What is Feroxbuster Pro built for?
Feroxbuster Pro is built for professional forced browsing: finding unreferenced web resources that are still reachable if you know the path.
The focus is coverage with signal. Pro combines traditional wordlist probing with structure-aware extractors, semantic JavaScript analysis, focused follow-up checks based on what each target exposes, provenance records, and scan diffing so findings are easier to explain, repeat, and compare.
How is Pro different from open source Feroxbuster?
The open source project remains the free baseline for fast content discovery. Pro keeps that forced-browsing purpose, but uses a newer feroxfuzz-based core and adds discovery features for deeper coverage, cleaner evidence, and easier result comparison across scans.
In practice, that means Pro can extract paths from OpenAPI documents, OIDC metadata, service workers, manifests, framework artifacts, and JavaScript instead of relying only on a static wordlist. It also records why a request happened, which is useful when you need to validate results or defend a finding.
What is Distributed Runtime?
Distributed Runtime is the optional self-hosted control plane for distributed scans. It uses three binaries:
ferox-controllercoordinates work, holds the license, and manages the trust domain.ferox-agentconnects to the controller and performs assigned scan work.ferox-tuiis the operator interface for starting, observing, and controlling scans.
Standalone feroxbuster-pro remains the default local scanning experience.
Should I start with standalone Pro or Distributed Runtime?
Start with standalone feroxbuster-pro unless you need a controller to coordinate scans across agents in different environments or network segments.
Distributed Runtime is for controller-managed work across agents: long-running scans, shared operator visibility, worker placement near different network segments, or work that should continue when an operator disconnects. It is a separate add-on because it adds deployment and trust-domain management that a local scan does not need.
Can Feroxbuster Pro be used from scripts or automation?
Yes. The base feroxbuster-pro binary is a traditional command-line tool, similar to open source Feroxbuster. You can run it from shells, scripts, CI jobs, and automation that can execute CLI commands.
The interactive TUI and Distributed Runtime are optional workflows. If your automation cannot drive an interactive interface, use the standalone CLI.
Can I automate Distributed Runtime without using the TUI?
Not yet. Distributed Runtime is currently operated through the ferox-tui client connected to a self-hosted controller. Agents perform assigned scan work, but they are not a standalone automation API.
For non-interactive automation today, use the standalone feroxbuster-pro CLI.
Is Distributed Runtime a cloud service?
No. Distributed Runtime is self-hosted. You run the controller, agents, and TUI clients on your own infrastructure. It does not require accounts, hosted services, internet access, or vendor-controlled infrastructure during operation.
The controller is the coordination, trust, and enforcement boundary. Enrolled agents and clients authenticate with mutual TLS, and the deployment can run on isolated networks.
How does Distributed Runtime licensing work?
Distributed Runtime is an optional add-on for Pro. The current add-on entitlement covers 1 controller activation and up to 8 concurrently connected agents for that controller.
Agents do not use separate license activations. They enroll with the controller and consume a concurrent agent slot only while connected. TUI clients can attach and detach without consuming agent slots.
Does licensing require internet access while Feroxbuster Pro runs?
No. Installed license validation happens on the machine running Feroxbuster Pro. The product does not require online check-ins, hosted services, or vendor infrastructure while it runs.
You do need portal access to purchase, download release artifacts, and issue offline activation bundles. For restricted environments, generate the activation challenge on the machine that will run Pro, move that challenge to a machine with portal access, download the returned bundle, and install it back on the original machine.
Is scan data, target data, or output sent back to you?
No. Feroxbuster Pro does not send target URLs, response bodies, findings, logs, or scan output to Feroxbuster services as part of scanning or licensing.
The customer portal handles account, purchase, download, and offline activation workflows. Runtime scan data stays under your control.
How do download and activation work?
After purchase, sign in to the customer portal to download your platform build, checksum, and licensing artifacts. Pro activation is offline-first:
1. Generate challenge.bin on the machine that will run the binary. 2. Upload that challenge in the portal. 3. Download activation_bundle.zip. 4. Install the returned artifacts locally.
See Licensing for the exact CLI commands.
Is there a trial version?
No, there is not currently a trial flow. Open source Feroxbuster remains the entry point for evaluating the basic workflow. Feroxbuster Pro is for users who want that style of forced browsing with deeper extraction, provenance, scan diffing, and other Pro capabilities.
If you already have a Feroxbuster workflow, feroxbuster-pro is designed to be familiar as a command-line replacement, though Pro has additional options and behavior.
Which platforms are supported?
Current Pro builds are available from the portal for:
- Linux, 64-bit x86
- macOS, Apple Silicon ARM
- Windows, 64-bit x86
Open source Feroxbuster has a broader public release matrix through GitHub releases and package repositories.
What does the lifetime license include?
The Pro license is perpetual for the version you are entitled to use. The initial purchase includes 12 months of updates. After that, the installed product keeps working, and update renewal is optional.
What happens if my update window expires?
Your license continues to work. The update window controls access to new releases, improvements, and download entitlements after that date.
You can renew updates later. Renewal does not convert the product into a subscription that must stay active for your installed version to run.
How many machines can I activate?
Standard Pro licenses currently include 3 active activation slots. Activations are machine-bound, so copying activation.bin or the local artifact store to another machine does not create a working install.
If you rebuild, replace, or retire a machine, deactivate the old activation in the portal to free a slot, then generate a new challenge on the new host and issue a new activation bundle. This is self-service for normal migrations. Already-issued offline tokens are not remotely revoked. If the portal blocks a migration and you cannot resolve the license limit via self-service, contact support with your license ID.
What is the difference between a license key and an activation bundle?
The license key identifies your license in the portal and licensing workflow.
The activation bundle is what the product installs locally. It contains vendor-signed, encrypted artifacts bound to the machine and release build that produced the challenge. Treat both as sensitive, but do not expect the license key alone to activate a machine.
Can I use Pro for paid assessments, consulting, and internal security work?
Yes, assuming you have authorization for the targets you scan. The license allows personal and commercial use, including penetration testing and security assessments.
Do you offer team or enterprise licensing?
Not yet as a separate public plan. Today, teams can buy multiple licenses or run independent Distributed Runtime deployments.
For procurement, larger deployments, or a licensing setup that does not fit the public checkout flow, contact <sales@feroxbuster.pro>.
Where should I report issues or ask for help?
For technical support and usage questions, contact <support@feroxbuster.pro>. For security issues in Feroxbuster Pro or the portal, contact <security@feroxbuster.pro> and follow the vulnerability disclosure policy on the main site.