1. Footprint the Webserver

An ethical hacker or penetration tester must perform footprinting to detect the loopholes in the web server of the target organization.

1. Information gathering using Ghost Eye

git clone https://github.com/BullsEye0/ghost_eye.git
cd ghost_eye
pip3 install -r requirements.txt

Now launch it

python3 ghost-eye.py

We can use the tool for WHOIS lookup, DNS etc and also scan for clickjacking vulnerability

nc -vv certifiedhacker.com 443
GET / HTTP/1.0

telnet certifiedhacker.com 443
GET / HTTP/1.0

nmap -sV --script http-enum certifiedhacker.com

Now to enumerate the hostnames use the following script

nmap --script hostmap-bft -script-args hostmap.bfk=hostmap- certifiedhacker.com

http trace scanner

nmap --script http-trace certifiedhacker.com

Http WAF (Firewall) detection

nmap -p 80 --script http-waf-detect certifiedhacker.com

Last updated 1 month ago