HAC web
This commit is contained in:
parent
e1cdfc3cdc
commit
8c2204f1f3
@ -368,5 +368,60 @@ Now that a comprehensive enumeration of the web application has been performed i
|
||||
|
||||
TODO: Complete the list of vulnerabilities and techniques with [https://six2dez.gitbook.io/pentest-book/others/web-checklist](https://six2dez.gitbook.io/pentest-book/others/web-checklist) and [https://kennel209.gitbooks.io/owasp-testing-guide-v4/content/en/web\_application\_security\_testing/configuration\_and\_deployment\_management\_testing.html](https://kennel209.gitbooks.io/owasp-testing-guide-v4/content/en/web_application_security_testing/configuration_and_deployment_management_testing.html), [https://owasp-skf.gitbook.io/asvs-write-ups/kbid-111-client-side-template-injection](https://owasp-skf.gitbook.io/asvs-write-ups/kbid-111-client-side-template-injection)
|
||||
|
||||
## HackTricks Automatic Commands
|
||||
|
||||
```
|
||||
Protocol_Name: Web #Protocol Abbreviation if there is one.
|
||||
Port_Number: 80,443 #Comma separated if there is more than one.
|
||||
Protocol_Description: Web #Protocol Abbreviation Spelled out
|
||||
|
||||
Name: Notes
|
||||
Description: Notes for Web
|
||||
Note: """
|
||||
The web service is the most common and extensive service and a lot of different types of vulnerabilities exists.
|
||||
|
||||
https://book.hacktricks.xyz/pentesting/pentesting-web
|
||||
"""
|
||||
|
||||
Name: Quick Web Scan
|
||||
Description: Nikto and GoBuster
|
||||
Command: """nikto -host {Web_Proto}://{IP}:{Web_Port} &&&& gobuster dir -w {Small_Dirlist} -u {Web_Proto}://{IP}:{Web_Port} && gobuster dir -w {Big_Dirlist} -u {Web_Proto}://{IP}:{Web_Port}"""
|
||||
|
||||
Name: Nikto
|
||||
Description: Basic Site Info via Nikto
|
||||
Command: """nikto -host {Web_Proto}://{IP}:{Web_Port}"""
|
||||
|
||||
Name: WhatWeb
|
||||
Description: General purpose auto scanner
|
||||
Command: """whatweb -a 4 {IP}"""
|
||||
|
||||
Name: Directory Brute Force Non-Recursive
|
||||
Description: Non-Recursive Directory Brute Force
|
||||
Command: """gobuster dir -w {Big_Dirlist} -u {Web_Proto}://{IP}:{Web_Port}"""
|
||||
|
||||
Name: Directory Brute Force Recursive
|
||||
Description: Recursive Directory Brute Force
|
||||
Command: """python3 {Tool_Dir}dirsearch/dirsearch.py -w {Small_Dirlist} -e php,exe,sh,py,html,pl -f -t 20 -u {Web_Proto}://{IP}:{Web_Port} -r 10"""
|
||||
|
||||
Name: Directory Brute Force CGI
|
||||
Description: Common Gateway Interface Brute Force
|
||||
Command: """gobuster dir -u {Web_Proto}://{IP}:{Web_Port}/ -w /usr/share/seclists/Discovery/Web-Content/CGIs.txt -s 200"""
|
||||
|
||||
Name: Nmap Web Vuln Scan
|
||||
Description: Tailored Nmap Scan for web Vulnerabilities
|
||||
Command: """nmap -vv --reason -Pn -sV -p {Web_Port} --script=`banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)` {IP}"""
|
||||
|
||||
Name: Drupal
|
||||
Description: Drupal Enumeration Notes
|
||||
Notes: """
|
||||
git clone https://github.com/immunIT/drupwn.git for low hanging fruit and git clone https://github.com/droope/droopescan.git for deeper enumeration
|
||||
"""
|
||||
|
||||
Name: WordPress
|
||||
Description: WordPress Enumeration with WPScan
|
||||
Command: """
|
||||
?What is the location of the wp-login.php? Example: /Yeet/cannon/wp-login.php
|
||||
wpscan --url {Web_Proto}://{IP}{1} --enumerate ap,at,cb,dbe && wpscan --url {Web_Proto}://{IP}{1} --enumerate u,tt,t,vp --passwords {Big_Passwordlist} -e
|
||||
"""
|
||||
```
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user