-
With Medusa Doesn’t seem to work with virtual hosts! medusa -h 10.11.1.49 -u bethany -P Dog_Names_normalized.txt -M http -m DIR:/~Public -T 2 With ncrack Doesn’t seem to work with virtual hosts! ncrack -vv --user bethany -P Dog_Names_normalized.txt http://10.11.1.49:9505 -m http:path=/~Public/ With metasploit Use module auxiliary/scanner/http/http_login Virtual hosts If Host headers are not supported: More
-
Directory enumeration Hints: General search nikto -host $victim gobuster dir -u http://$target/ -a 'Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0' -w /usr/share/wordlists/seclists/Discovery/Web-Content/common.txt -t 60 gobuster dir -u http://$target/ -a 'Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0' -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -t 60 gobuster dir -u http://$target/ -p socks5://127.0.0.1:9991 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -t 60 HTTP_PROXY="socks4://127.0.0.1:9990/" gobuster dir -u http://$target/…
-
List with a ton of one-liner web servers in various languages HTTP python -m SimpleHTTPServer 8000 python3 -m http.server 8000 HTTPS ruby -r webrick/https -e ' WEBrick::HTTPServer.new( Port: 8000, DocumentRoot: ".", SSLEnable: true, SSLCertName: [%w[CN localhost]]).start'