Steps for web pentesting for particular web target – Information Gathering

August 17, 2015 | Views: 4180

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

I am CodeNinja a.k.a. Aakash Choudhary and today i am going to contribute my little knowledge to this awesome site 

Information gathering is the 1st step :->

Lets say i have a site :-> www.sitename.com

Your aim is to pentest this site as i hired you for this purpose

Then what will be your step ?
Here i am telling you. Keep mind that you use text editor or notebook to save result what you see while testing

STEP 1 :-> Open website and check every link or pages and check its source code and read every code specially :->
a) FORM 
b) JS [SCRIPT tag]
c) INPUT 
d) Comments
e) Links use in code

STEP 2 :-> Open your terminal and type following commands which is necesary

NOTE :- Use google to get information of these commands because i not tell you its function or any information

a) PING website name [ To get ip address and response]
b) DIG Command 
c) Tracert/traceroute 
d) host website name [If you not want to use ping then use this
e) nslookup [Please this is essential not neglect it. & please google this to get information as this is important for DNS HACKING though DIG too usefull

Note all information which you got result from above commands

STEP 3 :-> ROBOTS 
Developers sometime hidden important links even login page or other.

so check robots.txt and it is must to do this everytime you start web pentesting
Also you can use Dirbuster tool to get hidden directories

Also you can use wget or curl command. Why? Please google for this tongue emoticon

STEP 4 :-> Check open PORTS
Yes this is essential guys wink emoticon 
Use NMAP,NESSUS,NETCAT for this purpose

Please google for above to learn and do practically

Our goal when port scanning is to answer three questions regarding the web
server:
1. What ports are open?
2. What services are running on these ports?
3. What versions of those services are running?

If we can get accurate answers to these questions, we will have strengthened our foundation for attack.

Friends Burpsuite,ZAP,Webscarab all this very important during WEB PENTESTING.

If you find this usefull Then it is great honour for me.

THANKS

regards CodeNinja

Share with Friends
FacebookTwitterLinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterLinkedInEmail
Ready to share your knowledge and expertise?
22 Comments
  1. Excellent outline of web site analysis, much appreciated for you sharing this.

  2. For website testing, don’t forget about http://www.centralops.net (the Domain dossier), Netcraft (which tells you what the site is running and on what type of server) and the SSL Labs SSL Server test to check on the encryption being used. All of those will help you build a checklist of testing vectors. Also, it allows you to check for software version issues and technology being used by the site. All of this is very important as well. When doing Nmap testing, don’t forget to look at the various “discovery” scripts that are available to complete your picture. I put them in a .bat file and use the -oN option to give me easy to read output (note taking). Once you build a .bat file with the right selection of scripts, then you can focus on other information gathering work while they run.

    Oh yes, almost forget – if you want to see what a ssite looked like in the past – don’t forget about http://www.archive.org. Great place to look at how a site has evolved.

    Your post is a good start, Well Done!

  3. Great Info Thanks.

  4. L0L: not interesting, even not lvl of fair its good that you tryed to share your knowledge…appreciate

Page 4 of 4«1234
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge

 

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel