Web Scan

Spidering

/home/chga/go/bin/gospider -s "http://TARGET/" -c 10 -d 0 -t 20

Fuzzing

gobuster -u http://TARGET:80/ -w /usr/share/dirb/wordlists/common.txt

# Specify extension
/usr/share/patator/patator.py http_fuzz url=http://TARGET/utility-scripts/FILE0.php 0=/usr/share/dirb/wordlists/big.txt -x ignore:code=404 -x ignore,retry:code=500 -t150

# Add txt, php and html to any entry
wfuzz -c -w /usr/share/dirb/wordlists/big.txt -z list,txt-php-html -u http://TARGET/admin-dir/FUZZ.FUZ2Z --hc 404,403 -t 500

# Another GO alternative
ffuf -c -w /usr/share/dirb/wordlists/big.txt -u http://TARGET/FUZZ -fc 404 -t 400 -recursion

Scanner

sudo nikto -host http://TARGET

# GUI
sudo docker run --net="host" -e "DISPLAY=$DISPLAY" --rm -it "owasp/zap2docker-live" "./zap.sh"

Certificates

# Retrieve SSL certificate from server with ip, port and domain
echo| openssl s_client -connect IP:PORT -servername DOMAINNAME 2>/dev/null | openssl x509 -text

# For google.com :
echo| openssl s_client -connect google.com:443 -servername google.com 2>/dev/null | openssl x509 -text