Search the Community
Showing results for tags 'feroxbuster'.
-
What the heck is a ferox anyway? Ferox is short for Ferric Oxide. Ferric Oxide, simply put, is rust. The name rustbuster was taken, so I decided on a variation. What’s it do tho? feroxbuster is a tool designed to perform Forced Browsing. Forced browsing is an attack where the aim is to enumerate and access resources that are not referenced by the web application but are still accessible by an attacker. feroxbuster uses brute force combined with a wordlist to search for unlinked content in target directories. These resources may store sensitive information about web applications and operational systems, such as source code, credentials, internal network address, etc… This attack is also known as Predictable Resource Location, File Enumeration, Directory Enumeration, and Resource Enumeration. Changelog v2.9.2 changed default value for --extract-links to true => added --dont-extract-links to turn off the new default behavior by @epi052 in #834 can load a wordlist from its url over http/https by @epi052 in #834 updated README with alternative installation methods for brew and chocolatey by @aancw in #824 fixed divide by zero error by @epi052 in #834 added check for forced recursion when directory listing detected by @epi052 in #834 [hide][Hidden Content]]
-
- 1
-
- feroxbuster
- v2.9.2
- (and 8 more)
-
What the heck is a ferox anyway? Ferox is short for Ferric Oxide. Ferric Oxide, simply put, is rust. The name rustbuster was taken, so I decided on a variation. What’s it do tho? feroxbuster is a tool designed to perform Forced Browsing. Forced browsing is an attack where the aim is to enumerate and access resources that are not referenced by the web application but are still accessible by an attacker. feroxbuster uses brute force combined with a wordlist to search for unlinked content in target directories. These resources may store sensitive information about web applications and operational systems, such as source code, credentials, internal network address, etc… This attack is also known as Predictable Resource Location, File Enumeration, Directory Enumeration, and Resource Enumeration. Comparison w/ Similar Tools There are quite a few similar tools for forced browsing/content discovery. Burp Suite Pro, Dirb, Dirbuster, etc… However, in my opinion, there are two that set the standard: gobuster and ffuf. Both are mature, feature-rich, and all-around incredible tools to use. So, why would you ever want to use feroxbuster over ffuf/gobuster? In most cases, you probably won’t. ffuf in particular can do the vast majority of things that feroxbuster can, while still offering boatloads more functionality. Here are a few of the use-cases in which feroxbuster may be a better fit: You want a simple tool usage experience You want to be able to run your content discovery as part of some crazy 12 command unix pipeline extravaganza You want to scan through a SOCKS proxy You want auto-filtering of Wildcard responses by default You want recursion along with some other thing mentioned above (ffuf also does recursion) You want a configuration file option for overriding built-in default values for your scans [hide][Hidden Content]]
-
- 1
-
- feroxbuster
- v1.0.3
- (and 8 more)