# 02 Scan

* Scans:
  * nmap
  * dirb
  * gobuster
  * nikto
  * wp-scan
* Browse:
  * http and https - can be diff
  * ssl certificate details
  * follow links, paths, clues
  * source
  * comments
  * configs
  * robots.txt
  * [apache ](https://pentest.mxhx.org/04-webapps/apache)home directories
  * versions
  * login defaults/guessing
  * path/slash/files = [LocalFileInjections](https://pentest.mxhx.org/04-webapps/lfi)
  * forms/php = [SQLi ](https://pentest.mxhx.org/04-webapps/03-webapp-sqli)or [WebInjections](https://pentest.mxhx.org/04-webapps/03-webapp)
* Exploits
  * google 'coldfusion 8 exploits'
  * searchsploit/exploitdb/blogs/github
  * Known: [LFI](https://pentest.mxhx.org/04-webapps/lfi) - [SQLi](https://pentest.mxhx.org/04-webapps/03-webapp-sqli) - Directory Traversal
  * [EternalBlue](https://pentest.mxhx.org/03-getting-in/eternal-blue)/[Shellshock](https://pentest.mxhx.org/04-webapps/03-shellshock)/Heartbleed (Well-Known)
  * Remote Code Execution (RCE)
  * CRM/[Wordpress ](https://pentest.mxhx.org/04-webapps/03-webapp-wordpress)= Vulns, Addon, Upload, Theme
* Brute:
  * login [hydra](https://pentest.mxhx.org/05-passwords-ciphers/hydra)