🖥️
Siber Güvenlik Notları
  • WHOAMI
    • 👨‍💻Who Am I?
  • 🔭Information Gathering
    • Pentest Makinası Kurulumu
    • Passive Information Gathering
    • Subdomain Enumeration
    • Host Discovery
    • Port Scanning
    • Email Enumeration
    • Leaked Passwords
    • Zafiyet Araştırma
  • 🪟Windows Pentesting
    • Windows Privilege Escalation
    • Windows Persistence
    • Windows Lateral Movement
    • AV Evasion
  • 🐧Linux Pentesting
    • Linux Privilege Escalation
    • Linux Persistence
    • Linux Lateral Movement
  • 🕸️Web Application Pentesting
    • ✅Cross-Site Scripting
    • ✅Information Disclosure
    • ✅Configuration and Deployment Management Testing
    • ✅Broken Authentication
    • ✅Broken Access Control
    • ✅OAuth Zafiyetleri
    • ✅JWT
    • ✅HTTP Parameter Pollution
    • ✅SQL Injection
    • ✅NoSQL Injection
    • ✅XXE Injection
    • ✅File Inclusion & Path Traversal
    • ✅OS Command Injection
    • ❌HTTP Request Smuggling
    • ✅Host Header Attack
    • ✅SSTI
    • ✅SSRF
    • ❌Insecure Deserialization
    • ✅Prototype pollution
    • ❌Web Cache Poisoning
    • ✅LLM
    • ✅Business Logic
    • ✅File Upload
    • ✅Race Conditions
    • ✅CSRF
    • ✅CORS Misconfiguration
    • ✅Clickjacking
    • ✅API Testing
    • ❌GraphQL API
    • AWS Testing
    • ✅Broken Link Hijacking
  • 🖲️Network Service Pentesting
    • 📘Active Directory Services
      • Bleeding Edge Vulns
      • Misconfigs
      • Domain Trust
      • DNS (53)
      • Kerberos (88)
      • LDAP (389,636)
      • RPC WMI (135)
      • SMB (445)
      • WinRM - 5985
    • 📂FTP - 21
    • 🔐SSH - 22
    • 🤣Telnet - 23
    • SMTP - 25
    • TFTP - 69 UDP
    • HTTP - 80,443
      • Apache
      • Joomla
      • Drupal
      • Wordpress
      • WEBDAV
      • PHP
      • Laravel
    • IMAP/POP3 - 110,143,993,995
    • SNMP - 161
    • Rservices - 512
    • IPMI - 623
    • Rsync - 873
    • MSSQL - 1433
    • Oracle TNS - 1521
    • NFS - 2049
    • Docker
    • Grafana - 3000
    • MySQL - 3306
    • RDP - 3389
    • Postgresql - 5432
    • Redis - 6379
    • JDWP - 8000
    • MongoDB - 27017
  • 🕸️Network Pentesting
    • ARP Poisoning
  • 📞Android Pentesting
    • Rooting
    • Burp Suite Sertifikası
    • SSL Pinning Bypass
    • Patching
    • MobSF Kurulumu
    • Flutter Pentesting
  • 📰Teori
    • Güvenlik Ürünleri
    • OSI
    • Security Principles
  • Diğer
    • Hacking Gadgets
      • 🍍Wifi Pineapple
      • Pwnagotchi
    • Stego
    • Buffer Overflow
    • Phishing
    • Nessus
    • MSFConsole
    • DDOS Saldırıları
  • ⏪Reverse
    • GCC Reverse
    • Python Reverse
    • Flare VM
    • Remnux
  • 🛜Wireless Pentesting
    • Wireless Pentest
Powered by GitBook
On this page

Was this helpful?

  1. Network Service Pentesting

HTTP - 80,443

Enumeration

Spidering

Spidering süreci, bir web sitesinin belirli URL'lerini takip ederek site içindeki bağlantıları izleme esasına dayanır.

gospider -s https://example.com

Terminal Browser

Eğer sadece terminal erişimimiz varsa browsh ile terminalde sayfayı görüntüleyebiliriz.

browsh --startup-url http://example.com/index.html

Aynı işlemi lynx aracı ile de yapabiliriz.

lynx https://example.com/index.html

Teknoloji Tespiti

What web ile sitede hangi teknolojilerin kullanıldığını görebiliriz.

whatweb https://example.com

Http aracı ile de siteye istek atarak kullanılar teknolojileri görebiliriz.

http https://example.com

HTTP Versiyon Bilgisi

nmap -p 80 -script banner https://example.com

Başlık Bilgisi

nmap --script http-headers -p 80 https://example.com
msfconsole -q
use auxiliary/scanner/http/http_header
set RHOSTS example.com
run

WMAP

msfconsole -q
load wmap

wmap_sites -a <IP>
wmap_targets -t <IP>

wmap_sites -l
wmap_targets -l

wmap_run -t
wmap_run -e

Nikto

nikto -h https://example.com
PreviousTFTP - 69 UDPNextApache

Last updated 6 months ago

Was this helpful?

🖲️
  • Enumeration
  • Spidering
  • Terminal Browser
  • Teknoloji Tespiti
  • HTTP Versiyon Bilgisi
  • Başlık Bilgisi
  • WMAP
  • Nikto