Tips
When initially moving through the site, do it through Burpsuite as it will allow one to see all past requests and how they are handled.
Nikto
Scan sites for known vulnerabilities, misconfigurations and directories.
FFUF
Copy # Directory scan
ffuf -u <host>/FUZZ -w <wordlist>
ffuf -u <host>/FUZZ -w <wordlist> -e .txt,.php,.html
# DNS / Sub-domain scan
ffuf -u <ip> -H "Host: FUZZ.host.local" -w <wordlist> -mc all gobuster
Copy # Directory scan
gobuster dir -u <IP> -w <wordlist>
gobuster dir -u <IP> -w <wordlist> -x txt,php,html
# DNS / Sub-domain scan
gobuster dns -d <host> -w <wordlist>
# VHOST scanning
gobuster vhost -u <host> -w <wordlist> feroxbuster
Copy # Scan for DIRs
feroxbuster -u <host>
feroxbuster -u <host> -x html,php Wfuzz
Wfuzz is a tool designed for brute-forcing Web Applications, it can be used for finding resources not linked directories, servlets, scripts, etc.
Copy # DNS scan
wfuzz -u <ip> -H "Host: FUZZ.domain.local" -w <wordlist>
# Bruteforce internal port (SSRF)
wfuzz -c -z range,1-65535 --hl=2 http://<ip>:<port>/url.php?path=http://localhost:FUZZ
# URL parameter discovery
wfuzz -u https://<link>/<page>/?FUZZ= -w <wordlist> -H "Cookie: PHPSESSID=" Zap
Zap is a web scanner that simulates human movement and tries to discover the target. It can also detect basic vulnerabilities as well as weak coding practices.
WordPress
WPScan
WordPress security scanner
Copy wpscan --url <url> -e ap,at,dbe,u Ports
Copy 80 HTTP
443 HTTPS
8000 HTTP Alternative
8080 HTTP Alternative Last updated 4 months ago