CLI Web Discovery Alternative to Dirb, Dirsearch, Etc

This tool was mentioned as I surfed infosec twitter and I found it to be interesting. Definitely have some more testing to do with it but I’m always open to new alternatives especially if they’re written in different languages. (This one is written in Rust)

Web Discovery is arguably the first step in every web application penetration test or bug bounty. Finding files/functionality that is accessible but maybe not linked is vital and can lead to some great findings.

Personally I enjoy dirsearch, dirb, wfuzz, ffuf, bfac and more but I thought I’d add this one as well.

It’s called FeroxBuster and can be found HERE

For Kali boxes just use:

sudo apt update && sudo apt install -y feroxbuster

For OSX boxes:

curl -sL https://raw.githubusercontent.com/epi052/feroxbuster/master/install-nix.sh | bash

More install directions can found HERE

To run it simply:

feroxbuster -u http://127.1 -x pdf -x js,html -x php txt json,docx

For more examples of usage look HERE

END TRANSMISSION

Leave a Reply