macOS
brew install feroxbusterlocal Homebrew formula metadata
brew
Fast, simple, recursive content discovery tool written in Rust. Version 2.13.1 via Homebrew; verified 2026-06-22.
install
brew install feroxbusterlocal Homebrew formula metadata
nix profile install nixpkgs#feroxbusternixpkgs package indexes · pkgs/by-name/fe/feroxbuster/package.nix · source: api.github.com
sudo zypper install feroxbusteropenSUSE Tumbleweed package metadata · feroxbuster · source: download.opensuse.org
scoop install main/feroxbusterScoop official bucket manifest trees · bucket/feroxbuster.json · source: api.github.com
winget install --id epi052.feroxbuster -eWindows Package Manager source index · epi052.feroxbuster · source: cdn.winget.microsoft.com
overview
Fast, simple, recursive content discovery tool written in Rust
history
feroxbuster is a Rust command-line tool for recursive web content discovery. Its README frames it as a forced-browsing tool: it combines brute force with wordlists to find unlinked resources, directories, files, and other predictable locations in web applications.
The public GitHub repository was created in August 2020, and crates.io records the first `feroxbuster` crate release in October 2020. The project reached 1.0.0 within days of the initial crate publication and continued through a long 2.x line with regular releases.
The project documentation later moved from a very large README to a GitHub Pages documentation site, while the README retained quick-start installation and usage examples. The project also added an updater in the 2.x era and documents official distribution channels to avoid domain impersonation.
feroxbuster's adoption path follows the Rust security-tool pattern: GitHub releases and crates.io for early users, then OS package managers and security distributions for everyday use. The README documents Kali, Homebrew, winget, Chocolatey, install scripts, and project docs for other platforms; the input package metadata also records Nix, Scoop, winget, and zypper packaging.
Crates.io metadata records more than 130,000 downloads and the repository README displays badges for GitHub and crates.io downloads. Those numbers support a real package-manager footprint for a specialized security CLI.
Typical use passes a target URL, wordlist-derived extensions, filters for status codes or response sizes, recursion controls, headers, query parameters, proxy settings, and output options. The README examples show piping targets through standard input, proxying through Burp or SOCKS, passing authorization headers, and sending JSON or form bodies.
In practice feroxbuster is used during web application testing to enumerate hidden or unlinked resources. Package users care about fast installation, shell completions, a default config path on security distributions, and reproducible CLI behavior across Linux, macOS, and Windows.
feroxbuster is significant because it became one of the recognizable Rust replacements in the directory-enumeration and content-discovery space. It packages as a single CLI but has enough operational surface to matter: config files, completions, man pages, update behavior, and multiple binary distribution paths.
For maintainers, it is also a good example of security-tool packaging where provenance matters. The README explicitly warns about an unrelated impersonating domain and lists official download channels, which is unusually relevant package metadata for a pentesting tool.
security posture
narrow executable package without higher-risk signals.
green risk · low confidence · appliance
Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.
local files
These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.
Config paths the tool may read or write during local use.
/etc/feroxbuster/ferox-config.tomlexecutables
| Command | Kind | Exposure | Note |
|---|---|---|---|
feroxbuster | cli | global executable |
freshness
These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.
https://github.com/epi052/feroxbuster
install metadata
| Package key | brew:feroxbuster |
|---|---|
| Version | 2.13.1 |
| Package manager | Homebrew |
| Package manager page | https://formulae.brew.sh/formula/feroxbuster |
| Homepage | https://epi052.github.io/feroxbuster |
| Repository | https://github.com/epi052/feroxbuster |
| Upstream docs | https://epi052.github.io/feroxbuster |
| License | MIT |
| Source archive | https://github.com/epi052/feroxbuster/archive/refs/tags/v2.13.1.tar.gz |
| Last updated | 2026-06-22T14:03:19-07:00 |
| Pulse | updated |
| Dependencies | openssl@3 |
| Build dependencies | pkgconf, rust |
| Bottle | available (on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux) |
| Homebrew post-install | not defined |
| Service | none declared |
registry facts
| Source Database | Homebrew formula API |
|---|---|
| Tap | homebrew/core |
| Full Name | feroxbuster |
| Version Scheme | 0 |
| Revision | 0 |
| Bottle Stable Root URL | https://ghcr.io/v2/homebrew/core |
| Deprecated | no |
| Disabled | no |
| Keg Only | no |
| URL Keys |
|
source database matches
Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.
feroxbuster
nix profile install nixpkgs#feroxbusterferoxbuster 2.13.1-1.4
A recursive content discovery tool
https://epi052.github.io/feroxbuster-docs/
sudo zypper install feroxbusterferoxbuster-bash-completion 2.13.1-1.4
Bash Completion for feroxbuster
https://epi052.github.io/feroxbuster-docs/
sudo zypper install feroxbuster-bash-completionmain/feroxbuster
scoop install main/feroxbusterepi052.feroxbuster
winget install --id epi052.feroxbuster -esource trail
This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.
View the package source record on GitHub.