๐Ÿ“ Notes๐Ÿ”’ SecurityWebInformation Gathering Tool

[Info] Information Gathering Tool

dmitry

Passive Information Gathering Tool

  • Sacn the website example.com and output the record in example.txt
dmitry -winsepo example.txt example.com

nikto

Vulnerability Analysis Gathering Tool

Basic usage

  • Sacn the website 192.168.1.86
nikto -host 192.168.1.86

SSL Sacn

  • SSL site scan with 192.168.1.86
nikto -h 192.168.1.86 -ssl

With Metasploit

  • Into a format that Metasploit can read when youโ€™re performing a scan.
nikto -h 192.168.1.86 -Format msf+

sslscan

To check SSL server status

sslscan www.example.com

wafw00f

The Web Application Firewall Fingerprinting Tool (WAF) Check the WAF exist

wafw00f https://example.org

Full Scan / Audit

wpscan

WPScan WordPress Security Scanner

wpscan --url http://192.168.1.86

whatweb

WPScan WordPress Security Scanner

  • With a level 3 to scan the website
whatweb -v -a 3 http://192.168.1.86

skipfish

Active web application security reconnaissance tool.

skipfish -o folder http://192.168.1.86

Tools Base

cutycapt

Cap website images

cutycapt --url=http://www.kali.org --out=kali.png
Utils ToolsReverse Shell