curl -i [ip] # include response headers curl -I [ip] # show info only (using HEAD) curl -L [ip] # follow redirects
<iframe url="[<https://firstURL.com>](<https://firsturl.com/>)"></iframe>
Play around with burp and whether POST request actions can be completed as GET request actions - then you can just send a URL to do the same action in one line
Also check what user they are run by, do they navigate to webpages? e.g. if you put in a webpage, would the text box run it?
Are tokens included in POST parameters (check in burp or the network tab).
gobustergobuster -u <http://website.com> -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -t 100 | tee gobuster.log
gobuster -u <http://website.com> -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -t 100 -c 'PHPSESSION=123' -x .php,.html | tee gobuster.log
dirsearchGreat for websites that have extensions (eg. php). Added wp to dicc.txt
./dirsearch.py -u <http://192.168.1.23> -e txt -t 50 # use dirsearch's default dict, which proved to be quite successful
./dirsearch.py -u <http://192.168.1.23> -w /usr/share/dirbuster/wordlists/directory-list-2.3-medium.txt -e php -t 50
nikto Web Scannernikto -h 192.168.1.23
nikto -h 192.168.1.23 -Plugins outdated
A function within its code, "map_codes", seems to take forever to finish. Add a return; statement to line 228 of /var/lib/nikto/plugins/nikto_core.plugin to patch it.