Web Scanο
Fuzzingο
curl http://TARGET/robots.txt
curl http://TARGET/sitemap.xml
ffuf -w /usr/share/SecLists/Discovery/Web-Content/raft-small-words.txt -u http://TARGET/FUZZ -fc 404,403 -t 100 -c
ffuf -w /usr/share/dirb/wordlists/big.txt -u http://TARGET/FUZZ -fc 404,403 -t 100 -c
ffuf -w /usr/share/SecLists/Discovery/Web-Content/raft-medium-words.txt -u http://TARGET/FUZZ -fc 404,403 -t 100 -c
ffuf -w /usr/share/SecLists/Discovery/Web-Content/raft-small-words.txt -u http://TARGET/FUZZ/v1 -fc 404,403 -t 100 -c
ffuf -w /usr/share/SecLists/Discovery/Web-Content/raft-small-words.txt -u http://TARGET/api/FUZZ -fc 404,403 -t 100 -c
ffuf -w /usr/share/SecLists/Discovery/Web-Content/raft-large-words.txt -u http://TARGET/FUZZ -fc 404,403 -t 100 -c
# Fuzzing sub domains, filtering reponse size 154
ffuf -w /usr/share/SecLists/Discovery/DNS/shubs-subdomains.txt -u http://website.com/ -H "Host: FUZZ.website.com" -fs 154
# Custom header
ffuf -w /usr/share/SecLists/Discovery/Web-Content/raft-medium-words.txt -u -H "Authorization: Basic YWRtaW46Nzg5NDU2" http://192.168.235.201/FUZZ -fc 404,403 -t 100 -c
Brute Forceο
hydra -l user -P rockyou.txt 1.2.3.4 http-post-form "/index.php:fm_usr=user&fm_pwd=^PASS^:Login failed. Invalid"
|Β Basic auth
patator http_fuzz auth_type=basic url=http://1.2.3.4 user_pass=FILE0:FILE0 0=userpass.txt -x ignore:code=401
patator http_fuzz auth_type=basic url=http://1.2.3.4 user_pass=FILE0:FILE1 0=/tmp/users 1=rockyou.txt -x ignore:code=401
patator http_fuzz auth_type=basic url=http://1.2.3.4 user_pass='admin':FILE1 1=rockyou.txt -x ignore:code=401
Spideringο
gospider -s "http://TARGET/" -c 10 -d 0 -t 20
Scannerο
sudo nikto -host http://TARGET
Certificatesο
# Retrieve SSL certificate from server with ip, port and domain
echo| openssl s_client -connect IP:PORT -servername DOMAINNAME 2>/dev/null | openssl x509 -text
# For google.com :
echo| openssl s_client -connect google.com:443 -servername google.com 2>/dev/null | openssl x509 -text