Welcome back, tenderfoot hackers! Web content discovery is a crucial phase in web application hacking. The ability to efficiently enumerate directories, files, and endpoints on a web server can uncover hidden attack surfaces—such as admin panels, backup files, and sensitive resources—that aren’t directly linked within the main application. For years, tools like DIRB were the […]
The post Feroxbuster. Is It The Fastest Content Discovery Tool? first appeared on Hackers Arise.
Welcome back, tenderfoot hackers!
Web content discovery is a crucial phase in web application hacking. The ability to efficiently enumerate directories, files, and endpoints on a web server can uncover hidden attack surfaces—such as admin panels, backup files, and sensitive resources—that aren’t directly linked within the main application.
For years, tools like DIRB were the go-to solution. Then came Gobuster, offering better speed and more features. Now, we have Feroxbuster—a high-performance, Rust-based recursive content discovery tool that’s pushing the boundaries even further.
In this tutorial, we’ll explore Feroxbuster and compare it with traditional directory brute-forcing tools to see how it stacks up.
Key Design Philosophy
Feroxbuster was built around several core principles:
- Performance: Utilizing Rust’s speed and concurrent processing capabilities to maximize scanning efficiency
- Simplicity: Providing an intuitive command-line interface that’s easy to use for both beginners and experienced professionals
- Recursion: Automatically discovering and scanning subdirectories without manual intervention
- Intelligence: Implementing smart filtering and response analysis to reduce false positives and noise
- Flexibility: Offering extensive configuration options to adapt to various scanning scenarios and target environments
Step 1: Installation
To install this tool via APT manager, simply use the command:kali> sudo apt install feroxbuster -y
Now we should be able to run this tool. Simply append a -h after the command to display the help screen.
Step 2: Basic Directory Brute-forcing
To run a default scan on a target URL we need need simply use -u flag:kali> feroxbuster -u http://example.com
Feroxbuster will, by default, load the raft-medium-directories.txt wordlist from the SecLists repository and perform a scan similar to DIRB—displaying status codes and discovered directories in the output.
Step 3: Comparison with Gobuster and Dirb
Let’s run a quick timing comparison between Feroxbuster, Gobuster, and DIRB.
We’ll use the following command for Feroxbuster:
kali> time feroxbuster -u http://target.com -w common.txt -t 50 -q --no-recursion
-t 50: Specifies the number of threads (i.e., concurrent requests). In this case, Feroxbuster will send up to 50 simultaneous requests, significantly increasing scan speed.-q: Enables quiet mode, suppressing non-essential output such as banners and progress indicators, and displaying only the results.--no-recursion:explicitly disable recursion.
Feroxbuster completed the scan in 52.68 seconds.
Let’s now run a similar command with Gobuster. (Note: Gobuster does not recurse by default)
kali> gobuster dir -u http://target.com -w wordlist.txt -t 50 -q
Gobuster completed the scan in 52.16 seconds – slightly faster than Feroxbuster.
Now, let’s test DIRB.
By default, DIRB runs with a single thread and recurses automatically, which can slow down timing comparisons. To keep things fair, we’ll disable recursion using the -r flag:
kali> time dirb http://target.com common.txt -r
Executed in 756 secs.
Summary
Feroxbuster is promoted as a high-performance directory discovery tool and is faster than DIRB. However, this brief experiment shows that if you’re already using Gobuster, you may not need to switch to Feroxbuster solely for speed.
The post Feroxbuster. Is It The Fastest Content Discovery Tool? first appeared on Hackers Arise.
Source: HackersArise
Source Link: https://hackers-arise.com/feroxbuster-is-it-the-fastest-content-discovery-tool/