Programmerboy Pentesting Stuff
  • Welcome
  • Web Pentesting Stuff
    • Pentesting Port 80,443
      • FFUF Commands
      • Virtual Host Scanning
      • Javascript DeObfuscation
      • Pentesting JWT (JSON Web Tokens)
      • Pentesting Graphql
      • Pentesting Redis 6379
  • CMS Pentesting
    • Wordpress Pentesting
    • Jenkins
    • Grafana
  • Network Penetration Testing
    • Nmap Commands
    • 53 - Pentesting DNS
    • 88 - Pentesting Kerberos
    • 111 - Pentesting RPC
    • 389 - Pentesting LDAP
    • 445 - Pentesting SMB
    • 873 - Pentesting Rsync
    • 1433 - Pentesting MSSQL
    • 2049 - Pentesting NFS
    • 3389 Pentesting RDP
    • 3306 - Pentesting Mysql
    • 5000 - Pentesting Docker Registry
  • Active Directory Pentesting
    • Methodology
  • Password and Bruteforce Attacks
    • Hydra
    • Cewl
    • Making Custom Wordlists (Usernames)
    • JSON to txt Wordlist
  • Linux Privilege Escalation
    • Getting a Fully Interactive TTY Shell
    • Docker Container Escape
  • Windows Privilege Escalation
    • Tunneling and Pivoting
    • Methodology
  • Bug Bounty
    • Bug Bounty Methodology
    • XSS
    • SQL Injection
    • Command Injection
    • File Upload Pentesting
    • Local and Remote File Inclusion
    • Broken Authentication
    • Server Side Request Forgery (SSRF)
    • XML External Entity (XXE)
    • Server Side Template Injection (SSTI)
    • ReconFTW (six2dez)
    • JS Files
    • SignUp Page
  • CTFs
    • WEB
    • Regex Bypass
    • Grep & Regex & Find strings
  • Python Programs for Pentesting
    • Python Code Snippets
  • Certifications-Notes
    • CRTO & Cobalt Strike
  • Phishing and Real World Stuff
    • Email Spoofing
    • Attacking Office 365 & Exchange
  • Cloud Pentesting
    • Enumeration
  • CVEs
    • Simplehelp CVE-2024-57727
    • Next.js CVE-2025-29927
Powered by GitBook
On this page
  • Nmap Scan Command
  • Nmap Full Port Scan Command (If you want to Speed Up )
  • Directory BruteForcing
  • Feroxbuster Command
  • Feroxbuster POST and GET Fuzzing
  • Changing the Conf of Feroxbuster
  • FFUF Command
  1. Web Pentesting Stuff

Pentesting Port 80,443

Nmap Scan Command

# -A means Aggressive Scan
# -v means Verbose Output

 # i normally use this command for initial scan this works best for me 
 
nmap -A -v 10.10.10.10

Nmap Full Port Scan Command (If you want to Speed Up )

# --min-rate will make the scan faster, you can send any number of packets you want 

# I run this command more than 2 times to confirm, because it is very fast

nmap -A -v -p- --min-rate=10000 10.10.10.10

Directory BruteForcing

For Directory Bruteforcing my favourite Tool is FFUF and Feroxbuster

Feroxbuster Command

# this is the command which i use when i use feroxbuster
# I Normally Change this command based on the output
# i have edited the configuration file to use common.txt wordlist from seclist
 
feroxbuster -u https://www.google.com/

Feroxbuster POST and GET Fuzzing

feroxbuster -u http://www.google.com -m GET,POST

Changing the Conf of Feroxbuster

I use Sublime text for editing my stuff and for code editing i use VScode

┌──(root㉿kali)-[~]
└─ subl /etc/feroxbuster/ferox-config.toml

FFUF Command

I use the following command when i use FFUF

# -u is for url
# -w is for wordlist
# -c is for colors

# i use more flags as well for filtering, but this is my basic command

ffuf -u https://www.google.com/FUZZ -w /usr/share/seclists/Discovery/Web-Content/common.txt -c
PreviousWelcomeNextFFUF Commands

Last updated 11 months ago

I have set the wordlist to Common.txt from seclist