Cookie's Red Team Recipe
  • Mixing...
  • General
    • Transferring Files
      • Serving Your Files
      • Transferring Files To Linux
      • Transferring Files To Windows
    • File Types
      • .vhd
    • Password Cracking
      • Hashcat
        • Wordlists
        • Wordlist + Rules
        • Masks
        • Mask Files
        • Combinator
        • Hybrid
        • Keyboard Walks
    • Trash to sift through
      • Cookie 3.1.24.ctd
    • Tools
      • Nuclei
      • GoWitness
    • Reflective DLL Injection
    • Configuration
      • Terminal Logging
      • Tmux Config
  • Cloud
    • General
      • Enumeration
        • JWT
        • SEC 588
        • Tools and Procedures
      • Containers
        • Docker
        • Kubernetes
    • Azure
      • General
      • Discovery
        • Mapping URLS
        • Snaffpoint
      • Initial Access
        • Password Spray
        • Illicit Consent Grant
        • App Service Abuse
          • Insecure File Upload
          • SSTI
          • OS Command Injection
        • Blob Storage
        • Evilginx3
      • Enumeration
        • MG Module
        • Az PowerShell
        • Azure CLI
        • Tokens
        • ROADTools
        • StormSpotter
        • AzureHound
      • Privilege Escalation
        • Automation Account
        • Managed Identity Command Execution
        • Key Vault
        • ARM Templates
        • Function App
      • Lateral Movement
        • Custom Script Extension
        • User Data
        • Pass The PRT
        • Endpoint Manager
        • Dynamic Groups
        • Application Proxy
        • Password Hash Sync
        • Storage Accounts
      • Persistance
        • Pass-Through Authentication
        • Seamless SSO
        • Federation
    • AWS
      • Discovery
        • Mapping URLs
        • Authentication
        • Username Harvesting
        • Password Spraying
        • Storage
        • Pacu
      • Enumeration
        • Scanning
        • Copy of Pacu
      • Privilege Escalation
        • Instance Metadata Service
        • Copy of Pacu
      • Lateral Movement
        • Userdata
        • Pacu
        • Callbacks and Shells
      • KMS
      • CI/CD
        • Deployment Pipeline
        • SSRF
        • Lambda
    • GCP
  • OSINT
    • Checklist
    • Tools
  • Web Applications
    • Checklist
    • Web Vulnerabilities
      • SSRF (Server Side Request Forgery)
      • Blind Data Exfiltration via DNS
      • XSS
      • XXE
      • XPath Injection
    • APIs
      • Web API Indicators
      • Passive Reconnaissance
      • Active API Reconnaissance
    • Enumeration
  • Exploitation
  • Active Directory
    • Reconnaissance
      • PowerView
      • SharpView
      • ADSearch
    • Cobalt Strike
      • User Impersonation
        • Pass the Hash
        • Pass the Ticket
        • Overpass the Hash
        • Token Impersonation
        • Token Store
        • Make Token
        • Process Injection
      • Lateral Movement
        • Windows Remote Management
        • PsExec
        • Windows Management Instrumentation (WMI)
        • CoInitializeSecurity
        • DCOM
      • Kerberos
        • Kerberoasting
        • ASREP Roasting
        • Unconstrained Delegation
        • Constrained Delegation
        • Alternate Service Name
        • S4U2Self Abuse
        • Resource-Based Constrained Delegation
        • Shadow Credentials
        • Kerberos Relay Attacks
      • Pivoting
        • SOCKS Proxies
        • Linux Tools For Proxies
        • Windows Tools For Proxies
        • Pivoting with Kerberos
        • Pivoting A Browser
        • Reverse Port Forwards
        • NTLM Relaying
        • Relaying WebDAV
      • AD Certificate Services
        • Find Certificate Authorities
        • Misconfigured Certificate Templates
        • NTLM Relaying to ADCS HTTP Endpoints
        • User & Computer Persistence
      • Group Policy
        • Modify Existing GPO
        • Create & Link a GPO
      • MS SQL Servers
        • MS SQL Impersonation
        • MS SQL Command Execution
        • MS SQL Lateral Movement
        • MS SQL Privilege Escalation
      • Configuration Manager
        • Enumeration
        • Network Access Account Credentials
        • Lateral Movement
      • Domain Dominance
        • Silver Tickets
        • Golden Ticket
        • Diamond Tickets
        • Forged Certificates
      • Forest & Domain Trusts
        • Parent/Child
        • One-Way Inbound
        • One-Way Outbound
      • LAPS (Local Administrator Password Solution)
        • Reading ms-Mcs-AdmPwd
        • Password Expiration Protection
        • LAPS Backdoors
  • Escalation
    • Host Reconnaissance
    • Windows
    • Linux
  • Report
    • Templates
  • Phishing
    • Techniques
      • Jscript
      • Word Document
        • Manual
        • Generated
      • HTML Smuggling
    • GoPhish
  • C2
    • Cobalt Strike
      • Starting
        • Profile
        • Artifact Kit Changes
        • Resource Kit Changes
        • Start CS as a Service
        • Manual AMSI Bypass
        • Set Anti-Behavioural Detections
        • Generating Payloads
        • Listener Management
        • Prepare For Command Line Detections
      • Tools
        • Application Whitelisting
          • Policy Enumeration
          • Writeable Paths
          • Binaries, Scripts, and Libraries
          • PowerShell CLM
          • Beacon DLL
        • Credentials
          • Credential Manager
          • Scheduled Task Credentials
        • Session Passing
          • Beacon Passing
          • Foreign Listener
          • Spawn & Inject
        • DCSync
        • Extracting Kerberos Tickets
        • Mimikatz
          • NTLM Hashes
          • Kerberos Encryption Keys
          • Security Account Manager
          • Domain Cached Credentials
        • Take Screenshot
        • Evading Windows Defender
          • Artifact Kit
          • Malleable C2
          • Resource Kit
          • AMSI vs Post-Exploitation
          • Manual AMSI Bypasses
          • Behavioural Detections
          • Parent/Child Relationships
          • Command Line Detections
        • Pivot Listeners
    • Sliver
      • Post-Exploitation
        • Proxy
    • Brute Ratel
    • Mythic
  • Domains
  • Infrastructure
    • Web Categorisation
Powered by GitBook
On this page
  • Gobuster
  • Wappalyzer
  1. Web Applications

Enumeration

PreviousActive API ReconnaissanceNextReconnaissance

Last updated 1 day ago

Gobuster

Common user agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36

gobuster dir -u http://example.com -w /path/to/wordlist.txt -t 5 --delay 1s -a "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36" -o example_dir_scan_ua.txt

-s 200 (only look for 200 responses)

--status-codes-blacklist "" (clears the black list, which has a default value of 404)

Wappalyzer

Identify technologies on websites

Find out the technology stack of any website. Create lists of websites that use certain technologies, with company and contact details. Use our tools for lead generation, market analysis and competitor research.

LogoFind out what websites are built with - Wappalyzer