- Login Page? Default Credentials.
- Wordpress: wpscan --url example.com --enumerate vp --random-agent
- nikto -host test.com
- wfuzz -I -c t 60 -w your_dictionary.txt --hc 404,302 http://example.com/FUZZ.php // i like it more than dirbuster
- Open Burp Suite, explore application, analyze requests/responses.
- Pass to every parameter character validation locator '">my_string\ //there Apostrophe, Quote and escaping char at the end.
- Configure Burp to intercept responses if "my_string" is found. // This may reveal XSS & SQL Injection and other errors
- Is there file upload functionality?
- "page" param in url? LFI/RFI?
- XML? XXE.
- See console-alike output? Command Injection?
- In case of command injection, don't forget to: nc sudo.co.il 5353
- Is there WebSockets? Open network tab in browser or Burp Suite for easy examination.
- Google for outdated scripts: site:example.com ext:php
- In google's results, append to the end of url: &filter=0&start=900 to analyze most outdated results.
- Look for application logic issues: like sending price in request.
quick post... any suggestions?
Good security companies will go the extra mile to make sure that you have adequate coverage so you do not need to worry if your home is secure or not.fire watchReplyDelete
Great HELP !!!ReplyDelete
only 1 correction :
4) should be nikto -host example.com (That's the target ;) )
That is exactly what you see in cheatsheet.Delete