🎃
Jackmeister's Playbook
  • Welcome
  • Web Pentest
    • Mind Maps
    • Server Site Attacks
      • php type juggling
      • SSTI
      • SQL
        • PSG SQL
        • SQL Database Uses
        • SQL Injection
        • Blind SQL injection
        • SQLITE injection
      • psy shell
    • Recon
      • DNS Hunting
      • Web Tech Hunting
      • Credentials Harvesting
      • Subdomain Hunting
      • Javascript Hunting
    • Directory Brute Forcing
    • File Upload Tricks
      • PHP htaccess and ASP web.config bypass
      • PHP Exiftool edit and upload
      • PHP Extensions payloads / Cheatsheet
      • PHP disable_functions bypass
    • Client Site Attacks
      • Case Study - XSS-GPT
      • XSS
        • XSS All in one
        • XSS cookie stealing
        • Payloads / Cheatsheet
      • Javascript Crafting
      • PDF
    • CMS / Framework
      • apache / xampp
      • Django
      • Manegto
      • Joomla
      • Jenkins
      • Flask jinja2
      • tomcat
      • Drupal
      • nodejs
      • wordpress
    • Google Dorking
    • API
    • Command Injection
      • Command Injection Payloads/Cheatsheet
    • Rewrite URL
    • HTTP Request Smuggling (CL.TE)
  • Network Pentest
    • Linux
      • Internal Port Scanning
      • Privileges Escalation
      • Finding files
      • OVA2ROOT
    • Window
      • AV Evading
      • Chrome Password Extract
      • Internal Port Scanning
      • Privileges Escalation
      • ALL IN ONE
      • THM Priv Esc
      • Post Compromise
    • Port Forwarding
      • Playground Setup
    • Exploit Hunting
      • Searchsploit
    • tty-interactive-shell
    • Active Directory (AD)
      • Crackmapexec
  • Wireless Pentest
    • Airgeddon
    • Evil Twin
    • Aircrack
  • Vulnerability Assessment
    • Nmap
    • Nessus
  • General
    • Kiosk Escaping
    • Credential Bruteforcing
  • System Hardening
  • Phishing
    • Gophish
    • Mailing Server
    • SMS Server
    • DNS Server
Powered by GitBook
On this page

Was this helpful?

  1. Web Pentest

Directory Brute Forcing

gobuster

Directory :

gobuster dir -u http://example.com -w /usr/share/wordlists/dirb/common.txt -o output-file-result.txt  

Wordlists :

https://www.assetnote.io/
git clone https://github.com/danielmiessler/SecLists.git
/usr/share/wordlists/dirb/common.txt
/usr/share/wordlists/dirb/big.txt
/usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt
/usr/share/wordlists/dirbuster/directory-list-2.3-small.txt
/usr/share/wordlists/amass/subdomains-top1mil-5000.txt

Vhost

gobuster vhost -u http://example.com -w <wordlist> -t <threads>

gobuster vhost -w /usr/share/wordlists/amass/subdomains-top1mil-5000.txt -u stocker.htb -t 50 --append-domain

Subdomain

gobuster dns -d <target domain> -w /usr/share/wordlists/amass/subdomains-top1mil-5000.txt
gobuster dns -d <target domain> -r <DNS server IP> -w /usr/share/wordlists/amass/subdomains-top1mil-5000.txt 
gobuster dns -d <target domain> -k -w /usr/share/wordlists/amass/subdomains-top1mil-5000.txt 
  • -k : enable HTTPS support

  • -r : using a specific DNS like 1.1.1.1

feroxbuster (almost same like gobuster)

feroxbuster -u  http://example.com/ -w /usr/share/wordlists/dirb/common.txt -t 100 -o file-result.txt
feroxbuster -u target.com -w subdomains.txt -D
  • -u target.com specifies the target domain.

  • -w subdomains.txt specifies the wordlist containing potential subdomains.

  • -D enables DNS resolution to verify the existence of subdomains.

ffuf

ffuf -w subdomains.txt -u http://target.com/FUZZ -recursion -recursion-depth 3

ffuf -w usernames.txt -u http://target.com/login -X POST -H "Content-Type: application/x-www-form-urlencoded" -d "username=FUZZ&password=test" -mr "username already exist!" -fc 302

wfuzz

wfuzz -w subdomains.txt -H "Host: FUZZ.target.com" --hw 0 http://target.com/

wfuzz -w usernames.txt -d "username=FUZZ&password=test" --hc 302 http://target.com/login

dirb

dirb https://target.com -w wordlist.txt (leave blank for common.txt)
dirb https://target.com -N .php,.html
dirb http://target.com/ -a "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3"

dirsearch

dirsearch -u google.com
dirsearch -u http://target.com/ -e php,txt,pdf
dirsearch -u http://target.com/ -r
dirsearch -u http://target.com/ -t 50 -b 200

-t : limit how many threads

-b: delay between request

PreviousJavascript HuntingNextFile Upload Tricks

Last updated 1 year ago

Was this helpful?