1. Footprint the Web Infrastructure

1. Web Applications recon using nmap and telnet

sudo nmap -vv -A -T4 certifiedhacker.com  //aggressive scan
telnet certifiedhacker.com 80

2. Web Applications recon using Whatweb

whatweb -v certifiedhacker.com  //verbose information

3. Web spidering using ZAP

Launch an automated scan and go to the spidering tab to view pages.

4. Detect Load Balancers using various tools

dig (you get multiple IPs)

lbd

5. Identify webserver directories

nmap

nmap -sV --script http-enum certifiedhacker.com

gobuster

gobuster dir -u certifiedhacker.com -w /usr/share/worlists/WORDLIST

dirsearch

6. Vulnerability scanning using Vega

7. Identify Clickjacking using Clickjackpoc

python3 clickJackPoc.py -f domains.txt \\save domain in a file

PreviousModule 14. Hacking Web ApplicationsNext2. Perform Web applications Attacks

Last updated