Enumerating resources with feroxbuster and ffuf

Looking for Cracks

© Photo by Linda Robert on Unsplash

© Photo by Linda Robert on Unsplash

Article from Issue 290/2025
Author(s):

A cyberattack unfolds in stages. The enumeration phase is when the attacker looks for holes in the target system. Tools like feroxbuster and ffuf bring the power of automation to the search.

If you have ever looked at how cyberattacks unfold in detail, you know that a typical cyberattack has a few distinct phases. The sequential list of phases is commonly referred to as the cyber kill chain, which is a framework developed by Lockheed Martin over a decade ago, apparently using a military model.

Over the years, the cyber kill chain has evolved and been adopted in a number of different forms. The chain originally had seven phases, but these days an eighth monetization phase is often mentioned. Although a variety of popular frameworks and methodologies define these phases in subtly different ways, I like to think of the different phases of an attack as this boiled-down list:

  • Information gathering
  • Enumeration
  • Exploitation
  • Post exploitation

[...]

Use Express-Checkout link below to read the full article (PDF).

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Security Lessons

    We explain how file or protocol fuzzing leads to direct improvements in code quality. You'll also learn more about available open source fuzzing tools.

  • nUbuntu Security Tools

    Study your network’s defenses with the Ubuntu-based nUbuntu security testing distribution.

  • Fuzz Testing

    Fuzzing is an important method for finding bugs and security vulnerabilities in software. Read on to find out what fuzzing is and which methods are commonly used today.

  • Compromising WordPress

    WordPress is an incredibly popular tool for building websites, and don't think the attackers haven't noticed. We'll show you what to watch for.

  • Defending WordPress with WPScan

    The number of potential WordPress vulnerabilities is stunning. WPScan scans your site to find the problems that could lead to compromise.

comments powered by Disqus
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters

Support Our Work

Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.

Learn More

News