Web Enumeration

Question 1

Gobuster is used for website enumeration of what two things?

Answer 1

1. File/directories.
2. Subdomains

Question 2

Gobuster flag mode for enumerating URL directories and files

Answer 2

Dir

Question 3

Gobuster syntax for enumerating directories and files for a website

Answer 3

gobuster dir -u (url) -w (wordlist.txt)

Question 4

Gobuster flag mode for enumerating URL subdomains

Answer 4

dns

Question 5

Gobuster syntax for enumerating URL subdomains

Answer 5

gobuster dns -d (domain) -w (wordlist.txt)

Question 6

What’s a popular GitHub repo that contains useful lists for fuzzing and exploitation.

Answer 6

/danielmiessler/SecLists

Question 7

How to download and install the SecLists Gthub repo?

Answer 7

git clone https://github.com/danielmiessler/SecLists

sudo apt install seclists -y

Question 8

When using Gobuster to enumerate a subdomain. Where do we add a live DNS server i.e. 1.1.1.1?

Answer 8

/etc/resolv.conf file

Question 9

Curl command syntax for banner grabbing

Answer 9

curl -IL https://URL

Question 10

A handy tool that takes screenshots of the target web application, fingerprints them, and identify possible default credentials.

Answer 10

EyeWitness

Question 11

Extracts the version of webservers, supporting frameworks and applications. We can use this info to pinpoint technologies in use and begin searching for potential vulnerabilities.

Answer 11

Whatweb

Question 12

Whatweb syntax for enumerating

Answer 12

Whatweb (IP)

Question 13

What info can we get from SSL/TLS certificates

Answer 13

Email address and company name and use this to do a phishing attack.

Question 14

This file is used to instruct search engine web crawlers on which resource should and should not be indexed into a search engine.

Answer 14

robots.txt

Question 15

Shortcut to bring up the source code window in browser.

Answer 15

[CTRL + U]