search

Reconnaissance/Enumeration

1

hashtag
Basic manual enumeration

hashtag
1. Source code review

  • Look for any leaked information: usernames, passwords, credentials, etc.

hashtag
2. API inspection (BurpSuite)

hashtag
2.1 Intercept all HTTP traffic with BurpSuite

  • Walk-through the website manually

    • Target -> Sitemap to view the generated sitemap

hashtag
2.2 Inspect the traffic and look for any interesting values that can be injected or manipulated

a. HTTP request/response headers

  • Server , X-Powered-By: leak of server technology and version

  • Other X-xxx type headers

b. Query parameter

c. Request data

2

hashtag
Directory/subdomain enumeration

  1. dirsearch 

$

  1. gobuster/ffuf/wfuzz 

$

hashtag
Interesting directories

Logowstg/document/4-Web_Application_Security_Testing/01-Information_Gathering/03-Review_Webserver_Metafiles_for_Information_Leakage.md at master · OWASP/wstgGitHubchevron-right

  1. robots.txt

  2. sitemap.xml

...

3

hashtag
Automated vulnerability scanning

hashtag
3.1 Nessus

LogoTenable Nessus Essentials Vulnerability ScannerTenable®chevron-right

nikto, ZAP, etc.

4

hashtag
Additional enumeration

The following additional enumeration can be performed in the event that we are unable to find any useful information from the first few steps.

paramspider, arjun, katana, etc. and any other open source automated web pentesting tools...

Previousto split into sectionsNextExploitation/initial access

Last updated