Web

Directories Enumeration

dirb http://target-ip/ /path/to/wordlist.txt
dirb http://target-ip/ /path/to/wordlist.txt -X .php,.html

wfuzz -c -w dirb/common.txt --hc 404,502 https://target/FUZZ
wfuzz -c -z file,/wordlists/fuzz.txt -z file,/usr/share/wordlists/fuzz2.txt --hc 404 http://target/FUZZ/FUZ2Z
wfuzz -c -w dirb/common.txt --hc 404,502 https://target/FUZZ/index.html

You can add all exceptions you don't want to see behind --hc flag. --hc 429,502,404

or -fs

/usr/local/lib/python3.8/dist-packages/wfuzz/init.py:34: UserWarning:Pycurl is not compiled against Openssl. Wfuzz might not work correctly when fuzzing SSL sites. Check Wfuzz's documentation for more information. https://stackoverflow.com/questions/55929011/pycurl-is-not-compiled-against-openssl-when-i-trie-to-use-wfuzz-how-to-solve-th

gobuster dir -u <url> -w <wordlist.txt> -x <file_extensions>

https://github.com/projectdiscovery/nuclei

Installation

go install -v github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest

echo 'export PATH=$PATH:~/go/bin' >> ~/.bashrc 
# Use ~/.zshrc instead of bash if needed

Usage

Run nuclei on single host:
        $ nuclei -target example.com

Run nuclei with specific template directories:
        $ nuclei -target example.com -t http/cves/ -t ssl

Run nuclei against a list of hosts:
        $ nuclei -list hosts.txt

Run nuclei with a JSON output:
        $ nuclei -target example.com -json-export output.json

Run nuclei with sorted Markdown outputs (with environment variables):
        $ MARKDOWN_EXPORT_SORT_MODE=template nuclei -target example.com -markdown-export nuclei_report/

Additional documentation is available at: https://docs.nuclei.sh/getting-started/running

Gathering URLs and JavaScript file locations with Hakrawler

https://github.com/hakluke/hakrawler

echo https://google.com | hakrawler
cat urls.txt | hakrawler # Multiple urls
cat urls.txt | hakrawler -proxy http://localhost:8080 # Requests through a proxy
echo https://google.com | hakrawler -subs # Include subdomain

Subdomain Enumeration

gobuster dns -t 30 -w subdomains.txt -d example.com

Previousnmap NextSplunk

Last updated 5 months ago