Web_Applications

For more Detailed Guide Take a look at Web_Recon

Web App Enum

Web App Enum refers to the process of identifying and categorizing different components and functionalities of a web application, such as pages, forms, input fields, buttons, and links, in order to assess its security posture and potential vulnerabilities.

we can use wappalyzer extension to know the tech of the web app (the OS on which the app is running on , the web server, the Programming language and sometimes the database server ) OR using command line tool whatweb

it’s important to know which database service the app using in order to know it u have to fuzz the app so it replies u with an error

As we speak about fuzzing, let’s fuzz the application to know what directories and files it has we will use wfuzz :

wefuzz -c -z file,usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt --hc 404,301,302 http://example.com/FUZZ

or using GUI tool like dirbuster

PreviousBuffer_Overflow_Attacks NextPrivilege_Escalation

Last updated 21 days ago