HTTP Enum

Enumerate directories.

The main thing to remember here is to always run against multiple wordlists starting with directory-list-2.3-medium.txt

Gobuster

# URL Search

-- Quick Directory Busting:
gobuster dir -u 10.10.10.20 -w /usr/share/seclists/Discovery/Web_Content/common.txt -t 80 -a Linux
gobuster dir -u 10.10.10.20 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -t 80 -a Linux

-- Comprehensive Directory Busting
gobuster dir -s 200,204,301,302,307,403 -u 10.10.10.10 -w /usr/share/seclists/Discovery/Web_Content/big.txt -t 80 -a 'Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0'

-- Search with File Extension
gobuster dir -u 10.10.10.10 -w /usr/share/seclists/Discovery/Web_Content/common.txt -t 80 -a Linux -x .sh,.html,.txt,.php

==========================================================================================================================================================================================

# DNS Search
gobuster dns -d anysite.com -t 50 -w /wordlists/subdomains.txt

==========================================================================================================================================================================================

# vhost Search
gobuster vhost -u https://anysite.com -w common-vhosts.txt

FFUF

Nikto Web Scan

Wordpress Scan

Drupal

Joomla

Dirb

Dirsearch

Netcat

cUrl

Wfuzz

Upload a PHP file

WebDav

ASPx Webshell

Code Execution through HTTP/LFI

PreviousLDAP EnumNextCheckList

Last updated

Was this helpful?