Pentration Testing – Reconnassaince and Information GatheringIn penetration testing, the first thing to do is always to do reconnassaince and gather information about your target. Information such as subdomains, directories, firewall, web server, php version are just few of the many crucial information that you will need 1. Finding subdomains or relating links There are multiple methods to go about this, and all should be employed when doing reconnaissance.
Subdomain Enumeration Sometimes a website have data in their subdomain that can be exploited too.
If your target is on the public web, you can use dnsdumpster If your target is within an intranet, you will have to download tools such as subbrute which is in python. If you need a lightweight version, you can take a look at a python script i made herewafw00f to detect the type of firewall behind a web server, or if there is any at all. There is also a nmap script http-waf-detect that does this 3. Finding website information To find information about the website such as cms, php version, plugins, … You can use wapplyzer which has both a online version and a browser plugin and whatweb which also has an offline and online version. CONCLUSION These information are crucial as they tell you possible attack points, and potential flaws and vulnerabilities in the target system. With these information, you are now better prepared to head into the actual penetration testing