> ## Documentation Index
> Fetch the complete documentation index at: https://docs.bytejmp.com/llms.txt
> Use this file to discover all available pages before exploring further.

# 80 / 443 - HTTP(S)

> HTTP enumeration: directory busting, technology fingerprinting, vhost discovery, and common attack vectors.

## Service Detection

```bash theme={"dark"}
nmap -sV -sC -p 80,443 TARGET
```

### Banner Grab

```bash theme={"dark"}
curl -I http://TARGET
curl -Ik https://TARGET
```

***

## Technology Fingerprinting

### whatweb

```bash theme={"dark"}
whatweb http://TARGET
```

### Wappalyzer

Browser extension — identifies CMS, frameworks, servers.

### Headers

```bash theme={"dark"}
curl -I http://TARGET | grep -i "server\|x-powered-by\|x-aspnet"
```

***

## Directory Busting

### gobuster

```bash theme={"dark"}
gobuster dir -u http://TARGET -w /usr/share/wordlists/dirb/common.txt
gobuster dir -u http://TARGET -w /usr/share/seclists/Discovery/Web-Content/raft-large-words.txt -x php,html,txt,bak
```

| Flag         | Description            |
| ------------ | ---------------------- |
| `-x`         | Extensions             |
| `-t 50`      | Threads                |
| `-o`         | Output file            |
| `-k`         | Skip TLS verification  |
| `-b 404,403` | Blacklist status codes |

### feroxbuster

```bash theme={"dark"}
feroxbuster -u http://TARGET -w /usr/share/seclists/Discovery/Web-Content/raft-medium-directories.txt -x php,html,txt
```

### ffuf

```bash theme={"dark"}
ffuf -u http://TARGET/FUZZ -w /usr/share/seclists/Discovery/Web-Content/common.txt -mc 200,301,302
```

### dirsearch

```bash theme={"dark"}
dirsearch -u http://TARGET -e php,html,txt
```

***

## Vhost / Subdomain Discovery

```bash theme={"dark"}
ffuf -u http://TARGET -H "Host: FUZZ.target.com" -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-5000.txt -fs <default_size>
```

```bash theme={"dark"}
gobuster vhost -u http://TARGET -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-5000.txt
```

***

## Parameter Fuzzing

```bash theme={"dark"}
ffuf -u "http://TARGET/page?FUZZ=test" -w /usr/share/seclists/Discovery/Web-Content/burp-parameter-names.txt -mc 200
```

***

## robots.txt / sitemap.xml

```bash theme={"dark"}
curl http://TARGET/robots.txt
curl http://TARGET/sitemap.xml
```

***

## Source Code

```bash theme={"dark"}
curl http://TARGET | grep -i "comment\|password\|api\|key\|secret\|token"
```

### .git Exposure

```bash theme={"dark"}
curl http://TARGET/.git/HEAD
# If 200 → dump with git-dumper
pip3 install git-dumper
git-dumper http://TARGET/.git/ output/
```

### .env / Backup Files

```bash theme={"dark"}
curl http://TARGET/.env
curl http://TARGET/config.php.bak
curl http://TARGET/web.config
```

***

## CMS Detection

### WordPress

```bash theme={"dark"}
wpscan --url http://TARGET --enumerate u,p,t
wpscan --url http://TARGET -U admin -P /usr/share/wordlists/rockyou.txt
```

### Joomla

```bash theme={"dark"}
joomscan -u http://TARGET
```

### Drupal

```bash theme={"dark"}
droopescan scan drupal -u http://TARGET
```

***

## NSE Scripts

```bash theme={"dark"}
nmap -p 80 --script http-enum TARGET
nmap -p 80 --script http-title TARGET
nmap -p 80 --script http-methods TARGET
nmap -p 80 --script http-vuln* TARGET
nmap -p 80 --script http-robots.txt TARGET
nmap -p 443 --script ssl-enum-ciphers TARGET
```

***

## Quick Reference

| Check          | Command                                            |
| -------------- | -------------------------------------------------- |
| Fingerprint    | `whatweb http://TARGET`                            |
| Directory bust | `gobuster dir -u http://TARGET -w list.txt`        |
| Vhost enum     | `ffuf -H "Host: FUZZ.target.com" -u http://TARGET` |
| WordPress scan | `wpscan --url http://TARGET`                       |
| Git dump       | `git-dumper http://TARGET/.git/ output/`           |
