National Cyber Warfare Foundation (NCWF)

A Detailed Guide on Feroxbuster


0 user ratings
2024-09-12 05:21:03
milo
Red Team (CNA)

 - archive -- 

Feroxbuster is a robust tool designed to identify directories and files on web servers using brute-force techniques. It is frequently utilized in penetration testing and


The post A Detailed Guide on Feroxbuster appeared first on Hacking Articles.



Feroxbuster is a robust tool designed to identify directories and files on web servers using brute-force techniques. It is frequently utilized in penetration testing and security evaluations to detect concealed paths and resources. Here we are going to discuss about various tasks which we can perform using Feroxbuster.


Table of contents



  • Lab setup

  • Installation

  • Default mode

  • Redirects

  • Extensions

  • Result output

  • User agent

  • Filter status code

  • Quiet mode

  • Controlling threads

  • Custom wordlist

  • Disable recursion

  • Limit recursion depth

  • Force Recursion

  • Filter by character size

  • Filter by number of words

  • Filter by number of lines

  • Filter by status code using deny list

  • Filter by status code using allow list

  • Generating random User-Agent

  • HTTP methods

  • Custom headers

  • Cookies

  • Adding slash

  • Capturing requests in Burp

  • Read target from list

  • Resume from last state

  • Follow redirect

  • Timeout

  • Comparasion between Feroxbuster and other tools

  • Conclusion


Lab setup


Target Machine: 192.168.1.4


Attacker Machine: 192.168.1.31 (Kali Linux)


After setting up a web server in the target machine, we can proceed with the enumeration in the kali linux after installing Feroxbuster.


Installation


To install the Feroxbuster in kali linux, we can use the following command:


apt install feroxbuster


Default mode


Once we are done with the installation, we can proceed with the enumeration part. To perform a default directory brute force, we can use the following the command:


feroxbuster -u http://192.168.1.4


It can be seen from above that the wordlist used in default mode is the raft-medium-directories.txt.


To get a less verbose output, we can use the –silent flag to hide the non-essential data.


feroxbuster -u http://192.168.1.4 --silent


Redirects


In order to allow the Feroxbuster to continue the directory brute forcing on the redirected URL, we can use the -r or –redirect flag. For example if http://192.168.1.4 redirects to http://192.168.1.4/newpath, Feroxbuster will follow this redirection and continue to scan http://192.168.1.4/newpath for directories and files.


feroxbuster -u http://192.168.1.4 -r


Extensions


To perform brute-force for a particular type of file extension, the -x or –extensions flag can be used.


feroxbuster -u http://192.168.1.4 -x php,txt --silent


Result output


If we want to log the output, we use the –output flag and then mentioning the file name.


feroxbuster -u http://192.168.1.4 --output results.txt


User agent


To set up a custom user agent to send request at the server, we can use the -a or –user-agent flag. By default, the user agent used by Feroxbuster is feroxbuster/.


feroxbuster -u http://192.168.1.4 -a "Mozilla/5.0 (Windows NT 10.0; Win64; x64)"


Filter status code


There are times when we need to skip certain status codes responses, so we can use the -C or –filter-status, to skip the results of the mentioned codes. If we want to include a particular status code in output, we can use the -s or –status-codes flag.


feroxbuster -u http://192.168.1.4 -C 403,404


Quiet mode


To present the output without showing the progress bar or banner, we can use the quite mode by giving the -q or –quiet flag.


feroxbuster -u http://192.168.1.4 -q


Controlling threads


To control the number of concurrent threads depending on the environment type, we can use the –threads or -t flag. The default threads value is 50.


feroxbuster -u http://192.168.1.4 -t 20


Custom wordlist


To use a custom wordlist, we can use the -w or –wordlist flag and then give the wordlist path. Here we are giving the common.txt file path.


feroxbuster -u http://192.168.1.4 -w /usr/share/wordlists/dirb/common.txt


Disable recursion


To allow the scanning of only top level directories, we can set the -n or –no-recursion flag to disable the recursive scanning.


feroxbuster -u http://192.168.1.4 -n


Limit recursion depth


To set a limit on the depth of recursion, we can use the -L or –scan-limit.


feroxbuster -u http://192.168.1.4 -L 4


Force Recursion


To ensure that the recursion is used, we can use the –force-recursion flag.


feroxbuster -u http://192.168.1.4 --force-recursion


Filter by character size


To filter out the messages of a particular length, we can use the -S or –filter-size flag. This will filter based on character size.


feroxbuster -u http://192.168.1.4 -q
feroxbuster -u http://192.168.1.4 -q -S 285,286,283,289


Filter by number of words


To filter out the results using number of words filter, we can use the -w or –filter-words flag.


feroxbuster -u http://192.168.1.4 -q
feroxbuster -u http://192.168.1.4 -q -W 33


Filter by number of lines


To filter out the results using number of words filter, we can use the -N or –filter-lines flag.


feroxbuster -u http://192.168.1.4 -q
feroxbuster -u http://192.168.1.4 -q -N 9


Filter by status code using deny list


To filter the results using status codes (deny list), we can use the –filter-status flag.


feroxbuster -u http://192.168.1.4 -q
feroxbuster -u http://192.168.1.4 -q --filter-status 404


Filter by status code using allow list


To filter the results using status codes (allow list), we can use the –status-codes flag.


feroxbuster -u http://192.168.1.4 -q
feroxbuster -u http://192.168.1.4 -q --status-codes 200,301


Generating random User-Agent


To use a random user agent for every request, we can use the -A flag. Here we have used the –burp flag simultaneously to show how the user agent looks in the requests.


feroxbuster -u http://192.168.1.4 -A --burp


HTTP methods


To explicitly define the HTTP methods to be used, we can use the -m flag and then state the method to be used like POST. The default method is GET while running the Feroxbuster.


feroxbuster -u http://192.168.1.4 -m POST


Custom headers


To explicitly define the request header to be used, we can use the -H flag and then state the header alongwith the value to be used like ‘Content-Type: application/x-www-form-urlencoded’. Here we have used the –burp flag simultaneously to show how the user agent looks in the requests.


feroxbuster -u http://192.168.1.4 -H 'Content-Type: application/x-www-form-urlencoded' --burp -q


Cookies


To use a specific cookie value in all the requests, we can mention the cookies header alongwith the value. The flag which can be used here is –cookies or -b. Here we have used the –burp flag simultaneously to show how the cookie looks in the requests.


feroxbuster -u http://192.168.1.4 --cookies PHPSESSID=t54ij15l5d51i2tc7j1k1tu4p4 --burp -q


Adding slash


To add a slash (/) after every request, we can use the -f or –add-slash flag.


feroxbuster -u http://192.168.1.4 -f


Capturing requests in Burp


To capture a request in Burp Suite, we can use the –burp flag while running the scan.


feroxbuster -u http://192.168.1.4 --burp


Read target from list


To perform the scanning on the targets provided in the list, we can use the following command:


cat target.txt
cat target.txt| feroxbuster --stdin -q

 


Resume from last state


If we wish to resume the scan from the last state, we can use the –resume-from flag and provide the .state file. There are times when we need to terminate the scan in between, so Feroxbuster will save the results in the file.


feroxbuster -u http://192.168.1.4 -q
feroxbuster --resume-from ferox-http_192_168_1_4-1723370176.state -q


Follow redirect


While scanning if there are requests which result in the redirection, so we can control that by allowing the clients to follow the redirects using -r flag.


feroxbuster -u http://192.168.1.4  -r


Timeout


To setup a timeout limit, we can use the -T flag. This determines the amount of time the Feroxbuster wil wait for the server response before terminating the scan. By default, this value is set to 7 seconds, however we can modify it by using the flag.


feroxbuster -u http://192.168.1.4


The above image shows the default timeout limit used and now we are going to modify it to 5 seconds.


feroxbuster -u http://192.168.1.4 -T 5


Comparasion between Feroxbuster and other tools



  • Feroxbuster stands out for its comprehensive set of features, including extensive response filtering, Burp Suite integration, and customization options. It provides a balance between advanced functionality and user control, making it a powerful choice for detailed and nuanced directory and file brute-forcing.

  • DirBuster is user-friendly with its GUI but may not be as fast or flexible as command-line tools like Feroxbuster.

  • Gobuster offer speed and efficiency but with fewer advanced features and less flexibility compared to Feroxbuster.

  • ffuf provides high performance and extensive filtering but can be complex to configure and use.


Conclusion


In conclusion, we can say that Feroxbuster is an excellent choice for those requiring precise control over their scanning processes, advanced filtering capabilities, and the ability to integrate with other tools.


Author: Vinayak Chauhan is an InfoSec researcher and Security Consultant. Contact here


The post A Detailed Guide on Feroxbuster appeared first on Hacking Articles.



Source: HackingArticles
Source Link: https://www.hackingarticles.in/a-detailed-guide-on-feroxbuster/


Comments
new comment
Nobody has commented yet. Will you be the first?
 
Forum
Red Team (CNA)



Copyright 2012 through 2024 - National Cyber Warfare Foundation - All rights reserved worldwide.