feroxbuster - new forced browsing/directory busting tool

Good morning all!

I recently released my new project, feroxbuster!

feroxbuster is a forced browsing tool akin to gobuster/ffuf. It’s written in Rust using async/await for concurrency. Notable differences are SOCKS support, works in a command pipeline (targets in, discovered files/folders out), has recursion and auto-filtered wildcards turned on by default, and is incredibly configurable (global, per-user, per-target).

Builds are available for linux, mac, and windows. There’s also a .deb installer with a .rpm in the works. Pre-built binaries are available on the releases page of the repo.

I’m looking forward to any/all feedback you may have, enjoy!

Looks interesting, how fast does it run?

If you set the concurrency level equal across gobuster/ffuf/feroxbuster, they’re all roughly equivalent.

In short, it’s fast, lol.

Type your comment> @epi said:

If you set the concurrency level equal across gobuster/ffuf/feroxbuster, they’re all roughly equivalent.

In short, it’s fast, lol.

Cool cool. In all honesty, I still use dirbuster *gasp* yea yea i know its slow asf but the file tree display is really convenient and clicking the files opens a browser page to them. I know I should switch to something that actually works faster than a turtle but I never have. Might give this project a shot, seems really nice. If you were to include a file tree like dirbuster I would absolutely switch and never look back :lol:

haha, no shame in using dirbuster, that was the first tool i used for this type of scan!

I don’t have any plans for a file tree at the moment. However, in all the terminals I use, you can click the URL and it’ll open a browser pointing directly at that page.

Also, if you use the -o|--output option, the final output is sorted by directory, so that may be an option that fits your workflow as well. It’s not visually a tree, but is still structured.

@epi said:
haha, no shame in using dirbuster, that was the first tool i used for this type of scan!

I don’t have any plans for a file tree at the moment. However, in all the terminals I use, you can click the URL and it’ll open a browser pointing directly at that page.

Also, if you use the -o|--output option, the final output is sorted by directory, so that may be an option that fits your workflow as well. It’s not visually a tree, but is still structured.

Oh sick yea I’ll check this out

Just installed, will test out on Reel2 after I finish the box I’m on
Looks good so far

Awesome! I’d love to hear what you think once you give it a try

Type your comment> @epi said:

Good morning all!

I recently released my new project, feroxbuster!

feroxbuster is a forced browsing tool akin to gobuster/ffuf. It’s written in Rust using async/await for concurrency. Notable differences are SOCKS support, works in a command pipeline (targets in, discovered files/folders out), has recursion and auto-filtered wildcards turned on by default, and is incredibly configurable (global, per-user, per-target).

Builds are available for linux, mac, and windows. There’s also a .deb installer with a .rpm in the works. Pre-built binaries are available on the releases page of the repo.

I’m looking forward to any/all feedback you may have, enjoy!

GitHub - epi052/feroxbuster: A fast, simple, recursive content discovery tool written in Rust.</ti

Installed and up and running (super easy and nice instructions on your site) :slight_smile:
It’s super fast mate, very cool and i like the interface of collating your results at the bottom.

Haven’t tried file types yet (will soon)
Was going to suggest support for SSL but you had already covered that with the -k switch :slight_smile:

Currently at school so I won’t be able to try it out right now, but from first impressions from the GitHub repository, it looks absolutely AMAZING! The output is also super fancy :stuck_out_tongue: I’ll let you know more when I come home.

Thank you both!

@acidbat said:
Was going to suggest support for SSL but you had already covered that with the -k switch :slight_smile:

By default it will reject insecure connections. The -k|--insecure option is there for when you want to suppress that behavior. This should feel very similar to gobuster/curl/etc…

I tried to keep the options/args as close to what other popular tools already used, for familiarity.

Thanks again for taking the time to check it out!

Type your comment> @sparkla said:

… gobusters disability to deal with recursion and extensions properly forced me to juggle with different programs, lists and extensions. …

I’m not certain you won’t run into the same problem here. However, if you do, open up an issue describing what currently happens and what you’d like to happen instead. We can discuss whether adjusting the tool’s behavior makes sense or not. Thank you!

Type your comment> @sparkla said:

Hey man, first time checking out your great tool tonight, but I get a ton of errors:

ERR 4.010 Error while making request: error sending request for url (https://europacorp.htb/144941): error trying to connect: dns error: No file descriptors available (os error 24)

Maybe related:
dns.lookup() documentation error code · Issue #27604 · nodejs/node · GitHub

Would be great if you could take a look for a quick fix, maybe just suppress that message, idk.

Looking forward to make this my go-to buster :slight_smile:

Thanks for checking it out! Can you try rescanning with a lower concurrency level and see if you get the same error? Also, what kind of box are you using to scan?

./feroxbuster -t 25 ...

Also, @sparkla can you run the following command and paste the results?

ulimit -a

Im wondering if your limit on open files is low. I can look later once I’m home what kali uses

yea, on my kali install, i see the following

ulimit -n 
---------
1024

I’d recommend upping the limit for open files to w/e you’re comfortable with given your specs by adding the entry below.

/etc/security/limits.conf
-------------------------
...
*               soft    nofile            8192
...

@sparkla

a quick answer to #2:

You can use the ferox-config.toml to specify a default set of extensions, if that’s your preference.

~/.config/feroxbuster/ferox-config.toml
---------------------------------------

extensions = ["php", "html", "js"]

I understand it’s not exactly what you asked for, but it might be good enough for now.

Also, if you want different default extensions based on what you’re scanning, you can drop a config file in a directory and scan from there for it to take effect. ferox-config.toml docs

~/targets/linux-targets/ferox-config.toml
---------------------------------------------

extensions = ["php", "html", "js"]
~/targets/windows-targets/ferox-config.toml
-----------------------------------------------

extensions = ["asp", "aspx"]

number 1 is a quick fix, I’ll add an issue today/tomorrow to track it.

I’m considering adding an issue that sets the open file limit on the user’s behalf if it’s too low.

number 3 would require some tinkering, but i’ll add it and see what it would take to accomplish.

Thanks for your feedback, i really appreciate it!

number 1 is fixed, just need to upload new build version

Type your comment> @sparkla said:

You seem do have dealt a lot with dirbusting, I waste so much time there sometimes, trying to figure the right wordlist / extension combo. After busting like 24h on the same box again, I thought like “why now make an uber wordlist that contains it all”? I think it wouldn’t be much longer than dir-2.3-big, that’s one of the longest and last time I checked these wordlists have quite a few common entries. What’s your opinion about this? No I’m not suggesting to build the wordlist into your tool…

I suppose it depends on the target. For bugbounty, I use a relatively small list in addition to crawling and some other strategies. Essentially, I don’t solely rely on dir busting, so the time spent using a huge wordlist doesn’t really fit with my workflow.

For a CTF/HTB though, I think grabbing the top 5-10 most common wordlists and cat’ing/uniq’ing them in order to get past the ‘guess the wordlist’ boxes might be ok.

Along these lines, I’m currently working on a feature that extracts links from the body of valid responses. You can check it out here if you’re interested. It should definitely increase coverage, as your wordlist will find unlinked content while the --extract-links option will find linked content.

But about ferox again: You mentioned config files, could you imagine to have config files that allow for different rules, lists and extensions for subdirs? Like, map out the subdirs in a first run an then like “in /JavaScript/ only search for .js extension”…

A friend of mine and I have talked about something very similar, though I see it as more of a companion tool instead of functionality included in feroxbuster.

If you guys want to be able to use it from any directory I have found the line of code for that. “sudo cp feroxbuster /usr/local/bin/feroxbuster” ; That will move feroxbust to your bin so you can just put feroxbuster into the command promt and it pop up instead of finding it on your computer.