HTTP/ HTTPS
HTTP and HTTPS services host web services for the servers to host to the end-users. Identify the CMS employed in the web services perform basic testing regarding the CMS and test for web-based attacks, sqli, XXE, SSTI, SSRF, etc..,
When the machine hosts an IIS Server always check for its version and check for an open publically available exploits
Use *-lowercase words to shorten the brute force time
raft-medium-directories-lowercase.txt from seclists etc..,
- IIS Servers are by defualt vulnerable to tilde enumeration
- Set to wont fix status by the MSRC Team
- Abusing this reduces the directory enumeration time
java -jar iis_shortname_scanner.jar 2 20 http://url
Advised to use feroxbuster since it enumerates recursively
feroxbuster -u http://$ip -w /usr/share/wordlists/dirb/big.txt -x php,html,bak,txt,sh -k
Last modified 9mo ago