Ready to Start Your Career?

Steps for web pentesting for particular web target - Information Gathering

CodeNinja 's profile image

By: CodeNinja

August 17, 2015

I am CodeNinja a.k.a. Aakash Choudhary and today i am going to contribute my little knowledge to this awesome site Information gathering is the 1st step :->

Lets say i have a site :->

Your aim is to pentest this site as i hired you for this purpose

Then what will be your step ?Here i am telling you. Keep mind that you use text editor or notebook to save result what you see while testing

STEP 1 :-> Open website and check every link or pages and check its source code and read every code specially :->a) FORM b) JS [SCRIPT tag]c) INPUT d) Commentse) Links use in code

STEP 2 :-> Open your terminal and type following commands which is necesary

NOTE :- Use google to get information of these commands because i not tell you its function or any information

a) PING website name [ To get ip address and response]b) DIG Command c) Tracert/traceroute d) host website name [If you not want to use ping then use thise) nslookup [Please this is essential not neglect it. & please google this to get information as this is important for DNS HACKING though DIG too usefull

Note all information which you got result from above commands

STEP 3 :-> ROBOTS Developers sometime hidden important links even login page or other.

so check robots.txt and it is must to do this everytime you start web pentestingAlso you can use Dirbuster tool to get hidden directories

Also you can use wget or curl command. Why? Please google for this tongue emoticon

STEP 4 :-> Check open PORTSYes this is essential guys wink emoticon Use NMAP,NESSUS,NETCAT for this purpose

Please google for above to learn and do practically

Our goal when port scanning is to answer three questions regarding the webserver:1. What ports are open?2. What services are running on these ports?3. What versions of those services are running?

If we can get accurate answers to these questions, we will have strengthened our foundation for attack.

Friends Burpsuite,ZAP,Webscarab all this very important during WEB PENTESTING.

If you find this usefull Then it is great honour for me.


regards CodeNinja

Schedule Demo