Web application Information Gathering

on
These commands can be used to gather information

  1. Host
  2. Ping
  3. whois
  4. fierce --dns << url >>
  5. theharvester
  6. whatweb <<url>>
  7. Fuff *
  8. dirb <<url>>, by default it chooses common.txt wordlist
  9. Use burp to crawl the URL.
  10. Check HTTP or HTTPS - use wireshark.
  11. Google hack/dork:-
  12. Go to settings >> advanced settings
    1. Query language - inurl, allinurl, intext, allintext, intitle, allintitle, site, source,filetype, related, define, “”, - , _, *, (), AND, OR, #..#
      1. Example : - 
      2. site: << >>
      3. site: << >> AND (inurl:login)


Comments

Post a Comment