# Install feroxbuster with Homebrew, Nix, scoop, winget, zypper

Fast, simple, recursive content discovery tool written in Rust. Version 2.13.1 via Homebrew; verified 2026-06-22.

## Install

```sh
sudo av install brew:feroxbuster
```

Additional install commands:

### macOS

- Homebrew (100%):

```sh
brew install feroxbuster
```

  Evidence: local Homebrew formula metadata

### Linux

- Nix (92%):

```sh
nix profile install nixpkgs#feroxbuster
```

  Evidence: nixpkgs package indexes: pkgs/by-name/fe/feroxbuster/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1

- zypper (92%):

```sh
sudo zypper install feroxbuster
```

  Evidence: openSUSE Tumbleweed package metadata: feroxbuster from https://download.opensuse.org/tumbleweed/repo/oss/repodata/be8d3611d25469107f32075a1697e69ec57a2b850b42348a658cc671ad5ec2b50760d02c3e59524d50da9a11d5be799bdaffba2e166e8ca8858512e3c0bd665d-primary.xml.zst

### Windows

- Scoop (92%):

```sh
scoop install main/feroxbuster
```

  Evidence: Scoop official bucket manifest trees: bucket/feroxbuster.json from https://api.github.com/repos/ScoopInstaller/Main/git/trees/master?recursive=1

- winget (92%):

```sh
winget install --id epi052.feroxbuster -e
```

  Evidence: Windows Package Manager source index: epi052.feroxbuster from https://cdn.winget.microsoft.com/cache/source.msix

## Package facts

- **Package key:** brew:feroxbuster
- **Package manager:** Homebrew
- **Package manager page:** <https://formulae.brew.sh/formula/feroxbuster>
- **Version:** 2.13.1
- **Source summary:** Fast, simple, recursive content discovery tool written in Rust
- **Homepage:** <https://epi052.github.io/feroxbuster>
- **Repository:** <https://github.com/epi052/feroxbuster>
- **Upstream docs:** <https://epi052.github.io/feroxbuster>
- **License:** MIT
- **Source archive:** <https://github.com/epi052/feroxbuster/archive/refs/tags/v2.13.1.tar.gz>
- **Last updated:** 2026-06-22T14:03:19-07:00
- **Generated:** 2026-07-08T18:08:21+00:00

## Executables

- feroxbuster (cli)
- feroxbuster (alias)

## Dependencies

- openssl@3

## Build dependencies

- pkgconf
- rust

## Install behavior

- Post-install hook: not defined
- Bottle: available on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux

## Freshness

- Page generated: 2026-07-08
- Package-manager version: 2.13.1
- Package-manager updated: 2026-06-22
- Local data: ok
- Upstream repository: https://github.com/epi052/feroxbuster
- Upstream latest detected: v2.13.1 (current)
## Project history and usage

feroxbuster is a Rust command-line tool for recursive web content discovery. Its README frames it as a forced-browsing tool: it combines brute force with wordlists to find unlinked resources, directories, files, and other predictable locations in web applications.

### Project history

The public GitHub repository was created in August 2020, and crates.io records the first `feroxbuster` crate release in October 2020. The project reached 1.0.0 within days of the initial crate publication and continued through a long 2.x line with regular releases.

The project documentation later moved from a very large README to a GitHub Pages documentation site, while the README retained quick-start installation and usage examples. The project also added an updater in the 2.x era and documents official distribution channels to avoid domain impersonation.

### Adoption history

feroxbuster's adoption path follows the Rust security-tool pattern: GitHub releases and crates.io for early users, then OS package managers and security distributions for everyday use. The README documents Kali, Homebrew, winget, Chocolatey, install scripts, and project docs for other platforms; the input package metadata also records Nix, Scoop, winget, and zypper packaging.

Crates.io metadata records more than 130,000 downloads and the repository README displays badges for GitHub and crates.io downloads. Those numbers support a real package-manager footprint for a specialized security CLI.

### How it is used

Typical use passes a target URL, wordlist-derived extensions, filters for status codes or response sizes, recursion controls, headers, query parameters, proxy settings, and output options. The README examples show piping targets through standard input, proxying through Burp or SOCKS, passing authorization headers, and sending JSON or form bodies.

In practice feroxbuster is used during web application testing to enumerate hidden or unlinked resources. Package users care about fast installation, shell completions, a default config path on security distributions, and reproducible CLI behavior across Linux, macOS, and Windows.

### Why package nerds care

feroxbuster is significant because it became one of the recognizable Rust replacements in the directory-enumeration and content-discovery space. It packages as a single CLI but has enough operational surface to matter: config files, completions, man pages, update behavior, and multiple binary distribution paths.

For maintainers, it is also a good example of security-tool packaging where provenance matters. The README explicitly warns about an unrelated impersonating domain and lists official download channels, which is unusually relevant package metadata for a pentesting tool.

### Timeline

- 2020: Public GitHub repository created.
- 2020: First crates.io release and 1.0.0 release published.
- 2023: 2.10.x release line appears on crates.io.
- 2025: crates.io records the 2.13.1 release.

### Related projects

- feroxbuster is related to forced-browsing and directory-enumeration tools used in web security testing, and it is commonly paired with wordlists, proxies such as Burp Suite, and shell pipelines for target and result processing.

### Sources

- <https://github.com/epi052/feroxbuster>
- <https://github.com/epi052/feroxbuster/blob/main/README.md>
- <https://api.github.com/repos/epi052/feroxbuster>
- <https://crates.io/crates/feroxbuster>
- <https://formulae.brew.sh/formula/feroxbuster>


## Security Notes

narrow executable package without higher-risk signals.

- **Geiger risk:** green / low
- narrow executable package without higher-risk signals


## Configuration and credential file locations

These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.


## Configuration files

- Linux: /etc/feroxbuster/ferox-config.toml
## Source Database Details

- **Source Database:** Homebrew formula API
- **Tap:** homebrew/core
- **Full Name:** feroxbuster
- **Version Scheme:** 0
- **Revision:** 0
- **Bottle Stable Root URL:** <https://ghcr.io/v2/homebrew/core>
- **Deprecated:** no
- **Disabled:** no
- **Keg Only:** no
- **URL Keys:** stable

## Other Package-Manager Records

- Nix - feroxbuster: normalized package name match | nixpkgs package indexes: pkgs/by-name/fe/feroxbuster/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1
- zypper - feroxbuster - 2.13.1-1.4: normalized package name match | openSUSE Tumbleweed package metadata: feroxbuster from https://download.opensuse.org/tumbleweed/repo/oss/repodata/be8d3611d25469107f32075a1697e69ec57a2b850b42348a658cc671ad5ec2b50760d02c3e59524d50da9a11d5be799bdaffba2e166e8ca8858512e3c0bd665d-primary.xml.zst | A recursive content discovery tool | https://epi052.github.io/feroxbuster-docs/
- zypper - feroxbuster-bash-completion - 2.13.1-1.4: normalized package name match | openSUSE Tumbleweed package metadata: feroxbuster-bash-completion from https://download.opensuse.org/tumbleweed/repo/oss/repodata/be8d3611d25469107f32075a1697e69ec57a2b850b42348a658cc671ad5ec2b50760d02c3e59524d50da9a11d5be799bdaffba2e166e8ca8858512e3c0bd665d-primary.xml.zst | Bash Completion for feroxbuster | https://epi052.github.io/feroxbuster-docs/
- Scoop - main/feroxbuster: normalized package name match | Scoop official bucket manifest trees: bucket/feroxbuster.json from https://api.github.com/repos/ScoopInstaller/Main/git/trees/master?recursive=1
- winget - epi052.feroxbuster: normalized package name match | Windows Package Manager source index: epi052.feroxbuster from https://cdn.winget.microsoft.com/cache/source.msix


## Related links

- [Source-control packages](https://www.automicvault.com/pkg/source-control-tools/) - Belongs to a source-control command family.
- [Terminal utility packages](https://www.automicvault.com/pkg/terminal-utilities/) - Matched terminal and command-line workflow metadata.
- [Language runtime packages](https://www.automicvault.com/pkg/language-runtime-packages/) - Matched language runtime, compiler, or interpreter metadata.
- [Networking and protocol packages](https://www.automicvault.com/pkg/networking-protocol-tools/) - Matched network, protocol, or remote-service metadata.
- [openssl@3](https://www.automicvault.com/pkg/brew/openssl-3/) - Runtime dependency declared by Homebrew.
- [pkgconf](https://www.automicvault.com/pkg/brew/pkgconf/) - Build dependency declared by Homebrew.
- [rust](https://www.automicvault.com/pkg/brew/rust/) - Build dependency declared by Homebrew.
- [gobuster](https://www.automicvault.com/pkg/brew/gobuster/) - Shares av.db curated category or tags: cli, directory-enumeration, security, web-security.
- [dalfox](https://www.automicvault.com/pkg/brew/dalfox/) - Shares av.db curated category or tags: cli, security, web-security.
- [ffuf](https://www.automicvault.com/pkg/brew/ffuf/) - Shares av.db curated category or tags: cli, security, web-security.
- [forbidden](https://www.automicvault.com/pkg/brew/forbidden/) - Shares av.db curated category or tags: cli, security, web-security.
- [katana](https://www.automicvault.com/pkg/brew/katana/) - Shares av.db curated category or tags: cli, security, web-security.
- [cargo-audit](https://www.automicvault.com/pkg/brew/cargo-audit/) - Shares av.db curated category or tags: cli, rust, security.
- [cargo-cyclonedx](https://www.automicvault.com/pkg/brew/cargo-cyclonedx/) - Shares av.db curated category or tags: cli, rust, security.
- [cargo-deny](https://www.automicvault.com/pkg/brew/cargo-deny/) - Shares av.db curated category or tags: cli, rust, security.

## Combined YAML source

View the package source record on GitHub. [combined/feroxbuster.yml](https://github.com/automic-vault/db/blob/main/combined/feroxbuster.yml)


## Sources

- Nucleus package database
- Geiger risk classifier
- package-page enrichment
- curated configuration and credential file locations
- curated package history
- package version freshness
- av.db category and tag curation
- package relationship graph
- external package-manager database matches
- cross-ecosystem install command graph
