Inténtalo Más Duro
WEB
Buscar
⌃K
Links

Web Enumeration

Cansina

# https://github.com/deibit/cansina
python3 cansina.py -u example.com -p PAYLOAD

Linkfinder

# https://github.com/GerbenJavado/LinkFinder
python linkfinder.py -i https://example.com -d
python linkfinder.py -i burpfile -b

Wordlists

# Best wordlists for fuzzing:
- https://github.com/danielmiessler/SecLists/tree/master/Discovery/Web-Content
- raft-large-directories-lowercase.txt
- directory-list-2.3-medium.txt
- RobotsDisallowed/top10000.txt
- https://github.com/assetnote/commonspeak2-wordlists/tree/master/wordswithext -
- https://github.com/random-robbie/bruteforce-lists
- https://github.com/google/fuzzing/tree/master/dictionaries
- https://github.com/six2dez/OneListForAll
- AIO: https://github.com/foospidy/payloads
- Check https://wordlists.assetnote.io/
# Tip: set "Host: localhost" as header
# Custom generated dictionary
gau example.com | unfurl -u paths
# Get files only
sed 's#/#\n#g' paths.txt | sort -u
# Other things
gau example.com | unfurl -u keys
gau example.com | head -n 1000 | fff -s 200 -s 404

Crawlers

Dirhunt

dirhunt https://url.com/

Hakrawler

hakrawler -domain https://url.com/

Sourcewolf

python3 sourcewolf.py -h

Gospider

gospider -s "https://example.com/" -o output -c 10 -d 1
gospider -S sites.txt -o output -c 10 -d 1
gospider -s "https://example.com/" -o output -c 10 -d 1 --other-source --include-subs

Tips

curl -IL https://www.inlanefreight.com

Certificados

# SSL/TLS certificates are another potentially valuable source of information if HTTPS is in use. Browsing to https://10.10.10.121/ and viewing the certificate reveals the details below, including the email address and company name. These could potentially be used to conduct a phishing attack if this is within the scope of an assessment.

Robots.txt

# Podemos extraer localizaciones privadas
http://10.10.10.121/robots.txt

Source Code

CTRL + U

Otros

# Hadrware devices admin panel
# https://github.com/InfosecMatter/default-http-login-hunter
default-http-login-hunter.sh https://10.10.0.1:443/
# JS enumeration
https://github.com/KathanP19/JSFScan.sh
# Tip, if 429 add one of these headers:
Client-Ip: IP
X-Client-Ip: IP
X-Forwarded-For: IP
X-Forwarded-For: 127.0.0.1
Anterior
Inyección SQL
Próximo
Username Enumeration
Última actualización 1yr ago