Coder Social home page Coder Social logo

Comments (3)

Tib3rius avatar Tib3rius commented on August 15, 2024

I'm not quite sure what you mean by "does not try to find subfolders by default". Feroxbuster starts in the webroot directory ( / ), and scans for files and directories/folders within that. It will absolutely find subfolders (e.g. /admin/ ) by default.

I take it you mean it doesn't recursively explore the subfolders it finds? Just want to check your meaning here. There is a --dirbuster.recursive option which enables recursive scanning, but it will go for the default depth. It might be worth changing that option from a boolean to an integer representing the level, then we could have --dirbuster.recursive=1.

Would that solve the issue?

from autorecon.

adamast0r avatar adamast0r commented on August 15, 2024

Yes what I wanted to say is that it doesn't recursively explore the subfolders it finds.

As example, it currently (by default) tell me that there is a folder called /admin/ but it would not tell me that there is /admin/login.php which would be useful, since if there are folders there are probably files.

I understand that this is trade-off between fast VS complete on results, however I believe it would probably worth to increase the recursively to one level like you mentioned and it would probably still be fast enough as default...

from autorecon.

Tib3rius avatar Tib3rius commented on August 15, 2024

I'd be against making it the default, generally because recursively dirbusting without being in full control of the tool is a bad idea. It will start going down directories you'd never want to explore in practice (e.g. /js, /css, /images, etc.). A user of AutoRecon should be looking at the results of the initial directory bust, and can then launch feroxbuster manually if they want to explore specific directories more.

The goal of AutoRecon is to be a tool which should give you a decent amount of enumeration results which you can base further enumeration on.

You should ideally create a custom config.toml file where you could tell AutoRecon to always recurse, like this one based on the default:

# Configure regular AutoRecon options at the top of this file.
verbose = 1

# Configure global options here.
# [global]
# username-wordlist = '/usr/share/seclists/Usernames/cirt-default-usernames.txt'

# Configure plugin options here.
[dirbuster]
recursive = true

I'll look into turning the boolean into an integer representing the depth though.

from autorecon.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.