1. Footprint the Web Infrastructure
Web infrastructure footprinting helps you to identify vulnerable web applications, understand how they connect with peers and the technologies they use, and find vulnerabilities.
1. Web Applications recon using Nmap and telnet
sudo nmap -vv -A -T4 certifiedhacker.com //aggressive scan
telnet certifiedhacker.com 80
2. Web Applications recon using Whatweb
whatweb -v certifiedhacker.com //verbose information
3. Web spidering using ZAP
Launch an automated scan and go to the spidering tab to view pages.

4. Detect Load Balancers using various tools
dig (you get multiple IPs)

lbd

5. Identify webserver directories
Nmap
nmap -sV --script http-enum certifiedhacker.com
gobuster
gobuster dir -u certifiedhacker.com -w /usr/share/worlists/WORDLIST

dirsearch
6. Vulnerability scanning using Vega
7. Identify Clickjacking using Clickjackpoc
python3 clickJackPoc.py -f domains.txt \\save domain in a file

8. Perform Web Application Vulnerability Scanning using SmartScanner
Last updated
Was this helpful?