Enumeration

Web Enumeration using Metasploit

launch msfconsole

msfconsole

Module 1: auxiliary/scanner/http/http_version

use auxiliary/scanner/http/http_version
set RHOSTS victim-1
run

Module 2: auxiliary/scanner/http/robots_txt

use auxiliary/scanner/http/robots_txt
set RHOSTS victim-1
run

Module 3: auxiliary/scanner/http/http_header

use auxiliary/scanner/http/http_header
set RHOSTS victim-1
run

use auxiliary/scanner/http/http_header
set RHOSTS victim-1
set TARGETURI /secure
run

Module 4: auxiliary/scanner/http/brute_dirs

use auxiliary/scanner/http/brute_dirs
set RHOSTS victim-1
run

Module 5: auxiliary/scanner/http/dir_scanner

use auxiliary/scanner/http/dir_scanner
set RHOSTS victim-1
set DICTIONARY /usr/share/metasploit-framework/data/wordlists/directory.txt
run

Module 6: auxiliary/scanner/http/dir_listing

use auxiliary/scanner/http/dir_listing
set RHOSTS victim-1
set PATH /data
run

Module 7: auxiliary/scanner/http/files_dir

use auxiliary/scanner/http/files_dir
set RHOSTS victim-1
set VERBOSE false
run

Module 8: auxiliary/scanner/http/http_put

use auxiliary/scanner/http/http_put
set RHOSTS victim-1
set PATH /data
set FILENAME test.txt
set FILEDATA "Welcome To AttackDefense"
run

Delete the file

use auxiliary/scanner/http/http_put
set RHOSTS victim-1
set PATH /data
set FILENAME test.txt
set ACTION DELETE
run

Module 9: auxiliary/scanner/http/http_login

use auxiliary/scanner/http/http_login
set RHOSTS victim-1
set AUTH_URI /secure/
set VERBOSE false
run

Module 10: auxiliary/scanner/http/apache_userdir_enum

use auxiliary/scanner/http/apache_userdir_enum
set USER_FILE /usr/share/metasploit-framework/data/wordlists/common_users.txt
set RHOSTS victim-1
set VERBOSE false
run

PreviousBug Bounty Methodology NextSubdomains Enumeration

Last updated 19 days ago