Scanning and Recon: Difference between revisions

From Enlace Hacktivista
Jump to navigation Jump to search
Line 47: Line 47:


=== Word Lists ===
=== Word Lists ===
Word lists can be used in your content discovery when performing directory bruteforcing, subdomain bruteforcing and password attacks.
* https://wordlists.assetnote.io
* https://wordlists.assetnote.io
* https://github.com/danielmiessler/SecLists
* https://github.com/danielmiessler/SecLists

Revision as of 19:59, 19 April 2023

These tools will scan web applications for vulnerabilities and misconfigurations, remember that they will cause a lot of traffic making lots of requests.

NOTE: This is not an exhaustive list.

Vulnerability scanners

To quickly cover a lot ground it's a good idea to scan your target using vulnerability scanners as they might be able to discover a vulnerability or misconfiguration that you can't find. To avoid WAFs make sure to use a list of random user-agent strings and a residential proxy list if possible and maybe encode some payloads.

Subdomain enumeration

You can also try ./reconftw.sh -d nasa.gov -s for a more comprehensive subdomain enumeration.

Content discovery

Word Lists

Word lists can be used in your content discovery when performing directory bruteforcing, subdomain bruteforcing and password attacks.

Port scanners

When performing a port scan pay special attention to non-standard ports.

Technology scanners

NOTE: using browser add-ons will change your browser fingerprint and reduce anonymity.

When performing a penetration test we will want to know what technology is running on the target and what version it's running as so that later we can start looking for possible working public exploits.

Web Crawlers

ASN scanners

Google hacking

Exploitation

Payloads

Metasploit

Public exploits

SQL injection (SQLi)

Cross-site scripting (XSS)

Command Injection