HTTP and HTTPS services host web services for the servers to host to the end-users. Identify the CMS employed in the web services perform basic testing regarding the CMS and test for web-based attacks, sqli, XXE, SSTI, SSRF, etc..,

Windows Machine

When the machine hosts an IIS Server always check for its version and check for an open publically available exploits

Use *-lowercase words to shorten the brute force time

raft-medium-directories-lowercase.txt from seclists etc..,


  • IIS Servers are by defualt vulnerable to tilde enumeration

  • Set to wont fix status by the MSRC Team

  • Abusing this reduces the directory enumeration time

 java -jar iis_shortname_scanner.jar 2 20 http://url

Linux Machine

Advised to use feroxbuster since it enumerates recursively

feroxbuster -u http://$ip -w /usr/share/wordlists/dirb/big.txt -x php,html,bak,txt,sh  -k 

Last updated