Enumeration
Hack Responsibly.
Always ensure you have explicit permission to access any computer system before using any of the techniques contained in these documents. You accept full responsibility for your actions by applying any knowledge gained here.
Web Application Enumeration
w3af is an open source python-based Web Application Attack and Audit Framework.
The project’s goal is to create a framework to help you secure your web applications by finding and exploiting all web application vulnerabilities.
It can also be abused by attackers to find and enumerate weaknesses in web applications and can be downloaded and run with the following commands:
HTTP Enumeration
Subdomain enumeration
https://sidxparab.gitbook.io/subdomain-enumeration-guide/
dirsearch
https://github.com/maurosoria/dirsearch
gobuster:
DirBuster - Http folder enumeration - can take a dictionary file
Dirb
Directory brute force finding using a dictionary file
Dirb against a proxy
Nikto
Proxy Enumeration (useful for open proxies)
Nmap HTTP Enumeration
Nmap Check the server methods
Uniscan
directory finder:
Wfuzz - The web brute forcer
Recurse level 3
Misc
Get Options available from web server
Open a service using a port knock (Secured with Knockd)
WordPress Scan - Wordpress security scanner
RSH Enumeration - Unencrypted file transfer system
Finger Enumeration
TLS & SSL Testing
Last updated