# 80, 443 - HTTP/S

## <mark style="color:red;">Automatic scanners</mark>

General purpose automatic scanners:

```bash
nikto -h <URL>
whatweb -a 4 <URL>
wapiti -u <URL>
W3af
zaproxy #You can use an API
nuclei -ut && nuclei -target <URL>
```

## <mark style="color:red;">Spidering</mark>

List of spidering tools:&#x20;

{% embed url="<https://book.hacktricks.xyz/network-services-pentesting/pentesting-web#spidering>" %}

## <mark style="color:red;">Directories and Files Enumeration</mark>

Tools:

* [**Dirsearch**](https://github.com/maurosoria/dirsearch) (python)**: It doesn't allow auto-signed certificates but** allows recursive search.
* [**Gobuster**](https://github.com/OJ/gobuster) (go): It allows auto-signed certificates, it **doesn't** have **recursive** search.
* [**Feroxbuster**](https://github.com/epi052/feroxbuster) **- Fast, supports recursive search.**
* [**wfuzz**](https://github.com/xmendez/wfuzz) `wfuzz -w /usr/share/seclists/Discovery/Web-Content/raft-medium-directories.txt https://domain.com/api/FUZZ`
* [**ffuf** ](https://github.com/ffuf/ffuf)- Fast: `ffuf -c -w /usr/share/wordlists/dirb/big.txt -u http://10.10.10.10/FUZZ`
* [**Chamaleon**](https://github.com/iustin24/chameleon): It uses wapalyzer to detect used technologies and select the wordlists to use.

### <mark style="color:blue;">Gobuster</mark> <a href="#gobuster-gobuster" id="gobuster-gobuster"></a>

```sh
gobuster dir -t 30 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -u https://10.0.0.3/
```

<details>

<summary>Parameters</summary>

* `dir`: directory brute-forcing mode.
* `-t <n>`: number of concurrent threads (default 10).
* `-w <wordlist>`: path to the wordlist.
* `-u <URL>`: target URL.

</details>

{% hint style="info" %}
Note:

* Iterate over the results.
* Include status code 403 (Forbidden Error) and brutefoce these directories.
* Add more file extensions to search for; In `gobuster`: `-x sh,pl.`
  {% endhint %}

### <mark style="color:blue;">Feroxbuster</mark> <a href="#wordlists" id="wordlists"></a>

```bash
feroxbuster --url http://<TARGET>:<PORT>/ -w /usr/share/wordlists/seclists/Discovery/Web-Content/directory-list-2.3-medium.txt -o <TARGET><PORT>.out
```

### <mark style="color:blue;">Dirb</mark>

```bash
dirb http://www.megacorpone.com -r -z 10
```

### <mark style="color:blue;">Nikto</mark>

```bash
nikto -host=http://www.megacorpone.com -maxtime=30s
```

### <mark style="color:blue;">Wfuzz</mark> <a href="#wordlists" id="wordlists"></a>

Fuzz parameters using injection payloads:

```bash
wfuzz -u https://<IP_ADDRESS>/index.php?url=FUZZ --hl 36 -w /usr/share/wfuzz/wordlist/Injections/All_attack.txt
```

## <mark style="color:red;">Wordlists</mark> <a href="#wordlists" id="wordlists"></a>

Included in Kali’s wordlists package under `/usr/share/wordlists`.

* `/rockyou.txt`
* `/dirbuster/directory-list-2.3-medium.txt` ( 1.9M - 220560 lines )
* `/dirbuster/directory-list-2.3-small.txt` ( 709K - 87664 lines )
* `/dirb/common.txt` ( 36K - 4614 lines )
* `/dirb/big.txt` ( 180K - 20469 lines )