HTTP
Hypertext transfer protocol (port 80)
cmds to enum info
whatweb $IP
http $IP
dirb http://$IP/
browsh --startup-url $URL #outputs on terminal all that you'll see on browser
nmap
nmap -sC -sV $IP -p80 --script http-enum
for http headers
nmap -sC -sV $IP -p80 --script http-headers
http methods enum
nmap -sC -sV $IP -p80 --script http-methods \
--script-args http-methods.url-path=/directory/
http webdav scan
nmap -sC -sV $IP -p80 --script http-webdav-scan \
--script-args http-methods.url-path=/directory/
----------- everything that the course provide for http (nmap) can be done with -sC scan ^^
dir bruteforcing
for directory bruteforcing using we can use gobuster or ffuf or any other tool
ffuf
ffuf -w /path/to/wordlists/ -u http://$IP/FUZZ -ac #ac just to filter out repeated stuff
gobuster
gobuster dir -w /path/to/wordlists/ -u http://$IP/FUZZ -ac
check robots.txt
curl http://$IP/robots.txt
Last updated