Recon web

Directory enum

ffuf  -u <http://web.com/FUZZ> -w <wordlist> -o <file>

Subdomain enum

ffuf -w <wordlist> -H "Host: FUZZ.web.com" -u http://web.com -fs <size>

Parameter enum

ffuf -w <wordlist> -u http://web.com/script.php?FUZZ=test -fs <size>

Values enum

ffuf -w <wordlist> -u http://web.com/script.php?parameter=FUZZ -fc <code>

gobuster dir -u <IP> -w <wordlist_path> -t 50 -x .php,.txt,.html -o scan-dirs

gobuster dns -d <url> -w <wordlist> -i # Subdominios

gobuster vhost -u <url> -w <wordlist> -r # Virtual hosting

whatweb <IP>
nmap --script http-enum -p80 <IP> -oN webscan
openssl s_client -connect <IP>:<port> # SSL certs, HTTPs

watw00f <URL>

searchsploit <cms>
searchsploit -m <script_path> # Transferir
searchsploit -x <script_path> # Examinar código

nslookup
server <IP>
<IP>

dig @<IP> <domain-name> axfr

/var/lib/jenkins/config.xml
/var/lib/jenkins/users/users.xml
/var/lib/jenkins/users/user/conf.xml

/manage/script # revshell

Última actualización hace 1 año

Directory enum

ffuf  -u <http://web.com/FUZZ> -w <wordlist> -o <file>

Subdomain enum

ffuf -w <wordlist> -H "Host: FUZZ.web.com" -u http://web.com -fs <size>

Parameter enum

ffuf -w <wordlist> -u http://web.com/script.php?FUZZ=test -fs <size>

Values enum

ffuf -w <wordlist> -u http://web.com/script.php?parameter=FUZZ -fc <code>

gobuster dir -u <IP> -w <wordlist_path> -t 50 -x .php,.txt,.html -o scan-dirs

gobuster dns -d <url> -w <wordlist> -i # Subdominios

gobuster vhost -u <url> -w <wordlist> -r # Virtual hosting

whatweb <IP>
nmap --script http-enum -p80 <IP> -oN webscan
openssl s_client -connect <IP>:<port> # SSL certs, HTTPs

watw00f <URL>

searchsploit <cms>
searchsploit -m <script_path> # Transferir
searchsploit -x <script_path> # Examinar código

nslookup
server <IP>
<IP>

dig @<IP> <domain-name> axfr

/var/lib/jenkins/config.xml
/var/lib/jenkins/users/users.xml
/var/lib/jenkins/users/user/conf.xml

/manage/script # revshell

Última actualización hace 1 año