Enumerating resources with feroxbuster and ffuf

Looking for Cracks

© Photo by Linda Robert on Unsplash

© Photo by Linda Robert on Unsplash

Article from Issue 290/2025
Author(s):

A cyberattack unfolds in stages. The enumeration phase is when the attacker looks for holes in the target system. Tools like feroxbuster and ffuf bring the power of automation to the search.

If you have ever looked at how cyberattacks unfold in detail, you know that a typical cyberattack has a few distinct phases. The sequential list of phases is commonly referred to as the cyber kill chain, which is a framework developed by Lockheed Martin over a decade ago, apparently using a military model.

Over the years, the cyber kill chain has evolved and been adopted in a number of different forms. The chain originally had seven phases, but these days an eighth monetization phase is often mentioned. Although a variety of popular frameworks and methodologies define these phases in subtly different ways, I like to think of the different phases of an attack as this boiled-down list:

  • Information gathering
  • Enumeration
  • Exploitation
  • Post exploitation

[...]

Use Express-Checkout link below to read the full article (PDF).

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

SINGLE ISSUES
Print Issues
Digital Issues
 
SUBSCRIPTIONS
Print Subs
Digisubs
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • nUbuntu Security Tools

    Study your network’s defenses with the Ubuntu-based nUbuntu security testing distribution.

    more »
  • Capture the Flag

    TryHackMe's Capture the Flag puzzles are a useful source for users who want to learn about ethical hacking and penetration testing.

    more »
  • Defending WordPress with WPScan

    The number of potential WordPress vulnerabilities is stunning. WPScan scans your site to find the problems that could lead to compromise.

    more »
  • Fuzz Testing

    Fuzzing is an important method for finding bugs and security vulnerabilities in software. Read on to find out what fuzzing is and which methods are commonly used today.

    more »
  • Compromising WordPress

    WordPress is an incredibly popular tool for building websites, and don't think the attackers haven't noticed. We'll show you what to watch for.

    more »
comments powered by Disqus