# 1. Footprint the Web Infrastructure ## 1. Web Applications recon using Nmap and telnet ``` sudo nmap -vv -A -T4 certifiedhacker.com //aggressive scan ``` ``` telnet certifiedhacker.com 80 ``` ## 2. Web Applications recon using Whatweb ``` whatweb -v certifiedhacker.com //verbose information ``` ## 3. Web spidering using ZAP Launch an automated scan and go to the spidering tab to view pages.

## 4. Detect Load Balancers using various tools **dig (you get multiple IPs)**

**lbd**

## 5. Identify webserver directories {% embed url="" %} **Nmap** ``` nmap -sV --script http-enum certifiedhacker.com ``` **gobuster** ``` gobuster dir -u certifiedhacker.com -w /usr/share/worlists/WORDLIST ```

**dirsearch** {% embed url="" %} {% embed url="" %} Example dirbusting {% endembed %} ## 6. Vulnerability scanning using Vega {% embed url="" %} ## 7. Identify Clickjacking using Clickjackpoc {% embed url="" %} ``` python3 clickJackPoc.py -f domains.txt \\save domain in a file ```

## 8. Perform Web Application Vulnerability Scanning using SmartScanner {% embed url="" %} ### Best CEH practical Course {% embed url="" %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://ceh-practical.cavementech.com/module-14.-hacking-web-applications/1.-footprint-the-web-infrastructure.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.