HTTP & HTTPS

• Usually port 80, 443

Checkout also the web pentesting chapter of CSbyGB Pentips.

Enumerating HTTP and HTTPS

Default web page

• We can go check the page in the browser and see what we find if we have 30 or 443 open (or both)

• Default web page = automatic finding. Disclose info about the tecnology used: web server, version, hostname etc. = Information Disclosure

Nikto

• We can also launch nikto nikto -h http://host.com

  • Example of nikto result

  • It finds possible vulnerability

  • Will even do some directory busting

Dirbuster

• We can use dirbuster or gobuster to check if we find hidden directories (directory busting). Here is an example with dirbuster

• Example of results in tree view

• Example of results in list

Source code

• We can select view source in the browser.

• In there we can check for comments, usernames, passwords, keys etc.

Burpsuite

• We can use the repeater to inspect a request modify it and analyze the response

Resources

80,443 - Pentesting Web MethodologyHackTricks

Pentesting Web - Hacktricks