Web

nmap -sV --script http-enum 10.2.23.197 -p80

nmap -sV --script http-headers -p80 10.2.23.197

nmap --script http-methods --script-args http-methods.url-path='/webdav/' IP

nmap --script http-webdav-scan --script-args http-methods.url-path='/webdav/' IP

accessible folders

Nmap --script http-enum -p80,443 IP

change root dir

Nmap --script http-enum -script-args http-enum.basepath=/mantis2.3.0/ -p80

enum users

Nmap -80 --script http-userdir-enum IP

account and password guessing

Nmap -80 --script http-brute IP

Nmap -80 --script http-brute --script-args userdb=/var/username.txt,passdb=/var/passwords.txt

IP check out other options Nmap -80 --script http-wordpress-brute IP

Nmap -80 --script http-joomla-brute IP

id's IDS and Fw's

Nmap -80 --script http-waf-detect,http-waf-fingerprint IP

XSS vulns - lots more options for this

Nmap -80 --script http-unsafe-output-escaping IP

check online db for xss vulns

Nmap -80 --script http-xssed IP

check for default creds Nmap -80 --script http--default-accounts IP

PreviousSQLNextWindows

Last updated