Feroxbuster – content discovery tool

According its description: Feroxbuster is a simple, fast, recursive content discovery tool written in Rust.


❯ curl -sL https://raw.githubusercontent.com/epi052/feroxbuster/main/install-nix.sh | bash -s $HOME/.local/bin

[+] Installing feroxbuster to /home/ruben/.local/bin!
[=] Found 64-bit Linux, downloading from https://github.com/epi052/feroxbuster/releases/latest/download/x86_64-linux-feroxbuster.zip
[=] Installing Noto Emoji Font
[+] Noto Emoji Font installed
[+] Installed feroxbuster
  [-] path: /home/ruben/.local/bin/feroxbuster
  [-] version: 2.10.0Install

Useful options

Target selection:

  -u, --url <URL>
	  The target URL (required, unless [--stdin || --resume-from] used)
	  Read url(s) from STDIN

Composite settings:

Set --proxy to and set --insecure to true

Set --replay-proxy to and set --insecure to true

Proxy settings:

  -p, --proxy <PROXY>
          Proxy to use for requests (ex: http(s)://host:port, socks5(h)://host:port)

Request settings:

  -a, --user-agent <USER_AGENT>
          Sets the User-Agent (default: feroxbuster/2.10.0)

  -A, --random-agent
          Use a random User-Agent

  -x, --extensions <FILE_EXTENSION>...
          File extension(s) to search for (ex: -x php -x pdf js)

  -m, --methods <HTTP_METHODS>...
          Which HTTP request method(s) should be sent (default: GET)

      --data <DATA>
          Request's Body; can read data from a file if input starts with an @ (ex: @post.bin)

  -H, --headers <HEADER>...
          Specify HTTP headers to be used in each request (ex: -H Header:val -H 'stuff: things')

  -b, --cookies <COOKIE>...
          Specify HTTP cookies to be used in each request (ex: -b stuff=things)

  -Q, --query <QUERY>...
          Request's URL query parameters (ex: -Q token=stuff -Q secret=key)

  -f, --add-slash
          Append / to each request's URL

Request filters:

  --dont-scan <URL>...
          URL(s) or Regex Pattern(s) to exclude from recursion/scans

Response filters:

  -S, --filter-size <SIZE>...
          Filter out messages of a particular size (ex: -S 5120 -S 4927,1970)

  -C, --filter-status <STATUS_CODE>...
          Filter out status codes (deny list) (ex: -C 200 -C 401)

  -s, --status-codes <STATUS_CODE>...
          Status Codes to include (allow list) (default: All Status Codes)

Client settings:

  -r, --redirects
          Allow client to follow redirects

  -k, --insecure
          Disables TLS certificate validation in the client

Scan settings:

  -t, --threads <THREADS>
          Number of concurrent threads (default: 50)

  -n, --no-recursion
          Do not scan recursively

  -w, --wordlist <FILE>
          Path or URL of the wordlist

          Automatically lower scan rate when an excessive amount of errors are encountered

          Automatically stop scanning when an excessive amount of errors are encountered

Dynamic collection settings:

  -E, --collect-extensions
          Automatically discover extensions and add them to --extensions (unless they're in

  -B, --collect-backups
          Automatically request likely backup extensions for "found" urls

  -g, --collect-words
          Automatically discover important words from within responses and add them to the wordlist

  -I, --dont-collect <FILE_EXTENSION>...
          File extension(s) to Ignore while collecting extensions (only used with

Output settings:

  -v, --verbosity...
          Increase verbosity level (use -vv or more for greater effect. [CAUTION] 4 -v's is probably
          too much)

          Only print URLs + turn off logging (good for piping a list of urls to other commands)

  -q, --quiet
          Hide progress bars and banner (good for tmux windows w/ notifications)

          Emit JSON logs to --output and --debug-log instead of normal text

  -o, --output <FILE>
          Output file to write results to (use w/ --json for JSON entries)

Update settings:

  -U, --update
          Update feroxbuster to the latest version

Usage examples

❯ ./feroxbuster -u https://ginandjuice.shop/ -w ~/tools/SecLists/Discovery/Web-Content/raft-medium-directories.txt -s 200

___  ___  __   __     __      __         __   ___
|__  |__  |__) |__) | /  `    /  \ \_/ | |  \ |__
|    |___ |  \ |  \ | \__,    \__/ / \ | |__/ |___
by Ben "epi" Risher πŸ€“                 ver: 2.10.0
 🎯  Target Url            β”‚ https://ginandjuice.shop/
 πŸš€  Threads               β”‚ 50
 πŸ“–  Wordlist              β”‚ /home/ruben/tools/SecLists/Discovery/Web-Content/raft-medium-directories.txt
 πŸ‘Œ  Status Codes          β”‚ [200]
 πŸ’₯  Timeout (secs)        β”‚ 7
 🦑  User-Agent            β”‚ feroxbuster/2.10.0
 πŸ”Ž  Extract Links         β”‚ true
 🏁  HTTP methods          β”‚ [GET]
 πŸ”ƒ  Recursion Depth       β”‚ 4
 🏁  Press [ENTER] to use the Scan Management Menuβ„’
200      GET      172l      673w    10923c https://ginandjuice.shop/blog
200      GET       17l       54w     1435c https://ginandjuice.shop/resources/images/icon-cart.svg
200      GET       15l       51w     1175c https://ginandjuice.shop/resources/images/icon-account.svg
200      GET      179l      439w     6307c https://ginandjuice.shop/resources/footer/js/scanme.js
200      GET       92l      222w     3739c https://ginandjuice.shop/resources/js/subscribeNow.js
200      GET      166l      648w    11166c https://ginandjuice.shop/about
200      GET      507l     1589w    17727c https://ginandjuice.shop/resources/labheader/css/scanMeHeader.css
200      GET       98l      236w     5102c https://ginandjuice.shop/catalog/cart
200      GET        4l       27w     1041c https://ginandjuice.shop/resources/images/rating3.png
200      GET        3l       18w      812c https://ginandjuice.shop/resources/images/rating5.png
200      GET      132l      346w     7451c https://ginandjuice.shop/login
200      GET       64l      258w     2128c https://ginandjuice.shop/resources/js/deparam.js
200      GET       23l       55w      657c https://ginandjuice.shop/resources/js/searchLogger.js
200      GET      244l      620w    14092c https://ginandjuice.shop/catalog
200      GET     3592l     8736w    83010c https://ginandjuice.shop/resources/css/labsScanme.css
200      GET     1151l     2602w    23537c https://ginandjuice.shop/resources/css/labsBlog.css
200      GET        5l       21w     1062c https://ginandjuice.shop/resources/images/rating2.png
200      GET      209l     1412w   175137c https://ginandjuice.shop/image/scanme/blog/posts/5.jpg
200      GET        3l       15w      979c https://ginandjuice.shop/resources/images/rating1.png
200      GET     3342l    12825w   109909c https://ginandjuice.shop/resources/js/react.development.js
200      GET        3l       20w     1043c https://ginandjuice.shop/resources/images/rating4.png
200      GET      350l     3296w   195161c https://ginandjuice.shop/resources/js/angular_1-7-7.js
200      GET        7l     3591w   299989c https://ginandjuice.shop/resources/images/not-found.svg
200      GET      132l      345w     7442c https://ginandjuice.shop/Login
200      GET     1270l     2900w    26543c https://ginandjuice.shop/resources/css/labsEcommerce.css
200      GET      445l     2841w   318444c https://ginandjuice.shop/image/scanme/blog/posts/4.jpg
200      GET      836l     4895w   387212c https://ginandjuice.shop/image/scanme/productcatalog/products/9.png
200      GET      419l     2791w   446670c https://ginandjuice.shop/image/scanme/blog/posts/6.jpg
200      GET      364l     2275w   187239c https://ginandjuice.shop/image/scanme/productcatalog/products/4.png
200      GET      420l     2889w   208898c https://ginandjuice.shop/resources/images/gin-and-juice-team.jpg
200      GET      298l     1844w   187708c https://ginandjuice.shop/resources/images/gin-and-juice-distillery.jpg
200      GET      441l     2478w   207229c https://ginandjuice.shop/image/scanme/productcatalog/products/11.png
200      GET    29869l   116026w  1077021c https://ginandjuice.shop/resources/js/react-dom.development.js
200      GET     1017l     6273w   516206c https://ginandjuice.shop/image/scanme/productcatalog/products/8.png
200      GET     1157l     6752w   568698c https://ginandjuice.shop/image/scanme/productcatalog/products/6.png
200      GET      700l     4272w   337306c https://ginandjuice.shop/image/scanme/productcatalog/products/7.png
200      GET      301l     1989w   258433c https://ginandjuice.shop/image/scanme/blog/posts/3.jpg
200      GET     1489l     8168w   685398c https://ginandjuice.shop/image/scanme/productcatalog/products/3.png
200      GET     1407l     8305w   689546c https://ginandjuice.shop/image/scanme/productcatalog/products/1.png
200      GET      769l     3476w   256855c https://ginandjuice.shop/image/scanme/blog/posts/1.jpg
200      GET     1025l     6111w   483064c https://ginandjuice.shop/image/scanme/productcatalog/products/10.png
200      GET      172l      485w    10426c https://ginandjuice.shop/
200      GET      719l     3757w   302697c https://ginandjuice.shop/image/scanme/productcatalog/products/2.png
200      GET     7711l    43184w  3472827c https://ginandjuice.shop/resources/images/gin-and-juice-team.mp4
200      GET     1022l     6222w   480373c https://ginandjuice.shop/image/scanme/productcatalog/products/5.png
200      GET     1126l     6905w   569926c https://ginandjuice.shop/image/scanme/productcatalog/products/12.png
200      GET      931l     5166w   727474c https://ginandjuice.shop/image/scanme/blog/posts/2.jpg
200      GET      172l      671w    10905c https://ginandjuice.shop/Blog
200      GET        0l        0w        0c https://ginandjuice.shop/analytics
200      GET      166l      646w    11148c https://ginandjuice.shop/About
200      GET      244l      618w    14074c https://ginandjuice.shop/Catalog
200      GET      172l      671w    10905c https://ginandjuice.shop/BLOG
200      GET      166l      646w    11148c https://ginandjuice.shop/ABOUT
200      GET        0l        0w        0c https://ginandjuice.shop/Analytics
200      GET      132l      345w     7442c https://ginandjuice.shop/LOGIN
[####################] - 66s    30069/30069   0s      found:55      errors:0      
[####################] - 66s    30000/30000   457/s   https://ginandjuice.shop/