search

Web

nmap -sV --script http-enum 10.2.23.197 -p80

nmap -sV --script http-headers -p80 10.2.23.197

nmap --script http-methods --script-args http-methods.url-path='/webdav/' IP

nmap --script http-webdav-scan --script-args http-methods.url-path='/webdav/' IP

hashtag
accessible folders

Nmap --script http-enum -p80,443 IP

hashtag
change root dir

Nmap --script http-enum -script-args http-enum.basepath=/mantis2.3.0/ -p80

hashtag
enum users

Nmap -80 --script http-userdir-enum IP

hashtag
account and password guessing

Nmap -80 --script http-brute IP

Nmap -80 --script http-brute --script-args userdb=/var/username.txt,passdb=/var/passwords.txt

hashtag
IP check out other options Nmap -80 --script http-wordpress-brute IP

Nmap -80 --script http-joomla-brute IP

hashtag
id's IDS and Fw's

Nmap -80 --script http-waf-detect,http-waf-fingerprint IP

hashtag
XSS vulns - lots more options for this

Nmap -80 --script http-unsafe-output-escaping IP

hashtag
check online db for xss vulns

Nmap -80 --script http-xssed IP

hashtag

hashtag
check for default creds Nmap -80 --script http--default-accounts IP

PreviousSQLNextWindows

Last updated