After reading the book The Web Applicaition Hacker’s Handbook. I thought why not make a checklist for hacking websites with tools, tips and write-ups. And so a few months later I made a checklist. It is still in progress and need some more information about different kind of websites like WordPress, Drupal, Jira and so on. So if you have some tips send a pull request.

It covers 6 sub-taks recon and analysis, session management, authetication, authorization, client side attakcs, miscellaneous tests and information disclosure. In every sub-taks there are tools, tips and some write-ups about the vulnerablities of that sub-task. Here a snippet from the recon and analysis sub-taks. If you want to see more click here.

Information Gathering

  • Harvesting public information
  • Automated discovery
  • Automated application discovery

Harvesting public information

Command Description
Go to Shodan -> Insert company name or domain -> Search -> Results Use Shodan to find public ip
Go to Arin.net -> Insert company name or domain -> Under the tab Network -> Net Range Use American Registry for internet numbers
Go to Hurricane Electric Insert company name or domain -> Search -> Results Use the Internet Backbone and Colocation Provider