Port 80/443 - HTTP/HTTPS

Basic Info

nc -v domain.com 80 
openssl s_client -connect <url>:443
sslscan <url>

### URL scrapping
#For JSON file:
http://web.archive.org/cdx/search/cdx?url=example.com*&output=json

#For TXT format:
http://web.archive.org/cdx/search/cdx?url=example.com*&output=txt

Web Scanners

## WhatWeb
whatweb -a 1 <url> # stealth scan
whatweb -a 3 <url> # agressive scan
whatweb -a 4 <url> # heavy scan

## WebTech
# pip install webtech
webtech <url>

WAF Detection

wafw00f <url>

Fuzzing

# Directory enumeration
gobuster dir -u <url> -w <dictionary> -t <threads>
gobuster dir -u <url> -w <dictionary> -t <threads> -x html,php,xml     # fuzzear por extensión
wfuzz --hc=404 -u "http://web.com/FUZZ" -w <dictionary> -t <threads> 

# DNS Subdomain enumeration
gobuster vhost -u <url> -w <dictionary> -t <threads> --apend-domain
gobuster vhost -u http://wireless.com:8080/ -w /usr/share/wordlists/SecLists/Discovery/DNS/subdomains-top1million-20000.txt -t 20

PreviousDeploy DNS Server with BIND NextWordpress

Last updated 1 year ago