1. Footprint the Web Infrastructure

Web infrastructure footprinting helps you to identify vulnerable web applications, understand how they connect with peers and the technologies they use, and find vulnerabilities.

1. Web Applications recon using Nmap and telnet

sudo nmap -vv -A -T4 certifiedhacker.com  //aggressive scan
telnet certifiedhacker.com 80

2. Web Applications recon using Whatweb

whatweb -v certifiedhacker.com  //verbose information

3. Web spidering using ZAP

Launch an automated scan and go to the spidering tab to view pages.

4. Detect Load Balancers using various tools

dig (you get multiple IPs)

lbd

5. Identify webserver directories

Nmap

nmap -sV --script http-enum certifiedhacker.com

gobuster

gobuster dir -u certifiedhacker.com -w /usr/share/worlists/WORDLIST

dirsearch

Example dirbusting

6. Vulnerability scanning using Vega

7. Identify Clickjacking using Clickjackpoc

python3 clickJackPoc.py -f domains.txt \\save domain in a file

8. Perform Web Application Vulnerability Scanning using SmartScanner

Last updated

Was this helpful?