Enumeración Web

Gobuster

Fuzzing de directorios

gobuster dir -u <URL> -w <WORDLIST>

Ejemplo:

gobuster dir -u http://192.168.1.10/ -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -t 20

Fuzzing a través de proxychains

gobuster dir -u http://10.10.10.4/ -w /usr/share/wordlists/seclists/Discovery/Web-Content/directory-list-2.3-medium.txt -t 50 -x html,php,txt --proxy socks5://127.0.0.1:4444

Fuff

Fuzzing de directorios

ffuf -c -u <URL>/FUZZ -w <WORDLIST> -t 20

Ejemplo:

ffuf -u http://192.168.1.10/FUZZ -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -t 20

Fuzzing a través de proxychains

ffuf -c -recursion-depth 2 -x socks5://localhost:4444 -u http://20.20.20.10/FUZZ -w /usr/share/wordlists/seclists/Discovery/Web-Content/directory-list-2.3-medium.txt -e .php

Fuzzing de subdominios

ffuf -u http://192.168.1.10/ -H 'Host: FUZZ.domain.thl' -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -t 20

Dirb

dirb <URL> <WORDLIST>

Ejemplo:

dir http://192.168.1.10/ /usr/share/wordlists/dirb/common.txt

Wfuzz

wfuzz -c -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt -H 'Host: FUZZ.target.com' --hw 324 http://target

Nikto

nikto -h http://192.168.1.10/