HTTP

Hypertext transfer protocol (port 80)

  • cmds to enum info

whatweb $IP

http $IP

dirb http://$IP/

browsh --startup-url $URL #outputs on terminal all that you'll see on browser

nmap 

nmap -sC -sV $IP -p80 --script http-enum

  • for http headers

nmap -sC -sV $IP -p80 --script http-headers

  • http methods enum

nmap -sC -sV $IP -p80 --script http-methods \
--script-args http-methods.url-path=/directory/

  • http webdav scan

nmap -sC -sV $IP -p80 --script http-webdav-scan \
--script-args http-methods.url-path=/directory/

----------- everything that the course provide for http (nmap) can be done with -sC scan ^^

dir bruteforcing

  • for directory bruteforcing using we can use gobuster or ffuf or any other tool

ffuf 

ffuf -w /path/to/wordlists/ -u http://$IP/FUZZ -ac #ac just to filter out repeated stuff

gobuster

gobuster dir -w /path/to/wordlists/ -u http://$IP/FUZZ -ac

check robots.txt

curl http://$IP/robots.txt
PreviousSSHNextMysql and Mssql

Last updated