v1.5.1

Normally, a word from the given wordlist is joined using reqwest::Url::join. When that function is called using a fully formed url as the 'word', it actually overwrites the base url.

Example:

Url("http://localhost").join("http:yunyunyun.net")
=> Url("http:yunyunyun.net")

Added logic that issues a warning if a url is found in the wordlist, and then stops processing that word before anything actually happens.

Special thanks to @Greenwolf for bringing the issue to my attention!

v1.5.0

• Added --replay-proxy and --replay-codes options as a way to only send a select few responses to a proxy. This is in stark contrast to --proxy which proxies EVERY request.

Special thanks to @aringo and @hellor00t for the request!

v1.4.1

• fixed a bug where errors occurring very early in program execution would not have their log messages displayed properly

Thanks to @Decap1tator for pointing out the issue (honorable mention to @Flangyver for letting me know about the same problem a day after the first report 😆)

v1.4.0

• added ability to pause|resume scans by pressing the ENTER key

Thanks to @Flangyver for the feature request!

v1.3.0

• overhauled the filtering system, which will allow for a wide array of filters to be added with minimal effort in the future
• added a Status Code Filter using the new system described above; exposed to the user through --filter-status
• renamed user-facing long option names
  • --norecursion -> --no-recursion
  • --addslash -> --add-slash
  • --dontfilter -> --dont-filter
  • --sizefilter -> --filter-size
  • --useragent -> --user-agent

Special thanks to @LMAY75 for filing the issue that led to this feature!

v1.2.0

• Users can now limit the number of scans permitted to run at any given time. Recursion will still identify new directories, but newly discovered directories can only begin scanning when the total number of active scans drops below the value passed to --scan-limit.

Special thanks to @Raywando for filing the issue that led to this feature!

./feroxbuster -u http://127.1 --scan-limit 2

v.1.1.2

• reduced binary size by incorporating strip into the CD pipeline
• fixed bug where the progress bar was being incremented too infrequently

The progress bar was only being incremented once per call to scanner::make_requests, however, make_requests makes a request for each url sent to it plus one for each extension specified with -x. For example, a scan that uses a wordlist with 1000 items and specifies 1 extension makes 2000 requests (one for each word, and one for each word + extension). Each progress bar only got incremented by the number of items in the wordlist.

v1.1.1

• Adds a version check when the binary is executed.

When the user's version is out of sync with the latest release, an additional line is added to the banner (shown below).

 🎉  New Version Available │ https://github.com/epi052/feroxbuster/releases/latest
───────────────────────────┴──────────────────────

v1.1.0

• Added ability to extract links from response bodies

---

Extract Links Feature Description

Search through the body of valid responses (html, javascript, etc...) for additional endpoints to scan. This turns
feroxbuster into a hybrid that looks for both linked and unlinked content.

Example request/response with --extract-links enabled:

• Make request to http://example.com/index.html
• Receive, and read in, the body of the response
• Search the body for absolute and relative links (i.e. homepage/assets/img/icons/handshake.svg)
• Add the following directories for recursive scanning:
  • http://example.com/homepage
  • http://example.com/homepage/assets
  • http://example.com/homepage/assets/img
  • http://example.com/homepage/assets/img/icons
• Make a single request to http://example.com/homepage/assets/img/icons/handshake.svg

./feroxbuster -u http://127.1 --extract-links

v1.0.5

• Fixed issue where wordlists with comments / empty lines were still being processed as words.

Thanks to Hack The Box user @sparkla for the feedback! Original discussion is here