HTTP and HTTPS services host web services for the servers to host to the end-users. Identify the CMS employed in the web services perform basic testing regarding the CMS and test for web-based attacks, sqli, XXE, SSTI, SSRF, etc..,

Windows Machine

When the machine hosts an IIS Server always check for its version and check for an open publically available exploits
Use *-lowercase words to shorten the brute force time
raft-medium-directories-lowercase.txt from seclists etc..,


  • IIS Servers are by defualt vulnerable to tilde enumeration
  • Set to wont fix status by the MSRC Team
  • Abusing this reduces the directory enumeration time
java -jar iis_shortname_scanner.jar 2 20 http://url

Linux Machine

Advised to use feroxbuster since it enumerates recursively
feroxbuster -u http://$ip -w /usr/share/wordlists/dirb/big.txt -x php,html,bak,txt,sh -k