Tips

• [ ] Login Form 만나면 single quote ' 로 SQL Injection 확인
• [ ] if GET doesn’t work, try POST
• [ ] 만약 /etc/hosts 에 도메인 맵핑을 해야한다면? subdomain 확인

echo "10.10.10.1 wook.com" | sudo tee -a /etc/hosts

Tools

• https://github.com/swisskyrepo/PayloadsAllTheThings
• Gobuster, feroxbuster
• cadaver

Enumeration

Nmap

nmap $IP --script=http-enum -sV -p 80

Browser

View Page Source
robots.txt
sitemap.xml

Subdomains

theharvester -d [domain] -b [search engine]
amass enum -passive -src -d [domain]
amass enum -active -d [domain]
cat [file with domains] | httprobe

Gobuster

• b 403,404: 무시할 상태 코드 지정
• k: SSL 인증서 무시
• -exclude-length <LENGTH>