HTTP(S) - TCP 80, 443, 8080, 8443

Check SSL certificate for potential usernames or hostnames

View source code for comments or interesting links

Check for the existence of a robots.txt file that discloses hidden paths

curl http://<url>/robots.txt

Check for SSL vulnerabilities

sslscan <ip address>

Scan for common vulnerabilities in web servers with Nikto

nikto --url http://<ip address> -p <port(s)>

Discover subdomains with ffuf

# Get response size of nonexistent subdomain
curl -s -H "Host: nonexistent.<target url>" <target url> | wc -c
# Filter out response size
ffuf -c -w <wordlist> -u <target url> -H "Host: FUZZ.<target url>" -fs 169

PreviousSNMP - UDP 161, 162, 10161, 10162 NextLDAP - TCP 389, 636, 3268, 3269

Last updated 9 months ago