HTTP- Hyper Text Transfer Protocol - Port 80
HTTPs- Hyper Text Transfer Protocol secure - Port 443
1) Heart Bleed
sudo sslscan 192.168.101.1:443nmap -sV --script=ssl-heartbleed 192.168.101.82) nc <ip> <port>
3) nmap --script dns-brute,http-backup-finder,http-config-backup,http-rfi-spider,http-brute,http-default-accounts,http-put,http-enum
4) nikto -h <ip>
5) dirb http://<ip>
wordlist-
/usr/share/wordlists/dirb/common.txt
/usr/share/wordlists/dirb/big.txt
6) Check for Robots file:
curl -i <ip>robots.txt (or)
parsero -u http://<ip>
7) Check the source code and comments in the source code for any valuable information.
8) Try default credentials for login/ admin pages
admin/admin, administrator/administrator,test/test,user/user,user1/user1, etc
9) For wordpress
wpscan -u <ip>/wp/
10) In all Parameters (also headers & cookies), check for SQL, XSS, LFI/ RFI
No comments:
Post a Comment