gobuster

General scan

./go/bin/gobuster dir -u http://example.com -w /usr/share/wordlists/dirb/common.txt -t 40 -e

Bigger wordlist and extensions

gobuster dir -u http://example.com -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x php,txt,html,sql -t 40 -e

run trough burpsuite

~/go/bin/gobuster dir -u http://192.168.56.101:12380 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x php,sql,html,txt  -t 40 -e -p http://127.0.0.1:8080

kadimus

LFI Scan & Exploit Tool (@hc0d3r - P0cL4bs Team)

general scan, through burp and save results

kadimus -u http://192.168.56.103/?page=login --proxy http://127.0.0.1:8080 --output outputfile

get file

kadimus -u http://192.168.56.103/?page=login --parameter page --get-source --filename "login" --proxy http://127.0.0.1:8080

nikto

General scan

nikto -h [hostname/ip]

Output to file

nikto -h [hostname/ip] -output [filename]

run trough burpsuite

LW_SSL_ENGINE=SSLeay

nikto -h [hostname/ip] -useproxy http://localhost:8080/

wpscan

General scan (mostly passive)

get all vuln plugins/themes, get Timthumbs, config backups, Medias and users

wpscan --url https://192.168.56.101:12380/blogblog/ --disable-tls-checks --enumerate vp,vt,tt,cb,dbe,u,m

General scan + WPVulnDB API

wpscan --url https://192.168.56.101:12380/blogblog/ --disable-tls-checks --enumerate vp,vt,tt,cb,dbe,u,m --api-token TOKEN

Aggressive scan + WPVulnDB API (go ham)

wpscan --url https://192.168.56.101:12380/blogblog/ --disable-tls-checks --enumerate ap,at,tt,cb,dbe,u,m --detection-mode aggressive --plugins-detection aggressive --plugins-version-detection aggressive --api-token TOKEN