Scanning

GoBuster

To install in Kali:

apt install gobuster

Typical usage:

gobuster dir -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x php,txt,bak -t 50 -u https://172.16.80.1 -k

If the target uses https, you may need to specify -k in order to accept self-signed / invalid cert.

Nikto

Simple usage:

nikto -host <host> -port <port>

Find valid users

You may use patator on Kali

patator http_fuzz url=http://x.x.x.x/login.php method=POST body='user=FILE0&pass=test' 0=common_user.txt follow=1 accept_cookie=1 -x ignore:fgrep'invalid user'

freg = search for string egrep = search for regex

PreviousInformation GatheringNextCross-site Scripting

Last updated