PRIMARY CATEGORY → WEB PENTESTING
Enumeration
Scanning for HTTP-related Ports
nmap -p80,443,8000,8080,8180,8443,8888,10000 --open -sS --min-rate 5000 -v -n -Pn --disable-arp-ping -oA scan.HTTPports -iL hosts.listGenerating a Web Report
EyeWitness
- Setup
git clone https://github.com/RedSiege/EyeWitness EyeWitness
cd !$/setup && ./setup.sh
cd .. && . eyewitness-venv/bin/activate- Usage
We can pass as input the Nmap’s XML web report as follows
python3 Python/EyeWitness.py --web -x <NMAP_XML_FILE> -d <OUTPUT_DIR>Aquatone
- Setup
curl --silent --location --request GET "https://github.com/michenriksen/aquatone/releases/download/v1.7.0/aquatone_linux_amd64_1.7.0.zip" --output aquatone.zip
unzip !$ -d Aquatone- Usage
cd !$ && cat <nmap_xml_file> | ./aquatone -nmapCMS ⟡
Application Servers ⟡
Software Development Tools ⟡
SIEM ⟡
Monitoring Software ⟡
Software Config. Management ⟡
Customer Service Management ⟡
CGI ⟡
Common Gateway Interface