After reading the book The Web Application Hacker’s Handbook. I thought why not make a checklist for hacking websites with tools, tips and write-ups. And so a few months later I made a checklist. It is still in progress and it needs some more information about different kind of websites like WordPress, Drupal, Jira and so on. So if you have some tips send a pull request.
It covers 6 sub-taks recon and analysis, session management, authetication, authorization, client side attakcs, miscellaneous tests and information disclosure. In every sub-taks there are tools, tips and some write-ups about the vulnerablities of that sub-task. Here a snippet from the recon and analysis sub-taks. If you want to see more click here.
- Harvesting public information
- Automated discovery
- Automated application discovery
Harvesting public information
|Go to Shodan -> Insert company name or domain -> Search -> Results||Use Shodan to find public ip|
|Go to Arin.net -> Insert company name or domain -> Under the tab Network -> Net Range||Use American Registry for internet numbers|
|Go to Hurricane Electric Insert company name or domain -> Search -> Results||Use the Internet Backbone and Colocation Provider|