Name:feroxbuster
Category:Discovery
Publisher:trickest-mhmdiaa
Created:9/7/2022
Container:quay.io/trickest/feroxbuster:v2.11.0
Output Type:
License:Unknown

Parameters

data
file
--dataRequest's Body - The file name starts with an `@` (ex: @post.bin)
json
boolean
required
--jsonEmit JSON logs to output instead of normal text
depth
string
--depthMaximum recursion depth, a depth of 0 is infinite recursion (default: 4)
proxy
string
--proxyProxy to use for requests (ex: http(s)://host:port, socks5(h)://host:port)
query
string
--queryRequest's URL query parameters (ex: token=stuff)
quiet
boolean
--quietHide progress bars and banner
smart
boolean
--smartSet --extract-links, --auto-tune, --collect-words, and --collect-backups to true
silent
boolean
--silentOnly print URLs
cookies
string
--cookiesSpecify HTTP cookies to be used in each request (ex: stuff=things)
headers
string
--headersSpecify HTTP headers to be used in each request (ex: Header:val)
methods
string
--methodsWhich HTTP request method(s) should be sent (default: GET)
threads
string
--threadsNumber of concurrent threads (default: 50)
timeout
string
--timeoutNumber of seconds before a client's request times out (default: 7)
insecure
boolean
--insecureDisables TLS certificate validation in the client
no-state
boolean
--no-stateDisable state output file (*.state)
parallel
string
--parallelRun parallel feroxbuster instances
protocol
string
--protocolSpecify the protocol to use when targeting via --request-file or --url with domain only (default: https)
thorough
boolean
--thoroughUse the same settings as --smart and set --collect-extensions and --scan-dir-listings to true
url-list
file
required
List of target URLs
wordlist
file
required
--wordlistWordlist
add-slash
boolean
--add-slashAppend / to each request's URL
auto-bail
boolean
--auto-bailAutomatically stop scanning when an excessive amount of errors are encountered
auto-tune
boolean
--auto-tuneAutomatically lower scan rate when an excessive amount of errors are encountered
dont-scan
string
--dont-scanURL(s) or Regex Pattern(s) to exclude from recursion/scans
redirects
boolean
--redirectsAllow client to follow redirects
verbosity
string
Increase verbosity level (use -vv or more for greater effect. [CAUTION] 4 v's is probably too much)
client-key
file
--client-keyAdd a PEM encoded private key for mutual authentication (mTLS)
extensions
string
--extensionsFile extension(s) to search for (ex: php pdf js)
limit-bars
string
--limit-barsNumber of directory scan bars to show at any given time (default: no limit)
rate-limit
boolean
--rate-limitLimit number of requests per second (per directory) (default: 0, i.e. no limit)
scan-limit
string
--scan-limitLimit total number of concurrent scans (default: 0, i.e. no limit)
time-limit
string
--time-limitLimit total run time of all scans (ex: --time-limit 10m)
user-agent
string
--user-agentSets the User-Agent (default: feroxbuster/2.7.1)
client-cert
file
--client-certAdd a PEM encoded certificate for mutual authentication (mTLS)
dont-filter
boolean
--dont-filterDon't auto-filter wildcard responses
filter-size
string
--filter-sizeFilter out messages of a particular size (ex: 4927,1970)
resume-from
file
--resume-fromState file from which to resume a partially complete scan (ex. --resume-from ferox-1606586780.state)
dont-collect
string
--dont-collectFile extension(s) to Ignore while collecting extensions (only used with `collect-extensions`)
filter-lines
string
--filter-linesFilter out messages of a particular line count (ex: 31,30)
filter-regex
string
--filter-regexFilter out messages via regular expression matching on the response's body/headers (ex: -X '^ignore me$')
filter-words
string
--filter-wordsFilter out messages of a particular word count (ex: 91,82)
no-recursion
boolean
--no-recursionDo not scan recursively
random-agent
boolean
--random-agentUse a random User-Agent
replay-codes
string
--replay-codesStatus Codes to send through a Replay Proxy when found (default: --status-codes value)
replay-proxy
string
--replay-proxySend only unfiltered requests through a Replay Proxy, instead of all requests
request-file
file
--request-fileRaw HTTP request file to use as a template for all requests
server-certs
file
--server-certsAdd custom root certificate(s) for servers with unknown certificates
status-codes
string
--status-codesStatus Codes to include (allow list) (default: 200 204 301 302 307 308 401 403 405)
collect-words
boolean
--collect-wordsAutomatically discover important words from within responses and add them to the wordlist
filter-status
string
--filter-statusFilter out status codes (deny list) (ex: 401)
collect-backups
string
--collect-backupsAutomatically request likely backup extensions for found urls (default: ~, .bak, .bak2, .old, .1)
force-recursion
boolean
--force-recursionForce recursion attempts on all 'found' endpoints (still respects recursion depth)
filter-similar-to
string
--filter-similar-toFilter out pages that are similar to the given page (ex: http://site.xyz/soft404)
scan-dir-listings
boolean
--scan-dir-listingsForce scans to recurse into directory listings (default: false)
collect-extensions
boolean
--collect-extensionsAutomatically discover extensions and add them to --extensions (unless they're in `dont-collect`)
dont-extract-links
boolean
--dont-extract-linksDon't extract links from response body (html, javascript, etc...