v1.1.1

• Adds a version check when the binary is executed.

When the user's version is out of sync with the latest release, an additional line is added to the banner (shown below).

 🎉  New Version Available │ https://github.com/epi052/feroxbuster/releases/latest
───────────────────────────┴──────────────────────

v1.1.0

• Added ability to extract links from response bodies

---

Extract Links Feature Description

Search through the body of valid responses (html, javascript, etc...) for additional endpoints to scan. This turns
feroxbuster into a hybrid that looks for both linked and unlinked content.

Example request/response with --extract-links enabled:

• Make request to http://example.com/index.html
• Receive, and read in, the body of the response
• Search the body for absolute and relative links (i.e. homepage/assets/img/icons/handshake.svg)
• Add the following directories for recursive scanning:
  • http://example.com/homepage
  • http://example.com/homepage/assets
  • http://example.com/homepage/assets/img
  • http://example.com/homepage/assets/img/icons
• Make a single request to http://example.com/homepage/assets/img/icons/handshake.svg

./feroxbuster -u http://127.1 --extract-links

v1.0.5

• Fixed issue where wordlists with comments / empty lines were still being processed as words.

Thanks to Hack The Box user @sparkla for the feedback! Original discussion is here

v1.0.4

While helping github user @Flangyver troubleshoot the bug that was fixed in v1.0.3, we realized that log records couldn't actually be redirected to a file (this is due to the progress bar library's expected behavior). This version addresses that shortcoming.

• -v enabled logging can be saved to a file by also using -o
  • -v logging can NOT be redirected using >, |, etc...

Example:

./feroxbuster -u http://example.com -o trace.log -vvvv

v1.0.3

• fixed instances of duplicate scans during recursion
  • in certain situations a scan against http://example.com and http://example.com/ could both be running at the same time (the same goes for any sub-directory found during recursion

Special thanks to github user @Flangyver for notifying me about the bug ❤️

v1.0.2

• altered request timeouts to be logged as warnings instead of errors
  • timeouts can still be viewed with 1 or more -v's as part of the command
  • all other errors encountered during a request remain errors

v1.0.1

• fixed an issue that could present itself when join was called more than once
  • instead of relying on directory depth to determine whether to call .join or not, an AtomicUsize is checked instead

Thanks to twitter user @BoDresha for reaching out and letting me know about the bug!

v1.0.0

🥳 First major release 🥳

v0.2.1

• added /etc/feroxbuster as a valid config location
• updated .deb to install the example config at /etc/feroxbuster
• updated .deb to respect /etc/feroxbuster/ferox-config.toml as a conffile

v0.2.0

• config file is now searched for in multiple locations
  • ~/.config/feroxbuster
  • same dir as feroxbuster
  • cwd
• added some better error messaging
• updated docs/readme to reflect changes to config management
• updated .deb to respect a config file found at ~/.config/feroxbuster