Overview
⚠️ Security Notice – Domain Impersonation
Section titled “⚠️ Security Notice – Domain Impersonation”The domain feroxbuster.com is NOT affiliated with this project, its maintainers, or any official feroxbuster releases.
Official feroxbuster downloads are distributed ONLY through:
- https://github.com/epi052/feroxbuster
- package repositories listed in this README
- package repositories listed in the installation docs
We do not distribute software from feroxbuster.com, and we cannot vouch for the authenticity or safety of files hosted there.
If you downloaded feroxbuster from any other domain, we strongly recommend deleting it and reinstalling from an official source.
What the heck is a ferox anyway?
Section titled “What the heck is a ferox anyway?”Ferox is short for Ferric Oxide. Ferric Oxide, simply put, is rust. The name rustbuster was taken, so I decided on a variation.
What’s it do tho?
Section titled “What’s it do tho?”feroxbuster is a tool designed to perform Forced Browsing.
Forced browsing is an attack where the aim is to enumerate and access resources that are not referenced by the web application, but are still accessible by an attacker.
feroxbuster uses brute force combined with a wordlist to search for unlinked content in target directories. These resources may store sensitive information about web applications and operational systems, such as source code, credentials, internal network addressing, etc…
This attack is also known as Predictable Resource Location, File Enumeration, Directory Enumeration, and Resource Enumeration.
Quick Demo
Section titled “Quick Demo”
Where to next?
Section titled “Where to next?”- Installation: Make with the scanning already
- Configuration: Learn about the different tweaks you can make to your scans
- Interpreting Results: Learn how to interpret the results displayed by feroxbuster
- Examples: See examples and demos of feroxbuster’s available features
- Frequently Asked Questions: Get answers to common questions and issues