search

Web Application (80/443)

set the variable

  • Normal URL

    export URL=http://<web url>

  • File fuzzing

    export URL=http://<web url>/FUZZ

  • Directory fuzzing

    export URL=http://<web url>/FUZZ/

hashtag
Manual Checking

hashtag
Grep a username or subdomain

curl $URL -s -q |grep -o http://.*.worker.htb

curl $URL -s -q | grep -o */*.js

hashtag
Important files

robots.txt
.svn
.DS_STORE
cgi-bin/
.git

# check backend
index.php
index.html

hashtag
Additional Checks

  • Check the copy right web apps and search the version

  • Search version with changelog

    example: FreePBX 2.8.1.4 changelog

    maybe you will discover a juicy info about the last version's vulnerability

  • Check cookies

  • Check date in the pictures

  • Check backend language

  • Check metadata of the pictures

  • Check source code

hashtag
Fuzzing

hashtag
[Important] Please check without exclude 404 code, because you will mis any third parties control. Go forward with exclude 404 if it is an inhouse production web apps

hashtag
Wordlist

big.txt --> for getting a juicy file

directory-list-2.3-medium.txt --> for directory

Next level wordlist using SecLists.

If your Kali haven't installed SecLists, use this command:

hashtag
FUZZ Files

hashtag
FUZZ Directory

hashtag
FUZZ Subdomain / VHOST

wfuzz

gobuster

hashtag
FUZZ Params

If you have a .php file but no output try this:

/secret/evil.php

hashtag
Sub domain

PreviousPage 1NextXSS

Last updated