Welcome!

By registering with us, you'll be able to discuss, share and private message with other members of our community.

SignUp Now!
adv ex on 5 january 2024
adv ex on 22 February 2024
adv ex on 22 February 2024
banner Expire 26 April 2024
Rescator cvv and dump shop
banner expire at 13 May

Yale lodge shop
UniCvv
banner Expire 1 April  2021

ALBERT

TRUSTED VENDOR
Staff member
Joined
Dec 3, 2020
Messages
1,214
In this tutorial we will be using Nmap on Kali Linux to scan and enumerate webserver directories from popular web applications and servers. We will be using the Nmap script http-enum.nse for this purpose. The first step in web application penetration testing is scanning webserver directories for popular web applications so we can see which applications have been installed on the particular webserver and what directories are available. Many applications have known vulnerabilities and attack strategies that can be exploited in order to gain administrator access or to exploit data. Using this Nmap script we can quickly get an overview of those applications with version numbers so we can check vulnerability databases for known vulnerabilities and exploits. The Nmap script parses a fingerprint file and scans the targeted webserver for any matches and also returns the particular version of the web application. In the nselib/data folder there is a file called ‘http-fingerprints.lua’. This file contains all the available fingerprints with a description in the header for those who are interested in what is exactly scanned by this Nmap script. The current fingerprint database is really huge and is still updated on a regular basis. If you want to use a Nikto database with fingerprints instead of the lua file, you can also parse a Nikto-formatted database using http-fingerprints.nikto-db-path.

Let’s continue this tutorial and switch to Kali Linux for some hands on testing with Nmap.

Enumerate webserver directories
Use the following command to enumerate directories used by popular web applications:

nmap –script http-enum.nse [host]

Depening on the applications which are installed on the targeted host, Nmap returns a list of those applications. In the Hacking Tutorials video the target has a WordPress installation running which is confirmed by the Nmap script.
 
Top Bottom