Web Enumeration

# Directories bruteforce
dirsearch -u http://192.168.198.121 -e aspx --full-url -w /directory-list-2.3-medium.txt -t 100 -x 400,404
# DNS Enumeration
gobuster dns -d medtech.com -w subdomains-top1million-110000.txt --wildcard

# Extensions (used for web directories bruteforce)
php,html,txt,json,js,jsp,jspa,jspx,aspx,bak,sh,go,asp,log,zip,conf,ini,py,yml

GIT

# Download the directory
wget -r http://127.0.0.1/.git

# Show commits
git log
git show
git diff-tree -p HEAD

Web Enumeration

# Run a directory scan on a website
gobuster dir -u http://10.10.10.121/ -w /usr/share/dirb/wordlists/common.txt

# Run a sub-domain scan on a website
gobuster dns -d inlanefreight.com -w /usr/share/SecLists/Discovery/DNS/namelist.txt

# Grab website banner
curl -IL https://www.inlanefreight.com

# List details about the webserver/certificates
whatweb 10.10.10.121

# List potential directories in robots.txt
curl 10.10.10.121/robots.txt
PreviousShells, Payloads & ExploitNextPassword Attacks

Last updated