Yet another update to the previous post, I keep adding and fixing things on that enumerator script.. let see where its going to end! In order to address the lack of SSL enumeration in the previous versions I have added to the script:
- nikto (for both http and https hosts)
Those two should be enough.. at least for an initial feel of the environment and the targets available. After that you can go crazy and hit your targets with dirbuster or webslayer or dirs3arch.. or whatever floats your boat really. I have left nikto pretty much with its most basic options... which kind of crosses over to more of a vulerability assessment field. Its much noisier from an IDS perspective so be warned.. at some point I will tune it down to exactly what I would like it to do..
Finally, I remembered to add --reason to my nmaps also -n (DNS enumeration is a different subject) and -vvv just so we get all the information we need from the initial scans.. no need for do-overs!
Hope you find it useful, as usual latest version available in the same place... here
Thanks for reading