• Sat. Apr 17th, 2021

Notes on website enumeration

Enumeration with NMAP 

Process 

  1. Verify port 80/443 open on target host ncat -v 1.2.3.4 80 ncat -v 1.2.3.4 443 or nmap  
  2. Run http- enum script on NMAP (nmap –script =http-enum 1.2.3.4)  
  3. Check services running on target ports nmap -sV -p80 1.2.3.4 

Gain more info on vulnerabilities on services Identified to be running on web ports example :
Nmap –script=http-php-version 1.2.3.4 

Nmap –script=http-enum 1.2.3.4 
Will provide http info on ports and a list of found web location folders on the target server 

NMAP Scripts 
Nmap –script=http-enum 1.2.3.4 
Nmap –script=http-php-version 1234 

Collecting OSINT information (open source intelligence gathering) 

Theharvester 
Lets you do data gathering for a domain and can retrieve stuff such as emails etc 

  1. Run with theharvester command on the terminal 
  2. Select options -d for domain -b for data source such as google 
  3. Example Theharvester -d bob.com -l 200 -b google 

OSRFramework 
Opensource reconnaissance framework and is built upon numerous python scripts 

  1. Usufy.py -n bob.com will check for user profiles matching the target domain 
  2. Mailfy.py -n dan will search for email addresses matching target and if they have been leaked. 
  3. Searchfy.py -q “bob”  will search online through places like github, Instagram for matching info 
  4. Domainfy.py -n bob will find websites domains associated with the domain name  

OWASP Dirbuster for exposing hidden directories 

Process 

  1. Start application from console with the following command: dirbuster 
  2. Enter target url and port  
  3. Change number of threads 
  4. Set type of brute force either list based or pure. If selecting list based a number of dictionary lists can be found by pressing list info 
  5. Default lists are stored in /usr/share/dirbuster/wordlists 
  6. Can take a fair while to run 
Machine generated alternative text:
OWA* Dir&ßter 1.0-RCI - Web &ute 
Abe* 
http;.',•»a.168.S4.102;•o 
e 
o 
wat 
@Brut. Fcrc. 
Ext 
C) @Auto (HEAD 
brute 
@Standard C) Fuzz 
to •Rh 
php 
Stut 
the
Scroll Up