Webhacking
After reading the book The Web Application Hacker’s Handbook. I thought why not make a checklist for hacking websites with tools, tips and write-ups. And so a few months later I made a checklist. It is still in progress and it needs some more information about different kind of websites like WordPress, Drupal, Jira and so on. So if you have some tips send a pull request.
It covers 6 sub-tasks recon and analysis, session management, authentication, authorization, client-side attakcs, miscellaneous tests and information disclosure. In every sub-tasks, there are tools, tips and some write-ups about the vulnerabilities of that sub-task. Here a snippet from the recon and analysis sub-tasks. If you want to see more click here.
Information Gathering
- Harvesting public information
- Automated discovery
- Automated application discovery
Harvesting public information
| Command | Description |
|---|---|
| Go to Shodan -> Insert company name or domain -> Search -> Results | Use Shodan to find public ip |
| Go to Arin.net -> Insert company name or domain -> Under the tab Network -> Net Range | Use American Registry for internet numbers |
| Go to Hurricane Electric Insert company name or domain -> Search -> Results | Use the Internet Backbone and Colocation Provider |
