PenTest – Page 3 – NetwerkLABS

PenTest 101 – Cheat Sheet

CommandDescriptionsudo nano /etc/hostsOpens the /etc/hosts with nano to start adding hostnamessudo nmap -p 80,443,8000,8080,8180,8888,10000 --open -oA web_discovery -iL scope_listRuns an nmap scan using common web application ports based on a scope list (scope_list)…

Bharath Narayanasamy

Enumeration WebPentest

Gobuster Cheat Sheet

Common Gobuster Commands dir Mode gobuster dir -u https://nlabs.local -w ~/wordlists/shortlist.txt With content length gobuster dir -u https://nlabs.local -w ~/wordlists/shortlist.txt -l dns Mode gobuster dns -d nlabs.local -t 50 -w…

Bharath Narayanasamy

WebPentest Enumeration

Fuff – Cheat Sheet

Ffuf commands CommandDescriptionffuf -hffuf helpffuf -w wordlist.txt:FUZZ -u http://SERVER_IP:PORT/FUZZDirectory Fuzzingffuf -w wordlist.txt:FUZZ -u http://SERVER_IP:PORT/indexFUZZExtension Fuzzingffuf -w wordlist.txt:FUZZ -u http://SERVER_IP:PORT/blog/FUZZ.phpPage Fuzzingffuf -w wordlist.txt:FUZZ -u http://SERVER_IP:PORT/FUZZ -recursion -recursion-depth 1 -e .php -vRecursive…

Bharath Narayanasamy

Enumeration WebPentest

Enumerating WordPress with WPScan

WPScan capabilities The version of WordPress installed and any associated vulnerabilities What plugins are installed and any associated vulnerabilities What themes are installed and any associated vulnerabilities Username enumeration Users…

Bharath Narayanasamy

Enumeration

Nmap

Nmap scan - port states Port StateDescriptionOpenIndicates that an application on the target system is actively accepting connections (TCP/UDP/SCTP) on that port.ClosedIndicates there isn’t any application listening on that port.FilteredNmap…

Bharath Narayanasamy