CyberCheatsheets

Feroxbuster Cheat Sheet

Recursive content discovery tool with smart filtering, backups, and automatic extraction of new URLs.

Scanning & Enumerationdirectory-bruteforcerecursiverustwebUpdated 2026-06-02

Overview

Feroxbuster recursively brute-forces web directories and files, optionally scraping new links from responses. It auto-filters common false positives and supports proxying, status filtering, and parallel scans—ideal for deep content discovery.

Authorized testing only. Recursive scans multiply request volume. Set depth limits and rates on production targets.

Install

sudo apt install -y feroxbuster

or

curl -sL https://raw.githubusercontent.com/epi052/feroxbuster/master/install-nix.sh | bash
feroxbuster --version

Essential commands

Basic recursive scan

feroxbuster -u https://target.example.com -w /usr/share/seclists/Discovery/Web-Content/common.txt

Non-recursive, quiet URLs only

feroxbuster -u https://target.example.com -w common.txt --depth 1 -s 200,301,302 -q

With extensions

feroxbuster -u https://target.example.com -w common.txt -x php,html,js,txt

Common workflows

Throttled production-safe —

feroxbuster -u https://target.example.com -w medium.txt -t 10 --rate-limit 20 -C 404,403

Burp proxy and custom headers —

feroxbuster -u https://target.example.com -w common.txt -p http://127.0.0.1:8080
-H "Cookie: session=abc" --insecure

Auto-tune and extract links —

feroxbuster -u https://target.example.com -w common.txt --auto-tune --extract-links

Multiple targets —

feroxbuster --stdin < urls.txt -w common.txt -o ferox_results.txt

Flags reference

-u

Target URL

-w

Wordlist path

-x

Comma-separated extensions

-t

Threads

--rate-limit

Max requests per second

-d / --depth

Recursion depth

-s

Status codes to include

-C

Status codes to exclude

-S

Filter by response size

-p

Proxy

-H

Custom header

-o

Output file

-q

Quiet (URLs only)

--insecure

Disable TLS verification

--auto-tune

Adjust threads by error rate

Tips

  • Use --dont-filter when legitimate 404s match wildcard pages—otherwise false negatives occur.
  • Combine with Katana/GAU for wordlist seeding before feroxbuster.
  • Save -o early; recursive runs are long-running.
  • Compare results with ffuf for single-depth parameter fuzzing.

References

Aide-mémoires similaires