Details

Category: Discovery

Publisher: trickest-mhmdiaa

Created Date: 9/7/2022

Container: quay.io/trickest/feroxbuster:2.10.1-patch-1

Source URL: https://github.com/epi052/feroxbuster

Parameters

data
file
Command: --data - Request's Body - The file name starts with an `@` (ex: @post.bin)
json
boolean
required
Command: --json - Emit JSON logs to output instead of normal text
depth
string
Command: --depth - Maximum recursion depth, a depth of 0 is infinite recursion (default: 4)
proxy
string
Command: --proxy - Proxy to use for requests (ex: http(s)://host:port, socks5(h)://host:port)
query
string
Command: --query - Request's URL query parameters (ex: token=stuff)
quiet
boolean
Command: --quiet - Hide progress bars and banner
smart
boolean
Command: --smart - Set --extract-links, --auto-tune, --collect-words, and --collect-backups to true
silent
boolean
Command: --silent - Only print URLs
cookies
string
Command: --cookies - Specify HTTP cookies to be used in each request (ex: stuff=things)
headers
string
Command: --headers - Specify HTTP headers to be used in each request (ex: Header:val)
methods
string
Command: --methods - Which HTTP request method(s) should be sent (default: GET)
threads
string
Command: --threads - Number of concurrent threads (default: 50)
timeout
string
Command: --timeout - Number of seconds before a client's request times out (default: 7)
insecure
boolean
Command: --insecure - Disables TLS certificate validation in the client
no-state
boolean
Command: --no-state - Disable state output file (*.state)
parallel
string
Command: --parallel - Run parallel feroxbuster instances
thorough
boolean
Command: --thorough - Use the same settings as --smart and set --collect-extensions to true
url-list
file
required
Command: - List of target URLs
wordlist
file
required
Command: --wordlist - Wordlist
add-slash
boolean
Command: --add-slash - Append / to each request's URL
auto-bail
boolean
Command: --auto-bail - Automatically stop scanning when an excessive amount of errors are encountered
auto-tune
boolean
Command: --auto-tune - Automatically lower scan rate when an excessive amount of errors are encountered
dont-scan
string
Command: --dont-scan - URL(s) or Regex Pattern(s) to exclude from recursion/scans
redirects
boolean
Command: --redirects - Allow client to follow redirects
verbosity
string
Command: - Increase verbosity level (use -vv or more for greater effect. [CAUTION] 4 v's is probably too much)
client-key
file
Command: --client-key - Add a PEM encoded private key for mutual authentication (mTLS)
extensions
string
Command: --extensions - File extension(s) to search for (ex: php pdf js)
rate-limit
boolean
Command: --rate-limit - Limit number of requests per second (per directory) (default: 0, i.e. no limit)
scan-limit
string
Command: --scan-limit - Limit total number of concurrent scans (default: 0, i.e. no limit)
time-limit
string
Command: --time-limit - Limit total run time of all scans (ex: --time-limit 10m)
user-agent
string
Command: --user-agent - Sets the User-Agent (default: feroxbuster/2.7.1)
client-cert
file
Command: --client-cert - Add a PEM encoded certificate for mutual authentication (mTLS)
dont-filter
boolean
Command: --dont-filter - Don't auto-filter wildcard responses
filter-size
string
Command: --filter-size - Filter out messages of a particular size (ex: 4927,1970)
resume-from
file
Command: --resume-from - State file from which to resume a partially complete scan (ex. --resume-from ferox-1606586780.state)
dont-collect
string
Command: --dont-collect - File extension(s) to Ignore while collecting extensions (only used with `collect-extensions`)
filter-lines
string
Command: --filter-lines - Filter out messages of a particular line count (ex: 31,30)
filter-regex
string
Command: --filter-regex - Filter out messages via regular expression matching on the response's body (ex: ^ignore me$)
filter-words
string
Command: --filter-words - Filter out messages of a particular word count (ex: 91,82)
no-recursion
boolean
Command: --no-recursion - Do not scan recursively
random-agent
boolean
Command: --random-agent - Use a random User-Agent
replay-codes
string
Command: --replay-codes - Status Codes to send through a Replay Proxy when found (default: --status-codes value)
replay-proxy
string
Command: --replay-proxy - Send only unfiltered requests through a Replay Proxy, instead of all requests
server-certs
file
Command: --server-certs - Add custom root certificate(s) for servers with unknown certificates
status-codes
string
Command: --status-codes - Status Codes to include (allow list) (default: 200 204 301 302 307 308 401 403 405)
collect-words
boolean
Command: --collect-words - Automatically discover important words from within responses and add them to the wordlist
filter-status
string
Command: --filter-status - Filter out status codes (deny list) (ex: 401)
collect-backups
boolean
Command: --collect-backups - Automatically request likely backup extensions for found urls
force-recursion
boolean
Command: --force-recursion - Force recursion attempts on all 'found' endpoints (still respects recursion depth)
filter-similar-to
string
Command: --filter-similar-to - Filter out pages that are similar to the given page (ex: http://site.xyz/soft404)
collect-extensions
boolean
Command: --collect-extensions - Automatically discover extensions and add them to --extensions (unless they're in `dont-collect`)
dont-extract-links
boolean
Command: --dont-extract-links - Don't extract links from response body (html, javascript, etc...