Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/epi052/feroxbuster

A fast, simple, recursive content discovery tool written in Rust.
https://github.com/epi052/feroxbuster

content-discovery enumeration hacktoberfest pentest pentesting-tool rust url-bruteforcer web

Last synced: 6 days ago
JSON representation

A fast, simple, recursive content discovery tool written in Rust.

Host: GitHub
URL: https://github.com/epi052/feroxbuster
Owner: epi052
License: mit
Created: 2020-08-22T15:36:19.000Z (about 4 years ago)
Default Branch: main
Last Pushed: 2024-09-15T11:36:18.000Z (about 2 months ago)
Last Synced: 2024-10-14T20:24:08.818Z (20 days ago)
Topics: content-discovery, enumeration, hacktoberfest, pentest, pentesting-tool, rust, url-bruteforcer, web
Language: Rust
Homepage: https://epi052.github.io/feroxbuster/
Size: 22.2 MB
Stars: 5,873
Watchers: 52
Forks: 498
Open Issues: 36
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- Funding: .github/FUNDING.yml
- License: LICENSE

Awesome Lists containing this project

awesome-rust-security - feroxbuster - fast, simple and recursive content discovery tool (Web and Cloud Security / Pentesting)
awesome-offensive-rust - Feroxbuster - A fast, simple, recursive content discovery tool written in Rust. (Projects)
awesome-bugbounty-tools - feroxbuster - A fast, simple, recursive content discovery tool written in Rust. (Recon / Content Discovery)
awesome-rust - epi052/feroxbuster - A simple, fast, recursive content discovery tool. (Applications / Security tools)
awesome-rust-cn - epi052/feroxbuster - 一个用Rust编写的简单、快速、递归的内容发现工具( (应用程序 Applications / 安全工具 Security tools)
WebHackersWeapons - feroxbuster
awesome-rust - epi052/feroxbuster - A simple, fast, recursive content discovery tool. (Applications / Security tools)
awesome-hacking-lists - epi052/feroxbuster - A fast, simple, recursive content discovery tool written in Rust. (Rust)
StarryDivineSky - epi052/feroxbuster
fucking-awesome-rust - epi052/feroxbuster - A simple, fast, recursive content discovery tool. (Applications / Security tools)
fucking-awesome-rust - epi052/feroxbuster - A simple, fast, recursive content discovery tool. (Applications / Security tools)

README

A simple, fast, recursive content discovery tool written in Rust

![demo](img/demo.gif)

🦀
Releases ✨
Example Usage ✨
Contributing ✨
Documentation
🦀

---

✨🎉👉 NEW DOCUMENTATION SITE 👈🎉✨

## 🚀 Documentation has **moved** 🚀

Instead of having a 1300 line `README.md` (sorry...), feroxbuster's documentation has moved to GitHub Pages. The move to hosting documentation on Pages should make it a LOT easier to find the information you're looking for, whatever that may be. Please check it out for anything you need beyond a quick-start. The new documentation can be found [here](https://epi052.github.io/feroxbuster-docs/docs/).

## 😕 What the heck is a ferox anyway?

Ferox is short for Ferric Oxide. Ferric Oxide, simply put, is rust. The name rustbuster was taken, so I decided on a
variation. 🤷

## 🤔 What's it do tho?

`feroxbuster` is a tool designed to perform [Forced Browsing](https://owasp.org/www-community/attacks/Forced_browsing).

Forced browsing is an attack where the aim is to enumerate and access resources that are not referenced by the web
application, but are still accessible by an attacker.

`feroxbuster` uses brute force combined with a wordlist to search for unlinked content in target directories. These
resources may store sensitive information about web applications and operational systems, such as source code,
credentials, internal network addressing, etc...

This attack is also known as Predictable Resource Location, File Enumeration, Directory Enumeration, and Resource
Enumeration.

## ⏳ Quick Start

This section will cover the minimum amount of information to get up and running with feroxbuster. Please refer the the [documentation](https://epi052.github.io/feroxbuster-docs/docs/), as it's much more comprehensive.

### 💿 Installation

There are quite a few other [installation methods](https://epi052.github.io/feroxbuster-docs/docs/installation/), but these snippets should cover the majority of users.

#### Kali

If you're using kali, this is the preferred install method. Installing from the repos adds a [**ferox-config.toml**](https://epi052.github.io/feroxbuster-docs/docs/configuration/ferox-config-toml/) in `/etc/feroxbuster/`, adds command completion for bash, fish, and zsh, includes a man page entry, and installs `feroxbuster` itself.

```
sudo apt update && sudo apt install -y feroxbuster
```

#### Linux (32 and 64-bit) & MacOS

Install to a particular directory
```
curl -sL https://raw.githubusercontent.com/epi052/feroxbuster/main/install-nix.sh | bash -s $HOME/.local/bin
```

Install to current working directory
```
curl -sL https://raw.githubusercontent.com/epi052/feroxbuster/main/install-nix.sh | bash
```

#### MacOS via Homebrew

```
brew install feroxbuster
```

#### Windows x86_64

```
Invoke-WebRequest https://github.com/epi052/feroxbuster/releases/latest/download/x86_64-windows-feroxbuster.exe.zip -OutFile feroxbuster.zip
Expand-Archive .\feroxbuster.zip
.\feroxbuster\feroxbuster.exe -V
```

#### Windows via Winget

```
winget install epi052.feroxbuster
```

#### Windows via Chocolatey

```
choco install feroxbuster
```

#### All others

Please refer the the [documentation](https://epi052.github.io/feroxbuster-docs/docs/).

### Updating feroxbuster (new in v2.9.1)

```
./feroxbuster --update
```

## 🧰 Example Usage

Here are a few brief examples to get you started. Please note, feroxbuster can do a **lot more** than what's listed below. As a result, there are **many more** examples, with **demonstration gifs** that highlight specific features, in the [documentation](https://epi052.github.io/feroxbuster-docs/docs/).

### Multiple Values

Options that take multiple values are very flexible. Consider the following ways of specifying extensions:

```
./feroxbuster -u http://127.1 -x pdf -x js,html -x php txt json,docx
```

The command above adds .pdf, .js, .html, .php, .txt, .json, and .docx to each url

All of the methods above (multiple flags, space separated, comma separated, etc...) are valid and interchangeable. The
same goes for urls, headers, status codes, queries, and size filters.

### Include Headers

```
./feroxbuster -u http://127.1 -H Accept:application/json "Authorization: Bearer {token}"
```

### IPv6, non-recursive scan with INFO-level logging enabled

```
./feroxbuster -u http://[::1] --no-recursion -vv
```

### Read urls from STDIN; pipe only resulting urls out to another tool

```
cat targets | ./feroxbuster --stdin --silent -s 200 301 302 --redirects -x js | fff -s 200 -o js-files
```

### Proxy traffic through Burp

```
./feroxbuster -u http://127.1 --insecure --proxy http://127.0.0.1:8080
```

### Proxy traffic through a SOCKS proxy (including DNS lookups)

```
./feroxbuster -u http://127.1 --proxy socks5h://127.0.0.1:9050
```

### Pass auth token via query parameter

```
./feroxbuster -u http://127.1 --query token=0123456789ABCDEF
```

## 🚀 Documentation has **moved** 🚀

For realsies, there used to be over 1300 lines in this README, but it's all been moved to the [new documentation site](https://epi052.github.io/feroxbuster-docs/docs/). Go check it out!

✨🎉👉 DOCUMENTATION 👈🎉✨

## Contributors ✨

Thanks goes to these wonderful people ([emoji key](https://allcontributors.org/docs/en/emoji-key)):

_{Joona Hoikkala}
📖

_{J Savage}
🚇 📖

_{Thomas Gotwig}
🚇 📖

_Spike
🚇 📖

_{Evan Richter}
💻 📖

_AG
🤔 📖

_{Nicolas Thumann}
💻 📖

_{Tom Matthews}
📖

_bsysop
📖

_{Brian Sizemore}
💻

_{Alexandre ZANNI}
🚇 📖

_Craig
🚇

_EONRaider
🚇

_wtwver
🚇

_Tib3rius
🐛 🤔

_0xdf
🐛

_secure-77
🐛

_{Sophie Brun}
🚇

_black-A
🤔

_{Nicolas Krassas}
🤔

_N0ur5
🤔 🐛

_mchill
🐛

_Naman
🐛

_{Ayoub Elaich}
🐛

_Henry
🐛

_SleepiPanda
🐛

_{Bad Requests}
🐛

_{Dominik Nakamura}
🚇

_{Muhammad Ahsan}
🐛

_cortantief
🐛 💻

_{Daniel Saxton}
🤔 💻

_n0kovo
🤔 🐛

_{Justin Steven}
🤔

_7047payloads
💻

_{unkn0wnsyst3m}
🤔

_0x08
🤔

_kusok
🤔 💻

_godylockz
🤔 💻

_{Ryan Montgomery}
🤔

_ippsec
🤔

_James
🐛

_{Jason Haddix}
🤔 🐛

_Limn0
🐛

_0xdf
🐛 🤔

_Flangyver
🤔

_PeakyBlinder
🤔

_Postmodern
🤔

_O
💻

_{John-John Tedro}
💻

_kmanc
🐛 💻

_hakdogpinas
🤔

_多可悲
 🤔

_{Aidan Hall}
💻 🚇

_{João Ciocca}
🐛 🤔

_f3rn0s
🐛

_LongCat
🤔

_xaeroborg
🤔

_Luoooio
🤔

_Aan
💻 🚇 🤔

_Simon
🐛

_{Nicolas Christin}
🐛

_DrDv
🐛

_{Antoine Roly}
🤔

_{Himadri Bhattacharjee}
💻 🤔

_{Samy Lahfa}
🤔

_sectroyer
🐛 🤔

_ktecv2000
🐛

_{Andrea De Murtas}
💻

_sawmj
🐛

_{Zach Hanson}
🐛

_{Olivier Cervello}
🤔

_RavySena
🤔

_{Florian Stuhlmann}
🐛

_Mister7F
🤔

_manugramm
🐛

_ArthurMuraro
🐛

_Shadow
🐛

_dirhamgithub
🐛

_FieldOfRice
🚇

_Matt
🤔

_{Sam Leonard}
💻

_Rewinter
🤔

_deadloot
🤔

_Spidle
🤔

_{Julián Gómez}
🤔 🚇 📖

_Petros
🐛

_Ryan
🚇 📖

_{wikamp-collaborator}
🤔 🚇

_Lino
🐛 🤔

_{Dan Salmon}
🤔

_swordfish0x0
🤔

_{Patrick Klein}
🤔

_Raymond
🤔