Please enable JavaScript.
Coggle requires JavaScript to display documents.
Information gathering (in web app) - Coggle Diagram
Information gathering (in web app)
Active information gathering
subdomain enumeration
vhosts
gobuster vhost -w wordlist -u
http://ip
or domain --exclude-length
dns
gobuster dns -w wordlist --do domain
directory scan
gobuster dir -u
http://example.com
-w /path/to/wordlist.txt
file/page scan
gobuster dir -u 172.20.8.56 -w /root/Desktop/misc/SecLists/Discovery/Web-Content/common.txt --extensions php -v
Passive information gethering
whois
online tools
https://www.whois.com/whois
https://lookup.icann.org/en/lookup
https://lookup.icann.org/en/lookup
command line
whois target.com
identifing the used technologies
Tools and methods
Online tools
https://builtwith.com/
https://www.wappalyzer.com/
browsers extentions
https://www.whatruns.com/
https://www.wappalyzer.com/
command line
curl --head
http://target.com
Technology Identification Indicators
Cookies
(the cookies name can indicate the technologies used
e.g: laravel_session-->Laravel)
HTML source code
( the html tags may include references to the technologies used )
e.g: <meta name="generator" content="WordPress 3.9.2" /> --> WordPress
General indicators
framework name
powered by
built upon
running
Internet archive - wayback machine
The Wayback Machine helps retrieve old web content for research, security analysis, and recovering lost information.
Google dorks
site , filetype , intext, intitle , inurl
google hacking database:
https://www.exploit-db.com/google-hacking-database
site , filetype , intext, intitle , inurl
google hacking database:
https://www.exploit-db.com/google-hacking-database
meta files
robots.txt
sitemap
robots.txt
security.txt
humans.txt
DNS enumeration
https://dnsdumpster.com/
host exemple.com
dig
nslookup
theHarvester
sitereport.netcraft.com
viewdns.info
mxtoolbox.com