Tuesday, June 7, 2016

Web-App Penetration Testing Cheat-Sheet

Target: example.com
  1. example.com/robots.txt
  2. Login Page? Default Credentials.
  3. Wordpress: wpscan --url example.com --enumerate vp --random-agent
  4. nikto -host test.com
  5. wfuzz -I -c t 60 -w your_dictionary.txt  --hc 404,302 http://example.com/FUZZ.php // i like it more than dirbuster
  6. Open Burp Suite, explore application, analyze requests/responses.
  7. Pass to every parameter character validation locator '">my_string\ //there Apostrophe, Quote and escaping char at the end.
  8. Configure Burp to intercept responses if "my_string" is found. // This may reveal XSS & SQL Injection and other errors
  9. Is there file upload functionality?
  10. "page" param in url? LFI/RFI?
  11. XML? XXE.
  12. See console-alike output? Command Injection?
  13. In case of command injection, don't forget to: nc sudo.co.il 5353
  14. Is there WebSockets? Open network tab in browser or Burp Suite for easy examination.
  15. Google for outdated scripts: site:example.com ext:php
  16. In google's results, append to the end of url: &filter=0&start=900 to analyze most outdated results.
  17. Look for application logic issues: like sending price in request.
  18. Suggestions??

quick post... any suggestions?


  1. Good security companies will go the extra mile to make sure that you have adequate coverage so you do not need to worry if your home is secure or not.fire watch

  2. Great HELP !!!
    only 1 correction :
    4) should be nikto -host example.com (That's the target ;) )