HTTP enumeration

Note: add port if the webserver is running on a different port than your usual 80/443

Gobuster

gobuster dir -u <http://IP>:PORT -w /usr/share/wordlists/dirbuster/directory-list-2.3-small.txt -x php,txt,py,html -o webscan/gobuster-extensions

Nikto

nikto -Format txt -o webscan/nikto-initial -host <http://IP> -p PORT

fuff

ffuf -w /usr/share/wordlists/dirbuster/directory-list-2.3-small.txt -u <http://IP>:PORT/FUZZ

Wordpress specific

wpscan

#Default
wpscan --url <http://IP>

#Plugins
wpscan --url <http://IP> -e p

#Users
wpscan --url <http://IP> -e u

#Vulnerable plugin
wpscan --url <http://IP> -e vp

SMB Enumeration:

nmap

nmap IP --script smb-* -p 139,445
nmap IP --script smb-enum-* -p 139,445

scripts

/usr/share/nmap/scripts/smb-brute.nse
/usr/share/nmap/scripts/smb-enum-domains.nse
/usr/share/nmap/scripts/smb-enum-groups.nse
/usr/share/nmap/scripts/smb-enum-processes.nse
/usr/share/nmap/scripts/smb-enum-services.nse
/usr/share/nmap/scripts/smb-enum-sessions.nse
/usr/share/nmap/scripts/smb-enum-shares.nse
/usr/share/nmap/scripts/smb-enum-users.nse
/usr/share/nmap/scripts/smb-flood.nse
/usr/share/nmap/scripts/smb-ls.nse
/usr/share/nmap/scripts/smb-mbenum.nse
/usr/share/nmap/scripts/smb-os-discovery.nse
/usr/share/nmap/scripts/smb-print-text.nse
/usr/share/nmap/scripts/smb-protocols.nse
/usr/share/nmap/scripts/smb-psexec.nse
/usr/share/nmap/scripts/smb-security-mode.nse
/usr/share/nmap/scripts/smb-server-stats.nse
/usr/share/nmap/scripts/smb-system-info.nse

Enum4linux

enum4linux -a IP

HTTP enumeration

Gobuster

Nikto

fuff

Wordpress specific

wpscan

SMB Enumeration:

nmap

scripts

Enum4linux

SMBClient