80, 443 - HTTP/S

Automatic scanners

General purpose automatic scanners:

nikto -h <URL>
whatweb -a 4 <URL>
wapiti -u <URL>
W3af
zaproxy #You can use an API
nuclei -ut && nuclei -target <URL>

Spidering

List of spidering tools:

Directories and Files Enumeration

Tools:

• Dirsearch (python): It doesn't allow auto-signed certificates but allows recursive search.

• Gobuster (go): It allows auto-signed certificates, it doesn't have recursive search.

• Feroxbuster - Fast, supports recursive search.

• wfuzz wfuzz -w /usr/share/seclists/Discovery/Web-Content/raft-medium-directories.txt https://domain.com/api/FUZZ

• ffuf - Fast: ffuf -c -w /usr/share/wordlists/dirb/big.txt -u http://10.10.10.10/FUZZ

• Chamaleon: It uses wapalyzer to detect used technologies and select the wordlists to use.

Gobuster

gobuster dir -t 30 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -u https://10.0.0.3/

Feroxbuster

feroxbuster --url http://<TARGET>:<PORT>/ -w /usr/share/wordlists/seclists/Discovery/Web-Content/directory-list-2.3-medium.txt -o <TARGET><PORT>.out

Dirb

dirb http://www.megacorpone.com -r -z 10

Nikto

nikto -host=http://www.megacorpone.com -maxtime=30s

Wfuzz

Fuzz parameters using injection payloads:

wfuzz -u https://<IP_ADDRESS>/index.php?url=FUZZ --hl 36 -w /usr/share/wfuzz/wordlist/Injections/All_attack.txt

Wordlists

Included in Kali’s wordlists package under /usr/share/wordlists.

• /rockyou.txt

• /dirbuster/directory-list-2.3-medium.txt ( 1.9M - 220560 lines )

• /dirbuster/directory-list-2.3-small.txt ( 709K - 87664 lines )

• /dirb/common.txt ( 36K - 4614 lines )

• /dirb/big.txt ( 180K - 20469 lines )