Most used tools
Identify vulnerabilities in webapps
Tool: wmap
Context: We use WMAP for automate the process of find vulns. If we don't find all vulns, we'll evaluate the OWASP 10
Usage:
msfconsole -q
load wmap
wmap_sites -a [demo.ine.local IP]
wmap_targets -t http://[demo.ine.local IP]
wmap_run -e
Locate hidden file and directories
Tools: dirb, gobuster, robots.txt
Usage:
dirb http://demo.ine.local
Conduct brute-force login attack
Tools: hydra, BurpSuite, msfconsole
Usage:
hydra -l admin -P passlist http-post-form "/login:username=^USER^&password=^PASS^"
Last updated