SMB and RPC Enumeration Web Enumeration Linux PrivEsc Linux Commands DDoS TL;DR You can grab and parse these commands from this page using cURL: curl -s https://harfordcda.neocities.org/web_enum.html | sed 's/<[^>]*>//g ; /^$/d' | tr -s '\n' '\n' | sed -r /^r?$/d > web_enum.txt 
                ++++++++++++
                ++++++++++++++++++
              ++++++++++++++++++++++
             ++++++++++++++++++++++++ + ++++
            ++++++++++++++++++++++++ +++ ++++++
            ++++++++++++++++++++++++++++++++++++
             ++++++++++++++++++++++++++++++++++++
             :::::::::,a@@a,:::::,a@a,++++++++++.
        .ooOOOOOOOOOOo@@@@@@oOoO@@@@@,++++++++/:.
     o OOOOOOOOOOOOo@@@@@@@@@oOOo@@@@@@,++++++/:::
  o oOOOOOOOOOOOOOo@@@@@@@@@@@oOo@@@@@@a  ':::::::
 oOoOOOOOOOOOOOOOOo@@@@@@@@@@@oOo@@@@@@@   :::::::
oOOOOOOOOOOOOOOOOo@@@@@@@@@@@@oOo@@@@@@@   ::: ::'
oOOOOOOOOOOOOOOOOo`  '@@@@@@@@oOo` '@@@@  ,:'  '
oOOOOOOO%%%%%OOOOo    @@@@@@@@oOo   @@@a
 oOOOO;%%%.%%%OOOo.  ,@@@@@@@oOOo. ,@@@'
  oOOO%%%.%%%%%OOOoa@@@@@@@@oOOOo@@@@@'
   OOO%%%.%%%%%%OOo@@@@@@@@oOOOOOo@@@'        .,;%%%%%;.
    OOO%%.%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%//%%%%%%%%%
      OO%%.%%%%%%%%%%%%%%%%;%%%%%%%%%%%%%%//%%%%%%%%%%%;
        O%%.....';%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%;'
          %%.............%%%%%%%%%%%%%%%%%%%%%%%;'
           %%............`%%,   """""""""""""
            %%............%%;
             %%...........%%;
              %%%%%%%%%%%%%;
               `%%%%%%%%%';
Type help for a list of interactive commands.

Bruteforcing Web Directories

Bruteforcing web directories refers to the method of discovering hidden directories and files on a web server by systematically trying a large number of potential names and paths. This is done using predefined lists of common directory and file names, or by generating combinations of potential names. The goal is to identify resources that are not linked from the publicly accessible web pages but are still accessible if the exact name or path is known. Tools like DirBuster (dirb), dirsearch,gobuster,and wfuzz are commonly used for this purpose.

gobuster

git clone https://github.com/OJ/gobuster gobuster -u http://site/ -w /path/to/wordlist gobuster dir -u http://site -w /directory-list-2.3-medium.txt gobuster dir -e -u http://site/ --timeout 60s -t 100 -w /wordlist.txt -x php,pdf,txt,html,js,php5, gobuster -u http://site -r -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x php,txt -t 150 -l

DirSearch

git clone https://github.com/maurosoria/dirsearch cd dirsearch python3 dirsearch.py -u http://site -e php,asp,txt,pdf,sql

dirb

dirb http://site -r -o host.txt dirb http://site/ /usr/share/wordlists/dirb/common.txt

Web Fuzzing

Web fuzzing is a testing technique used to discover vulnerabilities in web applications by sending a large volume of unexpected or random data to a system and observing its response. The goal is to identify potential weaknesses, such as input validation errors, that could be exploited by attackers. Fuzzing can uncover issues like buffer overflows, server misconfigurations, and even hidden directories or files. Tools like ffuf, wfuzz, and radamsa are popular choices for web fuzzing tasks. It's a proactive approach to security, aiming to identify and fix vulnerabilities before they can be exploited.

ffuf

# Basic usage with a wordlist ffuf -w /path/to/wordlist -u http://target/FUZZ # Fuzzing POST data ffuf -w /path/to/wordlist -X POST -d "data=FUZZ" -u http://target/post-endpoint # Fuzzing headers ffuf -w /path/to/wordlist -H "User-Agent: FUZZ" -u http://target/ # Using multiple wordlists (fuzzing both directory & file) ffuf -w /path/to/directorylist -w /path/to/filelist -u http://target/FUZZ/FUZ2Z # Filter out non-interesting results by size ffuf -w /path/to/wordlist -u http://target/FUZZ -fs 4242 # Using a custom 404 signature to filter out false positives ffuf -w /path/to/wordlist -u http://target/FUZZ -fc 404 # Recursion (beta feature) ffuf -w /path/to/wordlist -u http://target/FUZZ -recursion -recursion-depth 2

wfuzz

# Basic usage with a wordlist wfuzz -c -z file,/path/to/wordlist -u http://target/FUZZ # Fuzzing POST data wfuzz -c -z file,/path/to/wordlist --data "param=FUZZ" -u http://target/post-endpoint # Fuzzing headers wfuzz -c -z file,/path/to/wordlist -H "User-Agent: FUZZ" -u http://target/ # Using multiple wordlists (fuzzing both directory & file) wfuzz -c -z file,/path/to/directorylist -z file,/path/to/filelist -u http://target/FUZZ/FUZ2Z # Filter out non-interesting results by words, lines, or characters wfuzz -c -z file,/path/to/wordlist -u http://target/FUZZ --hw 100 # Using payloads to generate the fuzzing input (e.g., range of numbers) wfuzz -c -z range,1-10 -u http://target/page?id=FUZZ # Using encoders with payloads (e.g., URL encoding) wfuzz -c -z file,/path/to/wordlist --encoder url -u http://target/FUZZ # Fuzzing multiple points in a request wfuzz -c -z file,/path/to/wordlist -z file,/path/to/anotherwordlist -u http://target/FUZZ/page?param=FUZ2Z

radamsa

# Installing Radamsa (Debian-based systems) sudo apt-get install radamsa # Basic Usage: Fuzz an input string echo "Hello, World!" | radamsa # Fuzzing a File: Generate a fuzzed version radamsa input.txt > output.txt # Generating Multiple Outputs: Produce 10 fuzzed versions radamsa -n 10 -o output_%n.txt input.txt # Using Seeds: Ensure consistent output for the same input echo "test" | radamsa -s 42 # Fuzzing Binary Data: Fuzz an image radamsa image.jpg > fuzzed_image.jpg # Using with Other Tools: Fuzz HTTP requests with curl echo "GET / HTTP/1.1\r\nHost: example.com\r\n\r\n" | radamsa | nc example.com 80