This tool was mentioned as I surfed infosec twitter and I found it to be interesting. Definitely have some more testing to do with it but I’m always open to new alternatives especially if they’re written in different languages. (This one is written in Rust)
Web Discovery is arguably the first step in every web application penetration test or bug bounty. Finding files/functionality that is accessible but maybe not linked is vital and can lead to some great findings.
Personally I enjoy dirsearch, dirb, wfuzz, ffuf, bfac and more but I thought I’d add this one as well.
It’s called FeroxBuster and can be found HERE
For Kali boxes just use:
sudo apt update && sudo apt install -y feroxbuster
For OSX boxes:
curl -sL https://raw.githubusercontent.com/epi052/feroxbuster/master/install-nix.sh | bash
More install directions can found HERE
To run it simply:
feroxbuster -u http://127.1 -x pdf -x js,html -x php txt json,docx
For more examples of usage look HERE
END TRANSMISSION