# HTTP Enumeration

HTTP (Hypertext Transfer Protocol) is the foundation of data communication on the web. It's used for sending and receiving web pages, images, videos, and other resources between web browsers and servers. HTTP uses port 80 for regular communication and port 443 for secure communication (HTTPS) with encryption. It's what allows us to access and interact with websites.

## HTTP - Basic Enumeration

* [**`whatweb`**](https://github.com/urbanadventurer/WhatWeb) is a command-line tool used for web fingerprinting and information-gathering. It identifies various aspects of a web application, such as the technologies in use, server details, and software versions.

```bash
whatweb <target>
```

* **`http`**: This command is used to open an HTTP connection to the specified target for testing web servers and websites. It can be executed using command-line tools like `cURL`, `Telnet`, or `Netcat`.
  * #### What is the `http` Command?

    **`http`** is a general reference to opening an HTTP connection to a target URL or IP address for testing or interacting with web servers and websites. The actual command depends on the tool used, such as `cURL`, `Telnet`, or `Netcat`.
  * **`cURL`** is a versatile command-line tool for transferring data with URLs. It supports various protocols, including HTTP and HTTPS.

```bash
curl <target>
```

* **`wget`** is a command-line utility used for downloading files from the web. It supports various protocols, including HTTP, HTTPS, and FTP, and is capable of handling complex download scenarios like recursive downloads, retries, and more.

```bash
wget <target>
```

* [**`lynx`**](https://lynx.invisible-island.net/) is a text-based web browser that operates within the terminal. It allows users to view and navigate web pages without graphical elements, making it useful for low-bandwidth environments, quick site checks, or accessibility testing.

```bash
lynx <target>
```

* **`dirb`** is a command-line tool for web content discovery. It performs a brute-force scan to find hidden directories and files on a web server by trying different paths from a wordlist.

```bash
dirb <target> <wordlist_path>
```

* **`browsh`** is a text-based web browser designed to work in the terminal. It allows users to browse the web in a text-only mode, providing a minimal interface for web navigation and interaction. It supports modern web features like HTML5, CSS3, and JavaScript.

```bash
browsh --startup-url <target>
```

## HTTP: `msfconsole`Enumeration

In "`msfconsole`," these commands respectively check HTTP version, perform directory brute-force, and retrieve robots.txt information on a target web server for security assessments:

* This command is used to check the HTTP version and other related information from the target web server.

```bash
use auxiliary/scanner/http/http_version
```

* This command performs a directory and file brute-force attack on a web server to discover hidden directories and files.

```bash
use auxiliary/scanner/http/brute_dirs
```

* This command retrieves the `robots.txt` file from the target web server to find potentially sensitive information or hidden directories.

```bash
use auxiliary/scanner/http/robots_txt
```

## HTTP: Nmap Enumeration Scripts

**`http-enum` -** Enumerates directories and files on a web server to find hidden resources.

```bash
nmap <target> -p 80 --script http-enum
```

**`http-title` -** Retrieves the title of the web page.

```bash
nmap <target> -p 80 --script http-title
```

**`http-methods` -** Enumerates the HTTP methods supported by the web server.

```bash
nmap <target> -p 80 --script http-methods
```

**`http-headers` -** Retrieves HTTP headers from the target web server.

```bash
nmap <target> -p 80 --script http-headers
```

**`http-robots.txt` -** Retrieves the `robots.txt` file from the target web server.

```bash
nmap <target> -p 80 --script http-robots.txt
```

**`http-screenshot` -** Takes a screenshot of the web page for visual inspection.

```bash
nmap <target> -p 80 --script http-screenshot
```

**`http-vuln-cve2014-3704` -** Checks for the Drupal vulnerability CVE-2014-3704.

```bash
nmap <target> -p 80 --script http-vuln-cve2014-3704
```

**`http-dirmap` -** Maps directories on a web server based on a specified list.

```bash
nmap <target> -p 80 --script http-dirmap
```

**`http-webdav-scan` -** Scans for WebDAV methods and checks for common WebDAV features.

```bash
nmap <target> -p 80 --script http-webdav-scan
```

**`http-dav-fetch` -** Fetches WebDAV resources.

```bash
nmap <target> -p 80 --script http-dav-fetch
```

**`http-banners` -** Retrieves banner information from the target HTTP server.

```bash
nmap <target> -p 80 --script http-banners
```

**`http-vuln-cve2017-5638` -** Checks for the Apache Struts vulnerability CVE-2017-5638.

```bash
nmap <target> -p 80 --script http-vuln-cve2017-5638
```

***

***

***

**`Hacker's Mantra:`**`Growth hackers are typically computer engineers that build great marketing ideas into the product during the development process. - Ryan Holiday`