Enumeration - Web
Gobuster
gobuster dir --url $IP -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -b 404 -x txt,php,html,htm,aspx -k -f
-x php,html,txt
files extensions-x cgi
cgi scripts-f
scan for folders-k
no tls validation-t 50
thread number-w
wordplis/usr/share/wordlists/dirb/big.txt
/usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt
FeroxBuster
feroxbuster --url http://$IP -f -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x php,html,txt
wfuzz
# === fuzz directories
wfuzz -c -z file,/usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt --hc 404 "$URL/FUZZ"
wfuzz -c -z file,/usr/share/wordlists/seclists/Discovery/Web-Content/raft-medium-directories.txt --hc 404 "$URL/FUZZ"
# === fuzz files
wfuzz -c -z file,/usr/share/wordlists/seclists/Discovery/Web-Content/raft-large-files-lowercase.txt --hc 404 "$URL/FUZZ"
wfuzz -c -z file,/usr/share/wordlists/seclists/Discovery/Web-Content/raft-large-words.txt --hc 404 "$URL/FUZZ.html"
# === fuzz parameters
wfuzz -c -z file,/usr/share/wordlists/seclists/Discovery/Web-Content/burp-parameter-names.txt --hc 302,404 "$URL?FUZZ"
wfuzz -c -z file,/usr/share/wordlists/seclists/Discovery/Web-Content/burp-parameter-names.txt --hh 0 "$URL?FUZZ"
wfuzz -c -z file,/usr/share/wordlists/seclists/Discovery/Web-Content/burp-parameter-names.txt --hh 0 "$URL?FUZZ=id"
wfuzz -c -z file,/usr/share/wordlists/seclists/Discovery/Web-Content/burp-parameter-names.txt --hh 0 "$URL?FUZZ=/etc/passwd"
# === fuzz users
wfuzz -c -z file,/usr/share/wordlists/seclists/Usernames/top-usernames-shortlist.txt --hc 404,403 "$URL?user=FUZZ"
wfuzz Pycurl is not compiled against Openssl
sudo apt --purge remove python3-pycurl
sudo apt install -y libcurl4-openssl-dev libssl-dev
sudo pip3 install pycurl wfuzz
ffuf
ffuf -w /usr/share/wordlists/seclists/Discovery/Web-Content/raft-medium-directories.txt -u http://$IP/FUZZ -fw 2
ffuf -w /usr/share/seclists/Passwords/Common-Credentials/10k-most-common.txt -X POST -d '{"key":"FUZZ"}' -u http://$IP:8081/api -fw 2