GET 5l 21w 1062c https://ginandjuice.shop/resources/images/rating2.png
200 GET 209l 1412w 175137c https://ginandjuice.shop/image/scanme/blog/posts/5.jpg
200 GET 3l 15w 979c https://ginandjuice.shop/resources/images/rating1.png
200 GET 3342l 12825w 109909c https://ginandjuice.shop/resources/js/react.development.js
200 GET 3l 20w 1043c https://ginandjuice.shop/resources/images/rating4.png
200 GET 350l 3296w 195161c https://ginandjuice.shop/resources/js/angular_1-7-7.js
200 GET 7l 3591w 299989c https://ginandjuice.shop/resources/images/not-found.svg
200 GET 132l 345w 7442c https://ginandjuice.shop/Login
200 GET 1270l 2900w 26543c https://ginandjuice.shop/resources/css/labsEcommerce.css
200 GET 445l 2841w 318444c https://ginandjuice.shop/image/scanme/blog/posts/4.jpg
200 GET 836l 4895w 387212c https://ginandjuice.shop/image/scanme/productcatalog/products/9.png
200 GET 419l 2791w 446670c https://ginandjuice.shop/image/scanme/blog/posts/6.jpg
200 GET 364l 2275w 187239c https://ginandjuice.shop/image/scanme/productcatalog/products/4.png
200 GET 420l 2889w 208898c https://ginandjuice.shop/resources/images/gin-and-juice-team.jpg
200 GET 298l 1844w 187708c https://ginandjuice.shop/resources/images/gin-and-juice-distillery.jpg
200 GET 441l 2478w 207229c https://ginandjuice.shop/image/scanme/productcatalog/products/11.png
200 GET 29869l 116026w 1077021c https://ginandjuice.shop/resources/js/react-dom.development.js
200 GET 1017l 6273w 516206c https://ginandjuice.shop/image/scanme/productcatalog/products/8.png
200 GET 1157l 6752w 568698c https://ginandjuice.shop/image/scanme/productcatalog/products/6.png
200 GET 700l 4272w 337306c https://ginandjuice.shop/image/scanme/productcatalog/products/7.png
200 GET 301l 1989w 258433c https://ginandjuice.shop/image/scanme/blog/posts/3.jpg
200 GET 1489l 8168w 685398c https://ginandjuice.shop/image/scanme/productcatalog/products/3.png
200 GET 1407l 8305w 689546c https://ginandjuice.shop/image/scanme/productcatalog/products/1.png
200 GET 769l 3476w 256855c https://ginandjuice.shop/image/scanme/blog/posts/1.jpg
200 GET 1025l 6111w 483064c https://ginandjuice.shop/image/scanme/productcatalog/products/10.png
200 GET 172l 485w 10426c https://ginandjuice.shop/
200 GET 719l 3757w 302697c https://ginandjuice.shop/image/scanme/productcatalog/products/2.png
200 GET 7711l 43184w 3472827c https://ginandjuice.shop/resources/images/gin-and-juice-team.mp4
200 GET 1022l 6222w 480373c https://ginandjuice.shop/image/scanme/productcatalog/products/5.png
200 GET 1126l 6905w 569926c https://ginandjuice.shop/image/scanme/productcatalog/products/12.png
200 GET 931l 5166w 727474c https://ginandjuice.shop/image/scanme/blog/posts/2.jpg
200 GET 172l 671w 10905c https://ginandjuice.shop/Blog
200 GET 0l 0w 0c https://ginandjuice.shop/analytics
200 GET 166l 646w 11148c https://ginandjuice.shop/About
200 GET 244l 618w 14074c https://ginandjuice.shop/Catalog
200 GET 172l 671w 10905c https://ginandjuice.shop/BLOG
200 GET 166l 646w 11148c https://ginandjuice.shop/ABOUT
200 GET 0l 0w 0c https://ginandjuice.shop/Analytics
200 GET 132l 345w 7442c https://ginandjuice.shop/LOGIN
[####################] - 66s 30069/30069 0s found:55 errors:0
[####################] - 66s 30000/30000 457/s https://ginandjuice.shop/