Web Enumeration

Directory Enumeration

Gobuster

# Directory brute forcing
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt

# With extensions
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -x php,html,txt

# With authentication
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -U username -P password

# DNS subdomain enumeration
gobuster dns -d target.com -w /usr/share/wordlists/subdomains.txt

Dirb

# Basic scan
dirb http://target.com

# With wordlist
dirb http://target.com /usr/share/wordlists/dirb/common.txt

# With extensions
dirb http://target.com -X .php,.html,.txt

Ffuf

# Directory fuzzing
ffuf -u http://target.com/FUZZ -w /usr/share/wordlists/dirb/common.txt

# Virtual host discovery
ffuf -u http://target.com -H "Host: FUZZ.target.com" -w /usr/share/wordlists/subdomains.txt

# Parameter fuzzing
ffuf -u http://target.com/page?FUZZ=value -w /usr/share/wordlists/params.txt

Web Crawling

Curl

# Basic request
curl http://target.com

# Follow redirects
curl -L http://target.com

# Save output
curl http://target.com -o output.html

# Show headers
curl -I http://target.com

# Custom headers
curl -H "User-Agent: CustomAgent" http://target.com

# POST request
curl -X POST -d "param1=value1&param2=value2" http://target.com

Wget

# Download file
wget http://target.com/file.txt

# Mirror website
wget -m http://target.com

# Recursive download
wget -r http://target.com

Technology Identification

WhatWeb

# Identify web technologies
whatweb http://target.com

# Verbose output
whatweb -v http://target.com

Wappalyzer (CLI)

# Install
npm install -g wappalyzer

# Analyze
wappalyzer http://target.com

SSL/TLS Testing

# Test SSL/TLS
sslscan target.com

# Detailed SSL analysis
testssl.sh target.com

# Check certificate
openssl s_client -connect target.com:443

Useful Links

• Gobuster GitHub
• ffuf Documentation
• SecLists Wordlists
• Dirb Wordlists
• WhatWeb GitHub
• testssl.sh