HTTP enumeration – HTTP is a stateless application layer protocol typically using TCP port 80 and communicating over the world wide web.
You can trace the TTP service and get a lot of information about the target system to get to it.
MSF has HTTP modules in addition to MSF modules that enumerate HTTP service information. They will also help you look for backup files in the webserver list directory, check the validity of the SSL certificate displayed on the web server, but mostly the authentication helper modules will be listed under the helper HTTP enumeration.
And one more thing about the port: HTTP uses 80, and when it comes to HTTPS, it uses 443, but both ports are optional. Why you’re asking? Administrators can easily change the port on which the web application is served, so be careful.
HTTP enumeration in Metasploit
First, we need to open the Metasploit so type the following command.
search http type:auxiliary
Now choose which module you want to execute. I choose the auxiliary/scanner/http/crawler module. If you select a module means to set that module with the use command
After that type the below quires that will help you to guide how to use the selected module
Now we need to set the required parameter, for example, in our selected module it needs RHOST, so I set RHOST using the set command.
set RHOSTS 18.104.22.168
After setting the required parameters, enter the run command.
This is a format, so you can use any HTTP enumeration module, but it will set the required parameter correctly to only return the result; otherwise, an error will be displayed.