Dashboard β€Ί Modules β€Ί Web Information Gathering

Web Information Gathering

Web
> Start Learning

πŸ“– Overview

Techniques for web application reconnaissance including subdomain enumeration, directory fuzzing, and technology fingerprinting.

🎯
2
Exercises
πŸƒ
2
Flashcards
πŸ—ΊοΈ
1
Mind Maps

πŸ“‹ Cheatsheet

Subdomains

subfinder -d domain.com # Fast passive subdomain enumeration
amass enum -d domain.com # Comprehensive subdomain enumeration

Directory Fuzzing

ffuf -u http://10.10.10.5/FUZZ -w wordlist.txt # Fuzz directories with ffuf
gobuster dir -u http://10.10.10.5 -w wordlist.txt # Brute force directories with gobuster

Tech Stack

whatweb http://10.10.10.5 # Identify web technologies
wappalyzer # Browser extension for tech profiling

Virtual Hosts

ffuf -u http://10.10.10.5 -H 'Host: FUZZ.domain.com' -w vhosts.txt # Fuzz for virtual hosts

πŸ’» Command Examples

⚠️ Common Pitfalls

  • Not checking /robots.txt, /sitemap.xml
  • Missing hidden vhosts

πŸ’‘ Exam Survival Tips

  • Add discovered hostnames to /etc/hosts
  • Check both HTTP and HTTPS

🎯 Exercises

View All
fill command easy
Write the ffuf command to fuzz directories on http://10.10.10.5 using common.txt:...
multiple choice medium
What does the -fc flag do in ffuf?...

πŸ—ΊοΈ Mind Maps

Web Recon Workflow