Note: If you start getting spammed with a particular response code, you can remove that from the -s flag. We can also leverage the following wordlist to look for CGI URLs. Gobuster dir -u -w /usr/share/dirbuster/wordlists/ -s '200,204,301,302,307,403,500' -e -x txt,html,php,aspĭepending on the application, I may wish to use the Raft wordlist instead. Gobuster dir -u -w /usr/share/seclists/Discovery/Web-Content/common.txt -s '200,204,301,302,307,403,500' -e -x txt,php,htmlĪfter common finishes, I like to use the following to dig deeper. We’ll have it return results for most response codes.įor invalid HTTPS certificates, you can include -k to any of these commands to bypass cert checks. If you’re looking for a “Set it and forget it” solution to content discovery, Ferox Buster is your tool.įirst, lets start with an initial scan on the address using a default wordlist. Strip out the HTML code from source-code of webpage.Ĭurl -s -L | html2text -width '99' | uniq Pulling out internal/external links from source code.Ĭurl -s -L | grep "title\|href" | sed -e 's/^]*//'Ĭurl -s | grep -Eo '(href|src)=".*"' | sed -r 's/(href|src)=//g' | tr -d '"' | sort OS – Ubuntu Linux, Windows Server, etc.Database – MySQL, MariaDB, PostgreSQL, etc.
Web Technologies – Node.js, PHP, Java, etc.Web Application – WordPress, CMS, Drupal, etc.
This document intends to serve as a guide for hunting for the answers. When enumerating, we want to be able to identify the software/versions that are fulfilling the following roles.