Methodology
Enumerate and discover about target application.
Checklist
Section titled “Checklist”vhost discovery
Section titled “vhost discovery”Wordlist:
- Seclists > Discovery > DNS
- Assetnote Best DNS Wordlist
ffuf -u <target> -w /path/to/wordlist.txt -H "Host: FUZZ.target.com" -fs <size-filter>DNS record analysis
Section titled “DNS record analysis”host <target>dnsrecon -d <target>Tech Stack
Section titled “Tech Stack”- operating system →
Server:orViaheader,nmap -O -Pn <target> - web server ver. → Wappalyzer,
curl -I https://<target> - frontend → Wappalyzer, view source
- backend → headers, error messages, files, endpoint, nmap
- databases → error messages, files
Common files
Section titled “Common files”- robots.txt
- sitemap.xml
- .htaccess
- security.txt
- browserconfig.xml
- etc
- crossdomain.xml
- .git
- .env
Endpoints
Section titled “Endpoints”- directory enumerations
- parameter discovery
- api mapping
- Fuzz for hidden endpoints, files, parameters, methods, etc
Frontend checks
Section titled “Frontend checks”- Inspect page source
- Look for sensitive information
- Links
- Hardcoded API keys, secrets, credentials