Discovery (Nmap)
Basic Nmap Scan : -
nmap -vv-sc-sV-oN nmap.log $IP
Complete Nmap Scan : -
nmap -vv-A-p--oN nmap-complete.log $IP
Web Directory & Query Parameters Bruteforce using Gobuster : -
gobuster dir -w/usr/share/dirbuster/wordlists/directory -list-2.3-medium.txt -o gobuster.log -t 200 -u $URL
using Wfuzz : -
wfuzz -w/usr/share/dirbuster/wordlists/directory -list-2.3-medium.txt -t 200 --hc 404 http://www.host.name/FUZZ
using Wfuzz to Bruteforce Query Parameters : -
wfuzz -C -w/usr/share/dirbuster/wordlists/directory -list-2.3-medium.txt -t 200 --hc 404 http://www.host.name/?parameter=FUZZ Recursive Directory Scan with Wfuzz : - wfuzz -w/usr/share/dirbuster/wordlists/directory -list-2.3-small.txt -t 200 --hc 404 -R $DEPTH http://www.host.name/FUZZ
Subdomain Bruteforce using Wfuzz : -
wfuzz -C -f wfuzz-sub.log -w/usr/share/wordlists/seclists/Discovery/ DNS/subdomains-top1million-20000.txt -u $URL -H "Host : FUZZ.host.name" -t 32 --hc 200--hw 356
Note : - You Will Need to Adjust The -- hc & --hw Parameters to Your Needs. Check Wfuzz -h For More Information About Those
#Happy_Hacking
