Scribd
Upload
107 views2 pages

Web App Direction

This document provides instructions for performing passive and active reconnaissance, using tools like the Wayback Machine, Fierce, dig, theHarvester, OSRFramework, Whois, DNSenum, dnsdumpster, Reverse IP lookups, Nmap, subbrute, WhatWeb, Recon-NG, and dirb. It also includes tips for Google dorking, fingerprinting web application frameworks, identifying HTTP methods, and URL encoding. The goal is to gather as much open source intelligence and information about the target as possible through passive and active methods.

Uploaded by

student
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
107 views2 pages

Web App Direction

This document provides instructions for performing passive and active reconnaissance, using tools like the Wayback Machine, Fierce, dig, theHarvester, OSRFramework, Whois, DNSenum, dnsdumpster, Reverse IP lookups, Nmap, subbrute, WhatWeb, Recon-NG, and dirb. It also includes tips for Google dorking, fingerprinting web application frameworks, identifying HTTP methods, and URL encoding. The goal is to gather as much open source intelligence and information about the target as possible through passive and active methods.

Uploaded by

student
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 2

Passive recon

-------------

[Link]-master -> python [Link] [Link]


[Link] -> fierce --domain [Link]
[Link] -> dig [Link] ns
[Link] -> theHarvester -d [Link] -b google [many more as
google source checkout theHarvester -h]
[Link] -> [ [Link] ; [Link] --whois -n
targetname ; [Link] -n targetname ; [Link] -q targetname ; [Link] -n
targetname ; etc]
[Link] -> whois [Link]
[Link] -> dnsenum [Link]
[Link] -> [Link]
[Link] IP -> [Link]

Active recon
------------

[Link] -> nmap --script dns-brute --script-args dns-


[Link]=[Link]
[Link] -> nmap -sV -p 80 --script http-enum target-ip
[Link] -> ./[Link] [Time taken]
[Link] -> WhatWeb [Link]

Google Dorks
------------

[Link] error -> "SQL Server Drive][SQL Server]Line 1:Incorrect


syntax near" site:[Link]
[Link] -> site:[Link] filetype:pdf
[Link] -> intitle:admin or inurl:admin site:[Link]
[Link] -> ext:pdf site:[Link]
[Link] word in path -> inurl:/download site:[Link]
[Link] -> intitle:"user login" site:[Link]
[Link] -> [Link] intext:"SELECT" ext:sql site:[Link]
[Link] -> intext: "target signature"
site:com/net/in/[Link]/etc
[Link] of -> intitle:"index of" pdf remote code execution

Recon-Ng
--------

-> modules load recon/domains-hosts/hackertarget


-> options set SOURCE [Link]
-> run

from bing search


----------------

-> modules load bing_domain_web


-> options set SOURCE [Link]
-> run
-> show hosts
Fingerprinting web app framework
--------------------------------

-> whatweb -v [Link]


-> Response from requested web server in browser network area and by using burp.
-> Comments in HTML page also revil framework

Identifying HTTP methods using Nmao


-----------------------------------

->nmap --script http-methods -p80,443,8080 [Link]

Directory Brute force


---------------------

-> dirb [Link]

->[Link]
URLS
----

[Link]

encoder
-------
[Link]

You might also like