Feroxbuster Took Down the Webserver!

Feroxbuster is one of my favorite tools for directory brute-forcing. It’s blazing fast, efficient, and an absolute beast for uncovering hidden directories. But that speed comes with a cost — it can accidentally DoS a web server!

I was just running a standard directory brute-force command against a PG Practice Box on the OffSec platform using:

feroxbuster -u http://192.168.164.99/ -w /usr/share/dirb/wordlists/common.txt -d 2 -s 200 -t 20

Initially. Everything looked ok. My 1st pass is usually with “common.txt” . So it finished in no time:

feroxbuster scan.

But when I was about to manually inspect the site, It was not able to. It was down! I took it down (well, feroxbuster actually):

Site was down.

Running the tool again brought no results (obviously) but I tried anyway just to confirm what I already know: