← Back to search

Directory Brute Force with Feroxbuster

reconchecklist

Summary

If 302 found, ask why — scan for default creds. Try Feroxbuster.

Walkthrough

Brute-force hidden directories and common file extensions on the web root. A hit is a 200, 301, 403, or suspicious 302 redirect exposing admin panels, config files, or backup paths—follow redirects and try default credentials.

Commands

bash

feroxbuster -u http://<IP> -x php,txt,html,config