Most used tools

Identify vulnerabilities in webapps

Tool: wmap

Context: We use WMAP for automate the process of find vulns. If we don't find all vulns, we'll evaluate the OWASP 10

Usage:

msfconsole -q
load wmap
wmap_sites -a [demo.ine.local IP]
wmap_targets -t http://[demo.ine.local IP]
wmap_run -e

---

Locate hidden file and directories

Tools: dirb, gobuster, robots.txt

Usage:

dirb http://demo.ine.local

---

Conduct brute-force login attack

Tools: hydra, BurpSuite, msfconsole

Usage:

hydra -l admin -P passlist http-post-form "/login:username=^USER^&password=^PASS^"