1 Conduct Google/Shodan/Censys Discovery and Reconnaissance for Information Leakage
2 Fingerprint Web Server
3 Review Webserver Metafiles for Information Leakage, robots.txt
4 Enumerate Applications on Webserver
5 Review Webpage Comments and Metadata for Information Leakage
6 Identify application entry points
7 Map execution paths through application
8 Fingerprint Web Application Framework
9 Fingerprint Web Application
10 Map Application Architecture
11 Find subdomains
12 Find IP Address for domain
13 Identify WAF
14 Find Real IP address for domain, if applicable
-
Follow
Following
Already have a WordPress.com account? Log in now.
Zeeshan Sahi's blog 