# 1. Footprint the Web Infrastructure
## 1. Web Applications recon using Nmap and telnet
```
sudo nmap -vv -A -T4 certifiedhacker.com //aggressive scan
```
```
telnet certifiedhacker.com 80
```
## 2. Web Applications recon using Whatweb
```
whatweb -v certifiedhacker.com //verbose information
```
## 3. Web spidering using ZAP
Launch an automated scan and go to the spidering tab to view pages.
## 4. Detect Load Balancers using various tools
**dig (you get multiple IPs)**
**lbd**
## 5. Identify webserver directories
{% embed url="" %}
**Nmap**
```
nmap -sV --script http-enum certifiedhacker.com
```
**gobuster**
```
gobuster dir -u certifiedhacker.com -w /usr/share/worlists/WORDLIST
```
**dirsearch**
{% embed url="" %}
{% embed url="" %}
Example dirbusting
{% endembed %}
## 6. Vulnerability scanning using Vega
{% embed url="" %}
## 7. Identify Clickjacking using Clickjackpoc
{% embed url="" %}
```
python3 clickJackPoc.py -f domains.txt \\save domain in a file
```
## 8. Perform Web Application Vulnerability Scanning using SmartScanner
{% embed url="" %}
### Best CEH practical Course
{% embed url="" %}