Reconnaissance/Enumeration

1

Basic manual enumeration

1. Source code review

  • Look for any leaked information: usernames, passwords, credentials, etc.

2. API inspection (BurpSuite)

2.1 Intercept all HTTP traffic with BurpSuite

  • Walk-through the website manually

    • Target -> Sitemap to view the generated sitemap

2.2 Inspect the traffic and look for any interesting values that can be injected or manipulated

a. HTTP request/response headers

  • Server , X-Powered-By: leak of server technology and version

  • Other X-xxx type headers

b. Query parameter

c. Request data

2

Directory/subdomain enumeration

  1. dirsearch 

$

  1. gobuster/ffuf/wfuzz 

$

Interesting directories

Logowstg/document/4-Web_Application_Security_Testing/01-Information_Gathering/03-Review_Webserver_Metafiles_for_Information_Leakage.md at master · OWASP/wstgGitHub

  1. robots.txt

  2. sitemap.xml

...

3

Automated vulnerability scanning

3.1 Nessus

LogoTenable Nessus Essentials Vulnerability ScannerTenable®

nikto, ZAP, etc.

4

Additional enumeration

The following additional enumeration can be performed in the event that we are unable to find any useful information from the first few steps.

paramspider, arjun, katana, etc. and any other open source automated web pentesting tools...

Previousto split into sectionsNextExploitation/initial access

Last updated