How to enumerate webserver directories with Nmap on Kali Linux

Enumerate webserver directories nmap

A good Grade Hacker For Hire With Ease, How to enumerate webserver directories with Nmap on Kali LinuxHow to enumerate webserver directories with Nmap on Kali Linux

In this tutorial, we will be using Nmap on Kali Linux to scan and enumerate Webserver directories from popular web applications and servers. We will be using the Nmap script http-enum.nse for this purpose.

The first step in web application penetration testing is scanning webserver directories for popular web applications so we can see which applications have been installed on the particular webserver and what directories are available.

Many applications have known vulnerabilities and attack strategies that can be exploited in order to gain administrator access or to exploit data.

Using this Nmap script we can quickly get an overview of those applications with version numbers so we can check vulnerability databases for known vulnerabilities and exploits.

The Nmap script parses a fingerprint file and scans the targeted webserver for any matches and also returns the particular version of the web application. In the nselib/data folder there is a file called ‘http-fingerprints.lua’.

This file contains all the available fingerprints with a description in the header for those who are interested in what is exactly scanned by this Nmap script.

The current fingerprint database is really huge and is still updated on a regular basis.

If you want to use a Nikto database with fingerprints instead of the Lua file, you can also parse a Nikto-formatted database using http-fingerprints.nikto-db-path.

Let’s continue this tutorial and switch to Kali Linux for some hands-on testing with Nmap.

Enumerate webserver directories

Use the following command to enumerate directories used by popular web applications:

nmap –script http-enum.nse [host]

Depending on the applications which are installed on the targeted host, Nmap returns a list of those applications. In the Y3llowl4bs video, the target has a WordPress installation running which is confirmed by the Nmap script.

Enumerate webserver directories video tutorial

Related Nmap Y3llowl4bs

Open Port Scanning and OS Detection with Nmap in Kali Linux

Scanning a network for live hosts with Nmap

Scanning for SMB vulnerabilities using Nmap

Heartbleed SSL bug Scanning using Nmap on Kali Linux

Virtual Hacking Labs - Penetration testing lab


Leave a Reply

Your email address will not be published. Required fields are marked *

fb logo
recover dogecoin from a scam
recover ethereum from a scammer
hire a hacker to hack iphone
hire a hacker to hack snapchat
hire a hacker to hack a windows computer
error: Content is protected !!