Web Recon Workflow
Web application reconnaissance methodology
Web Information GatheringTip: Click on any node to see related information!
Interactive Mind Map
graph TD
A[Target URL] --> B[Technology Fingerprint]
B --> C[Subdomain Enum]
C --> D[Directory Fuzzing]
D --> E[Parameter Discovery]
E --> F[Endpoint Mapping]
F --> G[Authentication Testing]
G --> H[Vulnerability Testing]
Related Modules
Quick Reference
Subdomains
subfinder -d domain.com # Fast passive subdomain enumeration amass enum -d domain.com # Comprehensive subdomain enumeration
Directory Fuzzing
ffuf -u http://10.10.10.5/FUZZ -w wordlist.txt # Fuzz directories with ffuf gobuster dir -u http://10.10.10.5 -w wordlist.txt # Brute force directories with gobuster
Tech Stack
whatweb http://10.10.10.5 # Identify web technologies wappalyzer # Browser extension for tech profiling
Virtual Hosts
ffuf -u http://10.10.10.5 -H 'Host: FUZZ.domain.com' -w vhosts.txt # Fuzz for virtual hosts