# 3. Configuración del servidor

## 1. Servicios expuestos

* NMAP

```bash
nmap -sV -vv IP|dominio --script vulners
```

* [MASSCAN](https://github.com/robertdavidgraham/masscan)

```bash
masscan IP|dominio -p numPuerto
```

* [Amass](https://github.com/OWASP/Amass)

```bash
amass enum -d dominio
```

* NIKTO 

```
nikto -h IP|dominio:puerto
```

## 2. WAF

Herramientas de detección:

* <https://github.com/Ekultek/WhatWaf>
* <https://github.com/EnableSecurity/wafw00f>

{% hint style="info" %}
Recursos:

* <https://github.com/0xInfection/Awesome-WAF>
* <https://github.com/nemesida-waf/waf-bypass>
  {% endhint %}

## 3. TLS/SSL

Evaluar conexiones SSL/TLS para asegurar que los cifrados son robustos. Se evalúan protocolos aceptados por el servidor, suites de cifrado, vulnerabilidades SSL conocidas que puedan afectar al servidor...

Herramientas:

* [SSLSCAN ](https://www.kali.org/tools/sslscan/)

```
sslcan IP|dominio
```

* [TESTSSL](https://github.com/drwetter/testssl.sh)&#x20;

```
testssl IP|dominio
```

* [SSLYZE](https://github.com/nabla-c0d3/sslyze)

```
sslyze IP|dominio
```

* Online
  * <https://ssllabs.com>
  * <https://crt.sh>
  * <https://censys.io>

{% hint style="info" %}
Recursos:

<https://www.flu-project.com/2020/09/suites-de-cifrado-tlsssl-parte-i.html>

<https://www.flu-project.com/2020/09/suites-de-cifrado-tlsssl-parte-ii.html>

<https://www.flu-project.com/2020/09/suites-de-tlsssl-parte-iii.html>

<https://www.flu-project.com/2020/09/suites-de-tlsssl-parte-iv.html>
{% endhint %}