0.00 Class 9 Web Application Scanning - cloudsecuritylabs/ethicalhackingclass GitHub Wiki

Class 9 - Web Application Scanning

Gobuster

gobuster dir -u http://192.168.0.200/xvwa/ -w /usr/share/dirbuster/wordlists/directory-list-2.3-medium.txtbuster

Dirbuster

search in Kali

Whatweb

whatweb 192.168.0.0/27 --no-errors

DIRB

dirb http://192.168.0.200/xvwa/

Metasploit

search dir_scanner
show options
set RHISTS

NIKTO

nikto -h 192.168.0.201

ZAP

Metasploit

msf > load wmap msd > wmap_sites -a 192.168.0.201 msd > wmap_sites -a 192.168.0.200:8080 msf > wmap_sites -l msf > wmap_targets -d 0 msf > wmap_run -t msf > wmap_run -e (execute)

Burp Suite - DAST

complete web testing solution with an extendable framework
Web discovery scans
Web vulnerability scans

Editions

professional
community edition

Lab 2 issue

about:config on browser
search for tls, set max to 3