Feroxbuster — Fast Recursive Content Discovery in Rust

Introduction

Feroxbuster is a content discovery tool that brute-forces hidden resources on web servers using wordlists. Unlike many similar tools, it recursively follows discovered directories automatically, providing deeper coverage of the target application's file structure. Written in Rust, it delivers high performance with low resource usage.

What Feroxbuster Does

• Recursively brute-forces directories and files on web servers
• Automatically follows discovered paths to enumerate nested content
• Filters responses by status code, word count, line count, and response size
• Supports multiple wordlists and file extension combinations in a single scan
• Provides real-time progress updates and interactive scan management

Architecture Overview

Feroxbuster is written in Rust using the tokio async runtime and reqwest HTTP client. The scanning engine maintains a task queue where each discovered directory spawns new scan tasks. A deduplication layer prevents redundant requests, while response filtering runs in parallel to classify results. The architecture enables thousands of concurrent requests with predictable memory usage.

Self-Hosting & Configuration

• Single static binary available for Linux, macOS, and Windows
• Configuration via CLI flags, environment variables, or a ferox-config.toml file
• Default wordlist ships with the binary; custom wordlists can be specified
• Proxy support for routing through Burp Suite or other intercepting proxies
• State files allow saving and resuming interrupted scans

Key Features

• Automatic recursion into discovered directories with configurable depth limits
• Response filtering by status code, word/line/character count, and regex patterns
• Parallel scanning with configurable concurrency and rate limiting
• Interactive scan management with pause, resume, add/remove filters at runtime
• Output in JSON, plain text, or direct piping to other tools

Comparison with Similar Tools

• Gobuster — fast but non-recursive by default; Feroxbuster adds automatic recursion as a core feature
• ffuf — flexible web fuzzer supporting multiple injection points; Feroxbuster is more focused on content discovery
• dirsearch — Python-based with smart wordlists; Feroxbuster is significantly faster in Rust
• dirb — classic C-based scanner; Feroxbuster adds modern concurrency, filtering, and recursion
• Turbo Intruder — Burp extension for high-speed fuzzing; Feroxbuster is a standalone CLI alternative

FAQ

Q: How does recursion work? A: When Feroxbuster discovers a directory (e.g., /admin/), it automatically starts a new scan of that path using the same wordlist, up to the configured depth limit.

Q: Can I pause and resume scans? A: Yes. Press Enter during a scan to access the interactive menu where you can pause, resume, add filters, or cancel specific scan tasks.

Q: Does it support proxying? A: Yes. Use the --proxy flag to route traffic through an HTTP or SOCKS5 proxy, useful for testing through Burp Suite.

Q: How do I reduce false positives? A: Use response filters (--filter-status, --filter-words, --filter-size) and the --dont-scan flag to exclude known non-interesting paths.

Sources

• https://github.com/epi052/feroxbuster
• https://epi052.github.io/feroxbuster-docs/