Pentration Testing – Reconnassaince and Information Gathering
In penetration testing, the first thing to do is always to do reconnassaince and gather information about your target. Information such as subdomains, directories, firewall, web server, php version are just few of the many crucial information that you will need
1. Finding subdomains or relating links
There are multiple methods to go about this, and all should be employed when doing reconnaissance.
Sometimes a website have data in their subdomain that can be exploited too.
If your target is on the public web, you can use dnsdumpster
If your target is within an intranet, you will have to download tools such as subbrute which is in python. If you need a lightweight version, you can take a look at a python script i made here
2. Finding firewall information
In linux and windows, you can use wafw00f to detect the type of firewall behind a web server, or if there is any at all. There is also a nmap script http-waf-detect that does this
3. Finding website information
To find information about the website such as cms, php version, plugins, … You can use wapplyzer which has both a online version and a browser plugin and whatweb which also has an offline and online version.
These information are crucial as they tell you possible attack points, and potential flaws and vulnerabilities in the target system. With these information, you are now better prepared to head into the actual penetration testing