HTTP

Hypertext transfer protocol (port 80)

• cmds to enum info

whatweb $IP

http $IP

dirb http://$IP/

browsh --startup-url $URL #outputs on terminal all that you'll see on browser

nmap

nmap -sC -sV $IP -p80 --script http-enum

• for http headers

nmap -sC -sV $IP -p80 --script http-headers

• http methods enum

nmap -sC -sV $IP -p80 --script http-methods \
--script-args http-methods.url-path=/directory/

• http webdav scan

nmap -sC -sV $IP -p80 --script http-webdav-scan \
--script-args http-methods.url-path=/directory/

----------- everything that the course provide for http (nmap) can be done with -sC scan ^^

dir bruteforcing

• for directory bruteforcing using we can use gobuster or ffuf or any other tool

ffuf

ffuf -w /path/to/wordlists/ -u http://$IP/FUZZ -ac #ac just to filter out repeated stuff 

gobuster

gobuster dir -w /path/to/wordlists/ -u http://$IP/FUZZ -ac

check robots.txt

curl http://$IP/robots.txt