Website (external)

DNS Reconnaissance
- Command/tool: dig example.com
- Online resource: https://dnsdumpster.com/
- Online resource: https://searchdns.netcraft.com/
Check Wayback machine to view old files like robots.txt and URLs - maybe some of the old functionality still exists in the new site. Tools: waybackurls.py (https://gist.github.com/mhmdiaa/adf6bff70142e5091792841d4b372050)
Subdomain discovery
- Tool: knockpy (https://github.com/guelfoweb/knock)
- Tool: sublist3r (https://github.com/aboul3la/Sublist3r) Example command: python sublis3r.py -d example.com -p 80 443
- Tool: SubBrute (https://github.com/TheRook/subbrute) Example command: ./subbrute.py example.com
Vulnerability Scanning
- Run a web vulnerability scanner against the asset. Tool: nikto --host www.example.com

Miscellaneous

Check page source for comments and information
Check robots.txt file
Run through transactions and collect the user flow to check for vulnerabilities Tool: BurpSuite

Map the application

Spidering Tool: BurpSuite
Brute force / dictionary attack tool Tool: dirsearch Tool: feroxbuster Tool: gobuster
Application-specific wordlists

Information to collect

Software used, and version (check "about", look for copyright years, "help" links that lead to documentation)
Login pages
Directories
External user input (search bars, contact us forms)
php info pages

Exploits

Check for software used
- "Powered by" banners at the bottom of the site
- Identifiers or comments in page source code
- Versions can be found in copyright year, "help" links, "about" links
Search for default usernames and passwords
Search for exploits (CVEs)

Last updated 1 year ago

DNS Reconnaissance
- Command/tool: dig example.com
- Online resource: https://dnsdumpster.com/
- Online resource: https://searchdns.netcraft.com/
Check Wayback machine to view old files like robots.txt and URLs - maybe some of the old functionality still exists in the new site. Tools: waybackurls.py (https://gist.github.com/mhmdiaa/adf6bff70142e5091792841d4b372050)
Subdomain discovery
- Tool: knockpy (https://github.com/guelfoweb/knock)
- Tool: sublist3r (https://github.com/aboul3la/Sublist3r) Example command: python sublis3r.py -d example.com -p 80 443
- Tool: SubBrute (https://github.com/TheRook/subbrute) Example command: ./subbrute.py example.com
Vulnerability Scanning
- Run a web vulnerability scanner against the asset. Tool: nikto --host www.example.com

Miscellaneous

Check page source for comments and information
Check robots.txt file
Run through transactions and collect the user flow to check for vulnerabilities Tool: BurpSuite

Map the application

Spidering Tool: BurpSuite
Brute force / dictionary attack tool Tool: dirsearch Tool: feroxbuster Tool: gobuster
Application-specific wordlists

Information to collect

Software used, and version (check "about", look for copyright years, "help" links that lead to documentation)
Login pages
Directories
External user input (search bars, contact us forms)
php info pages

Exploits

Check for software used
- "Powered by" banners at the bottom of the site
- Identifiers or comments in page source code
- Versions can be found in copyright year, "help" links, "about" links
Search for default usernames and passwords
Search for exploits (CVEs)

Last updated 1 year ago