O
O
OSCP Notes
Search…
⌃K

port 80

Directory Busting:

  1. 1.
    Gobuster
Syntax:
gobuster dir -u http://10.129.168.90 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt
2. Dirbuster (GUI)
3. Dirsearch
python3 dirsearch.py -u http://bart.htb -e php,aspx,asp,txt -x 500,404,403
-x ignores specified status codes
4. dirb

nikto -h IP_ADDRESS

Nmap showing blocked http request

Since nmap scan changes the host field, it might reveal some blocked http pages that a regular browser session may not.
If you want to see what the browser sees, open up burp and send it to repeater to manually change the host field to something like "test"