📋Web Application Checklist
Fuzz first with feroxbuster
feroxbuster -u http://whatever.com/ -x php -C 404 -A --wordlist '/usr/share/seclists/Discovery/Web-Content/directory-list-2.3-big.txt' -B --auto-tune
robots.txt
,.svn
,.DS_STORE
Try different request type(POST & GET) in burp
Try to analyse website with html2markdown:
curl -s http://192.168.219.140:8000/ | html2markdown
Use
cewl
for custom wordlists and--lowercase
for lowercase letters.If apache try shellshock (
cgi-bin
) might be in windows too
nmap -sV -p8081 --script http-shellshock --script-args uri=/cgi-bin/user.sh,cmd=echo\;/bin/ls 127.0.0.1

Git
To find git repo use linpeas or winpeas and to check use ls -la
or ls -fo
to look for .git file in the repo.
If git repo found as a directory:
git-dumper
To check the commit log
git log
Then check the commit diff:
git show 967fa71c359fffcbeb7e2b72b27a321612e3ad11
Use git-extractor
Common Attacks
Check Abusing APIs
Try Custom Wordlist on the website if login required
Wordpress
First check plugins
To enumerate wordpress plugins
wpscan --url http://192.168.50.244 --enumerate p --plugins-detection aggressive
Run normally too otherwise might miss plugins
Normally:
wpscan --url http://192.168.50.244
Directory Busting
For overall content search: Ferozbuster with —thorough and smart Dirsearch - brings in different stuff. Check robots.txt and sitemap.xml Also try txt and pdf files
-f
can cause a ton of false positives-n
stops recursive directory lookups-b
searches for backups; can produce false positives
feroxbuster -u http://host.domain.tld:80/ -f -n -C 404 -A -e -S 0 --auto-tune --burp-replay
feroxbuster -u http://host.domain.tld:80/ -f -n -C 404 -A -e -S 0 --auto-tune --burp-replay --dont-scan Css Js css img js IMG JS Img CSS fonts Fonts master
feroxbuster -u http://host.domain.tld:80/ -x asp,aspx,html,php,xml,json,txt,log -C 404 -A -e -S 0 --auto-tune --burp-replay
feroxbuster -u http://host.domain.tld:80/ -C 404 -A -e -S 0 --wordlist '/usr/share/seclists/Discovery/Web-Content/directory-list-2.3-big.txt' -B --auto-tune --burp-replay
Gobuster
gobuster dir -u ${url} -w /usr/share/wordlists/dirb/common.txt -t 5
Curl
-L
- to follow redirects -d
- To add json data -i
- To
Last updated
Was this helpful?