Skip to main content

HTTP/ HTTPS | Port 80/443

Web applications are complex and there are testing framewroks available like OWASP to test it, In this section we will particularly see the method of enumearting HTTP/HTTPS service to identify endpoints and service versions.

Easiest method is to define assign URL to a variable like URL=http://linkto_the_host and then copy paste commands to execute

Directory Enumeartion

Gobuster

gobuster dir -u $URL -w /usr/share/seclists/Discovery/Web-Content/directory-list-2.3-big.txt  -k -t 100

Wordlist is a personal choice there are many wordlists you can choose to be more through and use other wordlists as well

Feroxbuster Looking for quick hits

feroxbuster --url $URL -k -w /usr/share/seclists/Discovery/Web-Content/quickhits.txt

Additional Resources

SirenSecurity : Siren Security's common word list can be always be referenced for more methods.

Directory Enumeartion
Additional Resources