Álex B(ible)
Álex B(ible)
Álex B(ible)
Enumeration
Basic OS recognition
Port scanning
Web directory enumeration
Exfiltration
Exfiltration
SQL injection
SQLi payloads
SQLi from audio files
Linux Privilege escalation
Pentest JDWP
Shells and upgrades
Linux reverse shells
Port forwarding
My tmux config and shortcuts
Nano shortcuts
Vim shortcuts
HTTP Error codes
John the ripper
Hashcat
Powered by GitBook

Web directory enumeration

Tool: gobuster

Installation: https://github.com/OJ/gobuster Usage:

gobuster dir -u http://10.10.10.10 -w wordlist -x php -o gobuster-root-php.out -t 50

-u = url -w = wordlist -x = extensions -o = output -t = threads

Tool: dirsearch

Installation page: https://github.com/maurosoria/dirsearch Usage:

dirsearch -u http://10.10.10.10 -w wordlist -e "html" -r -t 50 -f | tee dirsearch_result.txt # default
#Other configurations
#dirsearch -u http://10.10.10.10 -w wordlist -e php -r -t 50 -x 403 | tee dirsearch_result2.txt
#dirsearch -u http://10.10.10.10 -e " "| tee dirsearch_result3.txt #default directories as cgi bin

With " | tee dirsearch_result.txt" we create an output to a file called dirsearch_result.txt while it's running

-u = url -w = wordlist -e = extensions. # -e " " = no extension -r = recursive -t = threads -x = ignore error code -f = force extensions # issue for files like cgi-bin

Tool: wfuzz

Installation page: https://github.com/xmendez/wfuzz *Requires python3 Usage:

wfuzz -u http://10.10.10.10/FUZZ -w wordlist -hc 404 -c -t 100 -v

FUZZ means the parameter or directory we want to fuzz, we can bruteforce vulns such as SQL with this -u = url -w = wordlist -hc = hide error codes -c = output with colors -t = threads (10 default) -v = verbose information -hh = hide characters (test and try with different parameters for SQLi for example; id, about etc.)

Enumeration - Previous
Port scanning
Next - Exfiltration
Exfiltration
Last updated 11 months ago
Contents
Tool: gobuster
Tool: dirsearch
Tool: wfuzz