Giters

Tib3rius / AutoRecon

AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

suggestion - feroxbuster recursive mode not default

adamast0r opened this issue · comments

commented

I found recently that Feroxbuster does not try to find subfolders by default, this makes easy to miss important folders, what is run is currently:

feroxbuster -u http://10.11.1.251:80/ -t 10 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x "txt,html,php,asp,aspx,jsp" -v -k -n -e -r -o tcp_80_http

Can we revisit that decision and do something like this:
feroxbuster -u http://10.11.1.251:80/ -t 10 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x "txt,html,php,asp,aspx,jsp" -v -k -d 1 -e -r -o tcp_80_http (recursion depth 1)

commented

I'm not quite sure what you mean by "does not try to find subfolders by default". Feroxbuster starts in the webroot directory ( / ), and scans for files and directories/folders within that. It will absolutely find subfolders (e.g. /admin/ ) by default.

I take it you mean it doesn't recursively explore the subfolders it finds? Just want to check your meaning here. There is a --dirbuster.recursive option which enables recursive scanning, but it will go for the default depth. It might be worth changing that option from a boolean to an integer representing the level, then we could have --dirbuster.recursive=1.

Would that solve the issue?

commented

Yes what I wanted to say is that it doesn't recursively explore the subfolders it finds.

As example, it currently (by default) tell me that there is a folder called /admin/ but it would not tell me that there is /admin/login.php which would be useful, since if there are folders there are probably files.

I understand that this is trade-off between fast VS complete on results, however I believe it would probably worth to increase the recursively to one level like you mentioned and it would probably still be fast enough as default...

commented

I'd be against making it the default, generally because recursively dirbusting without being in full control of the tool is a bad idea. It will start going down directories you'd never want to explore in practice (e.g. /js, /css, /images, etc.). A user of AutoRecon should be looking at the results of the initial directory bust, and can then launch feroxbuster manually if they want to explore specific directories more.

The goal of AutoRecon is to be a tool which should give you a decent amount of enumeration results which you can base further enumeration on.

You should ideally create a custom config.toml file where you could tell AutoRecon to always recurse, like this one based on the default:

# Configure regular AutoRecon options at the top of this file.
verbose = 1

# Configure global options here.
# [global]
# username-wordlist = '/usr/share/seclists/Usernames/cirt-default-usernames.txt'

# Configure plugin options here.
[dirbuster]
recursive = true

I'll look into turning the boolean into an integer representing the depth though.