Directory and subdomain Enumd

Directory Enum

Dirsearch

dirsearch -u [URL] -x 403,404 -e php,html -w /path/to/wordlist

Gobuster

gobuster dir -u http://10.10.10.97/ -w /usr/share/seclists/Discovery/Web-Content/common.txt -x php

Subdomain Enum

Wfuzz

wfuzz -c -u http://alert.htb -H "Host: FUZZ.alert.htb" -w /usr/share/seclists/Discovery/DNS/shubs-subdomains.txt --hc 302,400,301

Gobuster

gobuster dns -d inlanefreight.com -w /usr/share/SecLists/Discovery/DNS/namelist.txt

Dig

for sub in $(cat /opt/useful/seclists/Discovery/DNS/subdomains-top1million-110000.txt);do dig $sub.inlanefreight.htb @10.129.14.128 | grep -v ';\|SOA' | sed -r '/^\s*$/d' | grep $sub | tee -a subdomains.txt;done

Dnsenum

dnsenum --dnsserver 10.129.14.128 --enum -p 0 -s 0 -o subdomains.txt -f /opt/useful/seclists/Discovery/DNS/subdomains-top1million-110000.txt inlanefreight.htb

PreviousNMAPNextSMB and RPC

Last updated