> For the complete documentation index, see [llms.txt](https://lanzt.gitbook.io/cheatsheet-pentest/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://lanzt.gitbook.io/cheatsheet-pentest/port-enumeration/80-443-web.md).

# 80,443 - Web

## Foothold

* source code
* links
* redirect
* cookies
* burpsuite
* headers
  * [shcheck](https://github.com/santoru/shcheck)

## Fuzzing

* directories (use different wordlists)
* files  (use different wordlists)
* files+extensions  (use different wordlists)
* subdomains  (use different wordlists)

## Login

* default creds
* credentials related to software
* bruteforce
  * cupp
  * pydictor
  * crunch
  * [psudohash](https://github.com/t3l3machus/psudohash)
  * [password-permutor](https://github.com/trevphil/password-permutor)
  * [statistically-likely-usernames](https://github.com/insidetrust/statistically-likely-usernames)
  * [username-anarchy](https://github.com/urbanadventurer/username-anarchy)
  * [password-stretcher](https://github.com/TheTechromancer/password-stretcher)

## Injection

* IDOR
* SQLi
  * SQL (PHP...)
  * NoSQL (Node...)
  * [Header Based Injection](https://github.com/SAPT01/HBSQLI)
* SSTI
* XXE
* XSS
* Command Injection
* Header Injection

## Generate errors

* Check resources showing input info
* Symbols to cause errors

## Playing with BurpSuite

* send parameters empty
* add symbols
* change order of parameters
* change content-type
* content-type: if www-urlencoded ... change to application/json and format parameters
* change http verbs (GET to POST, POST to OPTIONS, etc)

## Credentials bruteforce

### Hydra

From here <https://github.com/vanhauser-thc/thc-hydra>

```bash
hydra -L wordlist.txt -P wordlist.txt lanzand0nas.net http-post-form "/directory/master/login.php:username=^USER^&password=^PASS^:Wrong password for user admin" -d
```

### ffuf

From here <https://github.com/ffuf/ffuf>

```bash
cat post-login.txt
```

```html
POST /login.php HTTP/1.1
Host: 10.10.10.10
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:72.0) Gecko/20100101 Firefox/72.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
DNT: 1
[...]

username=FUZZ&password=s3cr3t
```

```bash
ffuf -c -w wordlist.txt -request post-login.txt -request-proto http
```

It will take the FUZZ word from the file and fuzzing over it.

### Wfuzz

From here <https://github.com/xmendez/wfuzz>

## Bypass 403 Forbidden

* <https://github.com/devploit/nomore403>

## Specific Software

### Jenkins

* <https://github.com/stevenvegar/Jenkins_scripts>


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://lanzt.gitbook.io/cheatsheet-pentest/port-enumeration/80-443-web.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.
