Recon methodology for beginners
This is a short guide to focus on few bugs.
Information gathering or enumeration is a major and most important part whether you are performing web application testing or network security testing.
Remember enumeration is the key
- Whatweb: CLI based tool to analyze the technologies web application is using.
Useful tools to gather information in bug hunting.
2. Sublist3r: Used to extract the subdomains of a domain.
Why use sublist3r?
It is always better to hunt on subdomains rather than the main domain because everyone has an eye on the main domain nowadays.
This tool will use various search engines to extract the subdomains of a provided domain.
3. HostileSubBruteForcer: This tool will map the subdomains and to which particular it is pointing.
Example: if site.example.com is pointing to a nonexisting Heroku subdomain, it’ll alert you
4. Burpsuite: Crawl the website with a scan feature of burp suite and try to analyze the requests with a burp.
Types of requests need to analyze:
Login Request, logout request, forgot password request, account delete request, edit profile requests to take over the account or to perform CSRF.
5. Focus the input parameters to perform the XSS.
Input any string, view how it is going to a server try to see the clear picture in source code then capture it with a burp and now try to build manual vectors accordingly.
XSS practice labs: leettime, prompt.nl
Study from brute XSS.
6. Broken Authentication and session management
For this, you only need a browser and account on a website.