Web Application Enumeration

Fingerprinting Web Servers with Nmap

sudo nmap -p80 -sV 192.168.50.20

sudo nmap -p80 --script=http-enum 192.168.50.20

Technology Stack Identification with Wappalyzer

Untitled

Directory Brute Force

gobuster dir -u 192.168.50.20 -w /usr/share/wordlists/dirb/common.txt -t 5

Debugging Page Content

3d5df43dce2e06bad6444e2e674728fd-webenum01.png

afe14ab5a9171880200aaac19105e429-webenum05.png

Enumerating and Abusing APIs

Podemos fuzzear por apis con un fichero pattern que sobre las rutas encontradas con gobuster, pruebe /v1 y /v2.

gobuster dir -u <http://192.168.50.16:5002> -w /usr/share/wordlists/dirb/big.txt -p pattern

Untitled

EnumeraciĆ³n de api con el parametro -i de curl para listar la api.

kali@kali:~$ curl -i <http://192.168.50.16:5002/users/v1>
HTTP/1.0 200 OK
Content-Type: application/json
Content-Length: 241
Server: Werkzeug/1.0.1 Python/3.7.13
Date: Wed, 06 Apr 2022 09:27:50 GMT

{
  "users": [
    {
      "email": "[email protected]",
      "username": "name1"
    }