Linux command
feroxbuster 命令
网络
复制后可按需替换文件名、目录或参数。
常用示例
Scan a URL
feroxbuster --url [https://example.com]
Use a custom wordlist
feroxbuster --url [https://example.com] --wordlist [path/to/wordlist.txt]
Scan with specific extensions
feroxbuster --url [https://example.com] --extensions [php,html,txt]
Scan recursively
feroxbuster --url [https://example.com] --depth [3]
Scan with multiple threads
feroxbuster --url [https://example.com] --threads [100]
Filter out specific status codes
feroxbuster --url [https://example.com] --filter-status [404,403]
Output results to a file
feroxbuster --url [https://example.com] --output [results.txt]
Scan through a proxy
feroxbuster --url [https://example.com] --proxy [http://127.0.0.1:8080]
说明
feroxbuster is a fast, recursive content discovery tool written in Rust. It brute-forces directories and files on web servers by sending HTTP requests from a wordlist, identifying hidden resources through response analysis. Speed is a key feature: Rust's performance combined with asynchronous requests enables scanning thousands of paths per second. The tool supports recursive scanning, automatically continuing into discovered directories up to a configurable depth. Advanced filtering options reduce false positives by hiding responses based on status code, response size, word count, line count, or regex patterns. This helps when servers return generic pages for non-existent paths. The interactive mode provides real-time statistics and allows pausing, resuming, adding new URLs, and adjusting settings during the scan. Results are color-coded by status code for quick interpretation. Feroxbuster integrates with tools like Burp Suite via proxy support and can save state to resume interrupted scans. Output formats include plain text, JSON, and formats compatible with other security tools.
参数
- -u, --url _url_
- Target URL to scan.
- -w, --wordlist _file_
- Wordlist to use (default: built-in seclists).
- -x, --extensions _ext_
- File extensions to check (comma-separated).
- -t, --threads _n_
- Number of concurrent threads (default: 50).
- -d, --depth _n_
- Maximum recursion depth (default: 4, 0 for infinite).
- -o, --output _file_
- Output file for results.
- -n, --no-recursion
- Disable recursive scanning.
- -f, --add-slash
- Append / to each request.
- -C, --filter-status _codes_
- Filter out specific HTTP status codes.
- -S, --filter-size _size_
- Filter out responses of specific size.
- -W, --filter-words _count_
- Filter out responses with specific word count.
- -L, --filter-lines _count_
- Filter out responses with specific line count.
- --proxy _url_
- Proxy to use for requests.
- -H, --headers _header_
- Custom headers (can be used multiple times).
- -k, --insecure
- Disable TLS certificate verification.
- -q, --quiet
- Minimal output.
- --json
- Output in JSON format.
FAQ
What is the feroxbuster command used for?
feroxbuster is a fast, recursive content discovery tool written in Rust. It brute-forces directories and files on web servers by sending HTTP requests from a wordlist, identifying hidden resources through response analysis. Speed is a key feature: Rust's performance combined with asynchronous requests enables scanning thousands of paths per second. The tool supports recursive scanning, automatically continuing into discovered directories up to a configurable depth. Advanced filtering options reduce false positives by hiding responses based on status code, response size, word count, line count, or regex patterns. This helps when servers return generic pages for non-existent paths. The interactive mode provides real-time statistics and allows pausing, resuming, adding new URLs, and adjusting settings during the scan. Results are color-coded by status code for quick interpretation. Feroxbuster integrates with tools like Burp Suite via proxy support and can save state to resume interrupted scans. Output formats include plain text, JSON, and formats compatible with other security tools.
How do I run a basic feroxbuster example?
Run `feroxbuster --url [https://example.com]` in a terminal, then adjust file names, paths, flags, or remote targets for your system.
What does -u, --url _url_ do in feroxbuster?
Target URL to scan.