Website Penetration test

Hello everybody,

May I know how to perform penetration testing on an ip adress + port number ex (10.10.10.100:4000) ?

Web content scanner
Ex: #dirb http://www.exploit-db.com/multillidae , the following does not work

#dirb http://10.10.10.100:4000

Maltego as well I cannot scan by ip address / Port number. Any other alternatives?

Thanks for your attention!!

I would first see if I can find out what is running on port 4000.
And then use an application specific exploit.

dirb is only for hidden directories and files.
maltego is for information gathering.

And maybe Nessus is what you are looking for.

1 Like

You need to change the database name from “metasploit” to “owasp10” in the “config.inc” file.

In Metasploitable VM navigate to /var/www/mutillidae
Type, “sudo nano config.inc”
Change the database name from ‘metasploit’ to ‘owasp10’ :
Restart Apache by typing, “sudo /etc/init.d/apache2 reload”
Lastly open Mutillidae in a browser
Click, “Reset DB”

I hope this helps :slight_smile:

1 Like

Hi Edwin,

Back End server using random port number for security purposes.

I will have a look at Nessus if can scan ip address with any port numbers.

Thanks for response