Portfolio

πŸ•ΈοΈHTTP Enumeration

HTTP (Hypertext Transfer Protocol) is the foundation of data communication on the web. It's used for sending and receiving web pages, images, videos, and other resources between web browsers and servers. HTTP uses port 80 for regular communication and port 443 for secure communication (HTTPS) with encryption. It's what allows us to access and interact with websites.

HTTP - Basic Enumeration

  • whatweb is a command-line tool used for web fingerprinting and information-gathering. It identifies various aspects of a web application, such as the technologies in use, server details, and software versions.

whatweb <target>

  • http: This command is used to open an HTTP connection to the specified target for testing web servers and websites. It can be executed using command-line tools like cURL, Telnet, or Netcat.

    • What is the http Command?

      http is a general reference to opening an HTTP connection to a target URL or IP address for testing or interacting with web servers and websites. The actual command depends on the tool used, such as cURL, Telnet, or Netcat.

    • cURL is a versatile command-line tool for transferring data with URLs. It supports various protocols, including HTTP and HTTPS.

curl <target>

  • wget is a command-line utility used for downloading files from the web. It supports various protocols, including HTTP, HTTPS, and FTP, and is capable of handling complex download scenarios like recursive downloads, retries, and more.

wget <target>

  • lynx is a text-based web browser that operates within the terminal. It allows users to view and navigate web pages without graphical elements, making it useful for low-bandwidth environments, quick site checks, or accessibility testing.

lynx <target>

  • dirb is a command-line tool for web content discovery. It performs a brute-force scan to find hidden directories and files on a web server by trying different paths from a wordlist.

dirb <target> <wordlist_path>

  • browsh is a text-based web browser designed to work in the terminal. It allows users to browse the web in a text-only mode, providing a minimal interface for web navigation and interaction. It supports modern web features like HTML5, CSS3, and JavaScript.

browsh --startup-url <target>

HTTP: msfconsoleEnumeration

In "msfconsole," these commands respectively check HTTP version, perform directory brute-force, and retrieve robots.txt information on a target web server for security assessments:

  • This command is used to check the HTTP version and other related information from the target web server.

use auxiliary/scanner/http/http_version

  • This command performs a directory and file brute-force attack on a web server to discover hidden directories and files.

use auxiliary/scanner/http/brute_dirs

  • This command retrieves the robots.txt file from the target web server to find potentially sensitive information or hidden directories.

use auxiliary/scanner/http/robots_txt

HTTP: Nmap Enumeration Scripts

http-enum - Enumerates directories and files on a web server to find hidden resources.

nmap <target> -p 80 --script http-enum

http-title - Retrieves the title of the web page.

nmap <target> -p 80 --script http-title

http-methods - Enumerates the HTTP methods supported by the web server.

nmap <target> -p 80 --script http-methods

http-headers - Retrieves HTTP headers from the target web server.

nmap <target> -p 80 --script http-headers

http-robots.txt - Retrieves the robots.txt file from the target web server.

nmap <target> -p 80 --script http-robots.txt

http-screenshot - Takes a screenshot of the web page for visual inspection.

nmap <target> -p 80 --script http-screenshot

http-vuln-cve2014-3704 - Checks for the Drupal vulnerability CVE-2014-3704.

nmap <target> -p 80 --script http-vuln-cve2014-3704

http-dirmap - Maps directories on a web server based on a specified list.

nmap <target> -p 80 --script http-dirmap

http-webdav-scan - Scans for WebDAV methods and checks for common WebDAV features.

nmap <target> -p 80 --script http-webdav-scan

http-dav-fetch - Fetches WebDAV resources.

nmap <target> -p 80 --script http-dav-fetch

http-banners - Retrieves banner information from the target HTTP server.

nmap <target> -p 80 --script http-banners

http-vuln-cve2017-5638 - Checks for the Apache Struts vulnerability CVE-2017-5638.

nmap <target> -p 80 --script http-vuln-cve2017-5638

Hacker's Mantra:Growth hackers are typically computer engineers that build great marketing ideas into the product during the development process. - Ryan Holiday

PreviousSSH EnumerationNextMySQL & MSSQL Enumeration

Last updated

Was this helpful?