Discover Hidden Directories and Files with Feroxbuster: The Ultimate Web Enumeration Tool [Cheat Sheet]

2 min readMar 17, 2023

Feroxbuster is a powerful and efficient web directory and file enumeration tool that is designed to help security testers and web developers discover hidden directories and files on web servers. It is written in Rust programming language, which makes it fast and efficient. Feroxbuster uses various techniques to find files and directories, including brute-forcing, recursive crawling, and wordlist-based discovery. It also allows users to specify various options, such as the number of threads, wordlists, user agents, cookies, and more. Overall, Feroxbuster is a highly recommended tool for anyone who needs to perform web directory and file enumeration tasks.

Cheat sheet:

Basic Usage:

feroxbuster -u <url>

Specify wordlist:

feroxbuster -u <url> -w <wordlist>

Choose the number of threads:

feroxbuster -u <url> -t <number_of_threads>

Specify the user agent:

feroxbuster -u <url> -H "User-Agent: <user_agent>"

Use cookies:

feroxbuster -u <url> -C <cookie>

Follow redirects:

feroxbuster -u <url> -r

Custom status code filter:

feroxbuster -u <url> --filter-status <status_code>

Verbose output:

feroxbuster -u <url> -v

Use SSL verification:

feroxbuster -u <url> --insecure

Set a timeout:

feroxbuster -u <url> --timeout <timeout_in_seconds>

Note: <url> refers to the URL you want to scan, <wordlist> refers to the path of the wordlist you want to use, and <number_of_threads> refers to the number of threads you want to use for scanning.

Discover Hidden Directories and Files with Feroxbuster: The Ultimate Web Enumeration Tool [Cheat Sheet]

Cheat sheet:

Conclusion

Written by Cuncis