After reading the book The Web Application Hacker’s Handbook. I thought why not make a checklist for hacking websites with tools, tips and write-ups. And so a few months later I made a checklist. It is still in progress and it needs some more information about different kind of websites like WordPress, Drupal, Jira and so on. So if you have some tips send a pull request.

It covers 6 sub-tasks recon and analysis, session management, authentication, authorization, client-side attakcs, miscellaneous tests and information disclosure. In every sub-tasks, there are tools, tips and some write-ups about the vulnerabilities of that sub-task. Here a snippet from the recon and analysis sub-tasks. If you want to see more click here.

Information Gathering

  • Harvesting public information
  • Automated discovery
  • Automated application discovery

Harvesting public information

Command Description
Go to Shodan -> Insert company name or domain -> Search -> Results Use Shodan to find public ip
Go to -> Insert company name or domain -> Under the tab Network -> Net Range Use American Registry for internet numbers
Go to Hurricane Electric Insert company name or domain -> Search -> Results Use the Internet Backbone and Colocation Provider