Feroxbuster

Fast content discovery tool written in Rust for directory and file brute-forcing

Recon & OSINT11 commands

#content#discovery#rust#bruteforce#directory

Installation

1Install via cargo

2Download from releases

3Verify installation

# Using Cargo
cargo install feroxbuster

# Download from releases
# Visit https://github.com/epi052/feroxbuster/releases

# Verify
feroxbuster --version

Basic Usage

Fast recursive content discovery with wildcard detection and filtering

# Basic directory scan
feroxbuster -u https://example.com -w wordlist.txt

# Recursive scan with depth
feroxbuster -u https://example.com -w wordlist.txt -d 3

# Filter by status code
feroxbuster -u https://example.com -w wordlist.txt --filter-status 404

# Scan with extensions
feroxbuster -u https://example.com -w wordlist.txt -x php,asp,html

# Rate limiting
feroxbuster -u https://example.com -w wordlist.txt --rate-limit 60

# Thread count
feroxbuster -u https://example.com -w wordlist.txt -t 50

# Quiet mode with JSON output
feroxbuster -u https://example.com -w wordlist.txt --json -q

# Wildcard detection
feroxbuster -u https://example.com -w wordlist.txt --auto-tune

Command Reference

11 commands

1Target URL

-u

2Wordlist file

-w

3Recursion depth

-d

4File extensions to scan

-x

5Number of threads

-t

6Filter response status codes

--filter-status

7Filter response sizes

--filter-size

8Requests per second

--rate-limit

9JSON output

--json

10Auto-detect and handle wildcards

--auto-tune

11Quiet mode

-q

When to Use

Directory and file brute-forcing on web applications

Discovering hidden endpoints and admin panels

Recursive content discovery with depth control

Filtering out false positives from wildcard responses

API endpoint discovery with extension filtering

Notes & Tips

Written in Rust for exceptional speed

Automatic wildcard detection reduces false positives

Supports recursive scanning with configurable depth

JSON output for integration with other tools

Common Errors & Solutions

Too many false positives

Use --auto-tune for wildcard detection or filter by response size

Rate limited by server

Reduce rate-limit and thread count with --rate-limit and -t

# Basic directory scan feroxbuster -u https://example.com -w wordlist.txt # Recursive scan with depth feroxbuster -u https://example.com -w wordlist.txt -d 3 # Filter by status code feroxbuster -u https://example.com -w wordlist.txt --filter-status 404 # Scan with extensions feroxbuster -u https://example.com -w wordlist.txt -x php,asp,html # Rate limiting feroxbuster -u https://example.com -w wordlist.txt --rate-limit 60 # Thread count feroxbuster -u https://example.com -w wordlist.txt -t 50 # Quiet mode with JSON output feroxbuster -u https://example.com -w wordlist.txt --json -q # Wildcard detection feroxbuster -u https://example.com -w wordlist.txt --auto-tune