Feroxbuster

Feroxbuster is a Rust-based tool for web content discovery featuring rapid scanning, automatic recursion, and intelligent filtering. This cheat sheet covers installation, usage patterns, and advanced techniques.

Installation

Linux/Ubuntu

# Install from repository (if available)
sudo apt update
sudo apt install feroxbuster

# Download latest release
curl -sL https://github.com/epi052/feroxbuster/releases/latest/download/x86_64-linux-feroxbuster.zip -o feroxbuster.zip
unzip feroxbuster.zip
chmod +x feroxbuster
sudo mv feroxbuster /usr/local/bin/

# Build from source
cargo install feroxbuster

macOS

# Homebrew
brew install feroxbuster

# Manual download
curl -sL https://github.com/epi052/feroxbuster/releases/latest/download/x86_64-macos-feroxbuster.zip -o feroxbuster.zip
unzip feroxbuster.zip
chmod +x feroxbuster
sudo mv feroxbuster /usr/local/bin/

Windows

# Scoop
scoop install feroxbuster

# Manual download and extract to PATH

Basic Commands

Command	Description
feroxbuster -u http://target.com -w wordlist.txt	Basic scan
feroxbuster --url http://target.com -w wordlist.txt	URL format alternative
feroxbuster -u http://target.com -w wordlist.txt -t 50	Set thread count
feroxbuster -u http://target.com:8080 -w wordlist.txt	Specify custom port
feroxbuster -u https://target.com -w wordlist.txt -k	HTTPS with insecure SSL
feroxbuster --help	Display help menu
feroxbuster --version	Show version info

Essential Options

Option	Description
-u, --url <URL>	Target URL
-w, --wordlist <FILE>	Wordlist file path
-t, --threads <NUM>	Number of concurrent requests (default: 50)
-x, --extensions <EXT>	File extensions (comma-separated: php,html,txt)
-s, --status-codes <CODES>	HTTP status codes to report (default: 200,204,301,302,307,401,403,405,500)
--filter-status <CODES>	Status codes to ignore/filter
--filter-size <SIZE>	Filter responses by size
--filter-word-count <NUM>	Filter by word count
--filter-line-count <NUM>	Filter by line count
-o, --output <FILE>	Save results to file
-r, --redirects	Follow redirects
-n, --no-recursion	Disable recursion
--depth <NUM>	Maximum recursion depth
-d, --scan-limit <NUM>	Limit entries per directory scan
-p, --proxy <IP:PORT>	HTTP proxy address
-H, --headers <HEADER>	Add custom header (repeatable)
-A, --user-agent <UA>	Custom User-Agent
--insecure, -k	Skip SSL verification
-v, --verbose	Verbose output
--json	JSON output format
--url-denylist <FILE>	Skip certain URLs

Common Usage Patterns

Basic Directory Enumeration

# Default wordlist scan
feroxbuster -u http://target.com -w /usr/share/wordlists/dirb/common.txt

# With custom thread count for speed
feroxbuster -u http://target.com -w wordlist.txt -t 200

# Multiple extensions
feroxbuster -u http://target.com -w wordlist.txt -x php,html,jsp,aspx

# Save results
feroxbuster -u http://target.com -w wordlist.txt -o results.txt

Recursive Scanning

# Enable recursion with depth limit
feroxbuster -u http://target.com -w wordlist.txt -r --depth 3

# Full recursion (default)
feroxbuster -u http://target.com -w wordlist.txt -r

# Limit scan entries per directory
feroxbuster -u http://target.com -w wordlist.txt -r -d 100

Filtering Results

# Filter by status code (ignore 404s)
feroxbuster -u http://target.com -w wordlist.txt --filter-status 404

# Filter by response size (avoid false positives)
feroxbuster -u http://target.com -w wordlist.txt --filter-size 1234

# Filter by word count
feroxbuster -u http://target.com -w wordlist.txt --filter-word-count 0

# Combine filters
feroxbuster -u http://target.com -w wordlist.txt \
  --filter-status 404,403 \
  --filter-size 5000

Advanced Techniques

# Custom headers
feroxbuster -u http://target.com -w wordlist.txt \
  -H "Authorization: Bearer token123" \
  -H "X-Custom-Header: value"

# Custom User-Agent
feroxbuster -u http://target.com -w wordlist.txt \
  -A "Mozilla/5.0 (Windows NT 10.0; Win64; x64)"

# Through HTTP proxy (Burp Suite)
feroxbuster -u http://target.com -w wordlist.txt -p http://127.0.0.1:8080

# HTTPS with self-signed certificate
feroxbuster -u https://target.com -w wordlist.txt -k

# Verbose output with JSON
feroxbuster -u http://target.com -w wordlist.txt --json --output results.json -v

# Follow redirects
feroxbuster -u http://target.com -w wordlist.txt -r --redirects

Configuration File

Feroxbuster supports .feroxbuster configuration file:

# Create config in home directory
cat > ~/.feroxbuster.toml << EOF
[general]
threads = 100
wordlist = "/usr/share/wordlists/dirb/common.txt"
timeout = 10
status_codes = [200, 204, 301, 302]

[filter]
status_codes = [404, 403]

[scanner]
follow_redirects = true
depth = 3
EOF

# Use config file
feroxbuster -u http://target.com --config ~/.feroxbuster.toml

Wordlist Strategies

Common Wordlists

# System wordlists
/usr/share/wordlists/dirb/common.txt
/usr/share/wordlists/dirb/big.txt
/usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt

# Download SecLists
git clone https://github.com/danielmiessler/SecLists.git
feroxbuster -u http://target.com -w SecLists/Discovery/Web-Content/common.txt

# API endpoints
feroxbuster -u http://target.com -w SecLists/Discovery/Web-Content/api/objects.txt

# Database files
feroxbuster -u http://target.com -w SecLists/Discovery/Web-Content/quickhits.txt -x db,sql,backup

Create Custom Wordlists

# Extract words from website
curl -s http://target.com | tr ' ' '\n' | grep -E '^[a-z]+$' | sort -u > custom.txt

# Generate admin wordlist
echo -e "admin\nadministrator\nbackend\ndashboard\nconsole" > admin.txt

# Combine wordlists
cat wordlist1.txt wordlist2.txt | sort -u > combined.txt

# Generate variations
for word in admin api backup; do
  echo "$word"
  echo "${word}s"
  echo "_$word"
  echo "old_$word"
done > variations.txt

Output Formats

JSON Output

# Generate JSON results
feroxbuster -u http://target.com -w wordlist.txt --json -o results.json

# Parse JSON results
cat results.json | jq '.results[] | select(.status == 200) | .url'

Standard Output

# Verbose output to console
feroxbuster -u http://target.com -w wordlist.txt -v | tee results.txt

# Save with timestamp
feroxbuster -u http://target.com -w wordlist.txt -o "scan_$(date +%s).txt"

Comparison with Alternatives

Tool	Speed	Recursion	Features	Best For
Feroxbuster	Very Fast	Excellent	Auto-filtering, JSON	Modern, automated scanning
Gobuster	Fast	Good	Multiple modes	DNS, vhost enumeration
DirBuster	Slow	Limited	GUI option	Manual assessment
FFUF	Very Fast	Manual	Advanced fuzzing	Custom payloads

Troubleshooting

Common Issues

High rate limiting or timeouts

# Reduce thread count
feroxbuster -u http://target.com -w wordlist.txt -t 10

# Increase timeout
feroxbuster -u http://target.com -w wordlist.txt --timeout 30

False positives from catch-all pages

# Filter custom error pages by size
feroxbuster -u http://target.com -w wordlist.txt --filter-size 1234

# Identify error page size first
curl -s http://target.com/nonexistent | wc -c

SSL certificate errors

# Ignore certificate validation
feroxbuster -u https://target.com -w wordlist.txt --insecure

Best Practices

• Use appropriate thread counts (50-200) based on target capacity
• Always use a wordlist tailored to the target technology
• Filter common false positives (catch-all pages, default errors)
• Use recursion with depth limits to avoid excessive scanning
• Combine status code and size filtering for accuracy
• Test manually with curl before automated scanning
• Document filter rules used for result interpretation
• Save results with timestamps for historical reference

Advanced Examples

Full Web Application Scan

feroxbuster -u http://target.com \
  -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt \
  -x php,html,js,json,xml \
  -t 100 \
  -r \
  --depth 3 \
  --filter-status 404,403 \
  --filter-size 1000 \
  -o scan_results.txt \
  -v

API Endpoint Discovery

feroxbuster -u http://target.com/api \
  -w ./api_wordlist.txt \
  -x json,xml \
  -t 150 \
  -r \
  --filter-status 404 \
  -H "Content-Type: application/json" \
  --json -o api_endpoints.json

Evasion Techniques

# Custom User-Agent to evade WAF
feroxbuster -u http://target.com -w wordlist.txt \
  -A "Mozilla/5.0 (X11; Linux x86_64)" \
  -H "X-Forwarded-For: 127.0.0.1" \
  -p http://proxy:8080

# Rate limiting friendly
feroxbuster -u http://target.com -w wordlist.txt \
  -t 20 \
  --timeout 20 \
  -r

---

Last updated: 2025-03-30 | feroxbuster GitHub