Hacking Web Applications
Jump to navigation
Jump to search
NOTE: This page is under construction
Reconnaissance
Passive
Dorking
DNS Enumeration
Domain Information
Certificate Information
Web Stack Technology Identification
Port Scanning & Service Analysis
Discovering Historical Data
ASN Enumeration
Active
Security Control Identification
Port Scanning & Service Enumeration
Subdomain Enumeration
Web Stack Technology Identification
Walking the Application
Web Crawling
Source Code Analysis - JavaScript
Content Discovery
Subdomain Brute-forcing
Directory Brute-forcing
Parameter Fuzzing
Endpoint Analysis
Vulnerability Scanning
CVE Discovery
Misconfiguration Discovery
Common Vulns
Content Management System & Plugins
Application Analysis
Bypassing Security Controls
Exploit Discovery
Payloads
Open Redirects
IDOR
Authentication
File Upload Vulnerabilities
Low Hanging Fruits
S3 Buckets
Subdomain Takeover
Exposed Assets
Injections
Default Credentials
Exposed Secrets
Tools
Tool | Description | Link |
---|---|---|
Example | Example | Example |
Example | Example | Example |
Example | Example | Example |