Enumeration

Initial Enumeration

Questions

To start with, here are some questions to dig into. Some of these may be easy to answer by just browsing the site while others may be more difficult or not even possible until you start poking at the application.

  • What does the application do?

  • What language(s) is it written in?

  • What server software is the application running on?

  • What frameworks does it use?

  • What is the server OS?

  • What database does it use?

Inspecting URLs

Look at the extension to the pages. Sometimes, they can give you some information to what frameworks or languages that are being used. Some common ones are: php, jsp, do, html, asp, aspx.

Inspecting Page Content

Looking at the source code of a page can reveal numerous amount of things. Some specific things to look for:

  • Comments

  • Link destinations

  • Link extensions

Response Headers

Using a tool such as ZAP or Burp Suite Pro, look at the response headers. Keep in mind these are under the control of the developers so some of the information may be false to trick attackers. Some things to look for:

  • Sever header that tells you what server is being ran.

  • Cookie names

    • Some frameworks use predictable cookie name

  • Variable names

    • Some frameworks use predictable variable name

User Controlled Data

Look for any area that may be processed by the server that you can control. Common things to look for are:

  • Forms

    • Login and search forms

  • URL variables

  • Header Variables

  • POST submission content variables

  • Cookie variables

Tools

whatweb

whatweb <url>

webtech

webtech -u <url>
PreviousMethodologyNextAttacks

Last updated

Was this helpful?