Web Enumeration

Websites get their own section

General Enumeration

Check the server’s response headers

curl -i $IP

Always check for a robots.txt

curl -s http://192.168.1.123/robots.txt

Directory (and file) Brute Forcing

Favorite places to start

gobuster dir -u http://192.168.1.123/ -w /usr/share/seclists/Discovery/Web-Content/common.txt -s '200,204,301,302,307,403,500' -e -l
gobuster dir -u http://192.168.1.123/ -w /usr/share/seclists/Discovery/Web-Content/directory-list-2.3-medium.txt -s '200,204,301,302,307,403,500' -e -l
gobuster dir -u http://192.168.1.123/ -w /usr/share/seclists/Fuzzing/fuzz-Bo0oM.txt -s '200,204,301,302,307,403,500' -e -l
gobuster dir -u http://192.168.1.123/ -w /usr/share/wordlists/dirb/big.txt -s '200,204,301,302,307,403,500' -e -l

Don’t forget to throw in a -x php if there’s some php action (or other file extensions).

Specific web apps

Sharepoint

# Start with the All Site Content page
/_layouts/viewlsts.aspx