Member-only story
Automation of the reconnaissance phase during Web Application Penetration Testing I
There are many things that every Penetration Tester and Bug Bounty Hunter does during BlackBox testing of the web applications. These repetitive things cost a lot of time during penetration testing, and the time is usually short. Facing these obstacles, I have created a tool that automates many activities and increases work efficiency (still in development).
This article describes the workflow I use during Web Application Penetration Testing with the scope “*.domain.com”. My research is based on the OWASP methodology and the methodology in the book “Hack Tricks” by Carlos Polop. For this article, let’s assume that all resources included in the “*.domain.com” domain are our assessment scope. The results of the operation of each of the tools listed below will be saved in text files for further processing.
Generally speaking, when the scope of the test covers all of the company’s websites, we are interested in the following resources:
- Protocols (scheme)
- Hosts (subdomains && domains && IP && ports)
- Paths (directories && files)
- Queries (parameters names && values)
