Web Enumeration

Web

Fingerprinting

# Look at page with just text
curl 10.11.1.111 -s -L | html2text -width '99' | uniq

# Get everything
curl -i -L 10.11.1.111
curl -i -H "User-Agent:Mozilla/4.0" http://10.11.1.111:8080

# Port 443
openssl s_client -connect <hostname>:443

# Port 80
telnet <IP> 80

Nikto - WebApp Scanning

nikto -h http://<url>
nikto -h $ip -p 80,8080,1234

Gobuster - Directory Enumeration

gobuster dir -w /usr/share/dirbuster/wordlists/directory-list-lowercase-2.3-medium.txt -u http://192.168.3.104 -x php,txt,bak

Some extension

sh,txt,php,html,htm,asp,aspx,js,xml,log,json,jpg,jpeg,png,gif,doc,pdf,mpg,mp3,zip,tar.gz,tar

ffuf - Fuzzing Parameters

ffuf -u http://example.com/FUZZ -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -c --recursion    

wpscan - wordpress scan

wpscan --update
wpscan --url <ip>
wpscan --url [url] --enumerate [p/vp/ap/t/vt/at] --plugins-detection aggressive

# To scan for all plugins
wpscan --url [url] --enumerate ap --plugins-detection aggressive

# Enumerating wordpress users
wpscan --url [target URL] --enumerate u

# Password Attack
wpscan --url http://internal.thm/blog/ --passwords /opt/wordlists/rockyou.txt

Uniscan

LFI, RFI, and RCE vulnerability scanner

uniscan -u http://192.168.1.202/ -qd

CMS Explorer

cms-explorer -url http://10.11.1.111 -type [Drupal, WordPress, Joomla, Mambo]

💓Resources

Amazing compilation -> https://pentestbook.six2dez.com/enumeration/web