In this tutorial we will use Nmap in Kali Linux to scan and list web application directories and popular web servers. We will use the Nmap http-enum.nse script for this purpose. The first step in penetrating Web applications is to explore Web server directories for popular web applications so that we can see which applications have been installed on the specific web server and which directories are available. Many applications have experienced vulnerabilities and attack strategies that can be exploited to gain access to the administrator or exploit data.
Using this Nmap script, we can quickly get an overview of these applications with version numbers so you can examine the vulnerability databases for known vulnerabilities and vulnerabilities. The Nmap script analyzes a fingerprint file and parses the target Web server for matches and also returns the specific version of the Web application. In the nselib/data folder there is a file called http-fingerprints.lua. This file contains all the available fingerprints with a description in the header for those who are interested in exactly what is being explored with this Nmap script. The current fingerprint database is really huge and is still regularly updated. If you want to use a Nikto database with fingerprints instead of the lua file, you can also analyze a database in Nikto format using http-fingerprints.nikto-db-path.
We continue with this tutorial and move on to Kali Linux for some practical tests with Nmap.
Enumerate Webserver Directories
Use the following command to enumerate the directories used by popular web applications:
$ nmap –script http-enum.nse [host]Depending on the applications installed on the destination host, Nmap returns a list of these applications. In the Hackloop video, the target has a running WordPress installation, which is confirmed by the Nmap script.
Post a Comment