Web

Methodology

Passive Information Gathering

• Host

  • Host

• Whois

  • Whois

  • Whois History

• Web Application Firewall & identify real IP

  • WafW00f

  • WhatWAF

• Technologies

  • WhatWeb

  • BuiltWith

  • Wappalyzer

• Subdomains

  • Search engines

  • Amass

  • Subfinder

  • Sublist3r

  • AssetFinder

  • Phonebook.cz

• Certificate

  • CRT.sh

• Other domains

  • AnalyzeID

  • AssetFinder

• URL

  • Phonebook.cz

• Email

  • Phonebook.cz

• Archives

• Explore website to gather

  • email

  • phone

  • social networks

  • physical addresses

  • names

• Basic Directories

  • robots.txt

  • sitemap.xml

• Frameworks

  • theHarvester

Active Information Gathering

• Fuzzing (Subdomains, Virtual Host, Directory, Files, Extensions, Parameters)

  • FFUF

  • GoBuster

  • DirBuster

  • RustBuster

  • FeroxBuster

  • Sublist3r (subbrute module)

• DNS Zone Transfer

Exploitation

• Login Panel

  • Identify via response code, time, text

Useful

Download a website

httrack / webhttrack