coelner/hacktricks
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

HAC web

Browse Source
This commit is contained in:
CoolHandSquid 2021-08-12 09:52:57 -04:00 committed by GitHub
parent e1cdfc3cdc
commit 8c2204f1f3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 55 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
pentesting/pentesting-web/README.md
View File

@ -368,5 +368,60 @@ Now that a comprehensive enumeration of the web application has been performed i
TODO: Complete the list of vulnerabilities and techniques with [https://six2dez.gitbook.io/pentest-book/others/web-checklist](https://six2dez.gitbook.io/pentest-book/others/web-checklist) and [https://kennel209.gitbooks.io/owasp-testing-guide-v4/content/en/web\_application\_security\_testing/configuration\_and\_deployment\_management\_testing.html](https://kennel209.gitbooks.io/owasp-testing-guide-v4/content/en/web_application_security_testing/configuration_and_deployment_management_testing.html), [https://owasp-skf.gitbook.io/asvs-write-ups/kbid-111-client-side-template-injection](https://owasp-skf.gitbook.io/asvs-write-ups/kbid-111-client-side-template-injection)
## HackTricks Automatic Commands
```
Protocol_Name: Web #Protocol Abbreviation if there is one.
Port_Number: 80,443 #Comma separated if there is more than one.
Protocol_Description: Web #Protocol Abbreviation Spelled out
Name: Notes
Description: Notes for Web
Note: """
The web service is the most common and extensive service and a lot of different types of vulnerabilities exists.
https://book.hacktricks.xyz/pentesting/pentesting-web
"""
Name: Quick Web Scan
Description: Nikto and GoBuster
Command: """nikto -host {Web_Proto}://{IP}:{Web_Port} &&&& gobuster dir -w {Small_Dirlist} -u {Web_Proto}://{IP}:{Web_Port} && gobuster dir -w {Big_Dirlist} -u {Web_Proto}://{IP}:{Web_Port}"""
Name: Nikto
Description: Basic Site Info via Nikto
Command: """nikto -host {Web_Proto}://{IP}:{Web_Port}"""
Name: WhatWeb
Description: General purpose auto scanner
Command: """whatweb -a 4 {IP}"""
Name: Directory Brute Force Non-Recursive
Description: Non-Recursive Directory Brute Force
Command: """gobuster dir -w {Big_Dirlist} -u {Web_Proto}://{IP}:{Web_Port}"""
Name: Directory Brute Force Recursive
Description: Recursive Directory Brute Force
Command: """python3 {Tool_Dir}dirsearch/dirsearch.py -w {Small_Dirlist} -e php,exe,sh,py,html,pl -f -t 20 -u {Web_Proto}://{IP}:{Web_Port} -r 10"""
Name: Directory Brute Force CGI
Description: Common Gateway Interface Brute Force
Command: """gobuster dir -u {Web_Proto}://{IP}:{Web_Port}/ -w /usr/share/seclists/Discovery/Web-Content/CGIs.txt -s 200"""
Name: Nmap Web Vuln Scan
Description: Tailored Nmap Scan for web Vulnerabilities
Command: """nmap -vv --reason -Pn -sV -p {Web_Port} --script=`banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)` {IP}"""
Name: Drupal
Description: Drupal Enumeration Notes
Notes: """
git clone https://github.com/immunIT/drupwn.git for low hanging fruit and git clone https://github.com/droope/droopescan.git for deeper enumeration
"""
Name: WordPress
Description: WordPress Enumeration with WPScan
Command: """
?What is the location of the wp-login.php? Example: /Yeet/cannon/wp-login.php
wpscan --url {Web_Proto}://{IP}{1} --enumerate ap,at,cb,dbe && wpscan --url {Web_Proto}://{IP}{1} --enumerate u,tt,t,vp --passwords {Big_Passwordlist} -e
"""
```