URL & App Scan

In order to be able to identify vulnerabilities within an application, URLs is a good place to start. In a black box testing the urls will not be revealed and it has to be determined. The following tools can be used for either checking for URLs from a predefined list.

DIRB

In the following command a wordlist is also supplied. In case of no wordlist, dirb will use a default one.

dirb http://thief.htb /usr/share/seclists/Discovery/Web-Content/directory-list-2.3-small.txt

Gobuster

gobuster dir -k -u http://10.129.240.196/ -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -s '200,204,302,307,403,500' -e -z -x html,htm,asp,aspx,php

dir - Enumerate the directories

dns - DNS subdomain enumeration

s - The status codes that the scan should return

z - No progress, don't display it

e - Expanded mode, print complete url

x - Extensions to search for

gobuster help <mode> #this will list out all the options under that mode

Nikto

Nikto does a general scan of the webserver for vulnerabilities and some of the obvious urls that may be vulnerable,

nikto -host=http://devzat.htb

PreviousSubdomain Enumeration NextSubdomain/Vhost Fuzz

Last updated 1 year ago