Skip to main content

80/443 Pentesting HTTP/HTTPS

Enumeration

Enumerate directories

gobuster dir -u http://<host>/  -w /usr/share/wordlists/seclists/Discovery/Web-Content/big.txt -t 100

wfuzz -c -z file,/usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt --hc 404 http://<host>/FUZZ

Enumerate subdomains

gobuster dns -d <host> -w /usr/share/wordlists/seclists/Discovery/DNS/subdomains-top1million-5000.txt -t 100

 wfuzz -c -w /usr/share/wordlists/seclists/Discovery/DNS/bitquark-subdomains-top100000.txt -u http://domain.local -H "Host: FUZZ.domain.local"

Enumeration
- Enumerate directories
- Enumerate subdomains