BugHuntingNotes/HTTP.yml at master · The-XSS-Rat/BugHuntingNotes · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
-
   Enumeration step: Nikto for mapping the files
   Comment: Nikto -host http(s)://ip:port/app
   Usefull refference: ;
   Goal: Site mapping
   ;: ;
   ;: ;
   ;: ;
-
   Enumeration step: Check the robots.txt file
   Comment: If you can't access, maybe check for csrf
   Usefull refference: ;
   Goal: Site mapping
   ;: ;
   ;: ;
   ;: ;
-
   Enumeration step: Use BURP spider ability
   Comment: ;
   Usefull refference: ;
   Goal: Site mapping
   ;: ;
   ;: ;
   ;: ;
-
   Enumeration step: Navigate to http://ip/~root
   Comment: ;
   Usefull refference: ;
   Goal: ???
   ;: ;
   ;: ;
   ;: ;
-
   Enumeration step: Use CURL to find out what webserver/app you are interacting with
   Comment: ;
   Usefull refference: ;
   Goal: Site mapping
   ;: ;
   ;: ;
   ;: ;
-
   Enumeration step: Use gobuster to map out the directories
   Comment: Check for txt,php,asp,jsp,aspx,sh
   Usefull refference: ;
   Goal: Site mapping
   ;: ;
   ;: ;
   ;: ;
-
   Enumeration step: Check the source code
   Comment: Look for comments, versions, hidden links, … anything interesting
   Usefull refference: ;
   Goal: ;
   ;: ;
   ;: ;
   ;: ;
-
   Enumeration step: CEWL/John/hydra for password gen
   Comment: ;
   Usefull refference: ;
   Goal: Brute force
   ;: ;
   ;: ;
   ;: ;
-
   Enumeration step: Check for vulnerable CMS and versions/ javascripts
   Comment: ;
   Usefull refference: ;
   Goal: Injection
   ;: ;
   ;: ;
   ;: ;
-
   Enumeration step: If login page: Check for default credentials
   Comment: "Search google to find default credentials
   Usefull refference:
   Goal:
   ;:
   ;:
   ;:
-
   Enumeration step: Admin/admin
   Comment:
   Usefull refference:
   Goal:
   ;:
   ;:
   ;:
-
   Enumeration step: Try combinations of the words on the website"
   Comment: ;
   Usefull refference: injection
   Goal: ;
   ;: ;
   ;: ;
   ;:
-
   Enumeration step: SQL injection
   Comment: https://www.owasp.org/index.php/Testing_for_SQL_Injection_(OTG-INPVAL-005)
   Usefull refference: ;
   Goal: Injection
   ;: ;
   ;: ;
   ;: ;
-
   Enumeration step: Command injection in PHP
   Comment: Php_exec() function makes syslevel calls
   Usefull refference: ;
   Goal: Injection/execution
   ;: ;
   ;: ;
   ;: ;
-
   Enumeration step: LFI/RFI
   Comment: To execute payload
   Usefull refference: ;
   Goal: Execution
   ;: ;
   ;: ;
   ;: ;
-
   Enumeration step: File upload
   Comment: Web.config, aspx,php,php3,pht,aspx,txt
   Usefull refference: ;
   Goal: FTP
   ;: ;
   ;: ;
   ;: ;
-
   Enumeration step: RCE
   Comment: ;
   Usefull refference: ;
   Goal: ;
   ;: ;
   ;: ;
   ;: ;
-
   Enumeration step: Look at the config files
   Comment: ;
   Usefull refference: ;
   Goal: ;
   ;: ;
   ;: ;
   ;: ;
-
   Enumeration step: Look for hidden data on image tags
   Comment: ;
   Usefull refference: ;
   Goal: ;
   ;: ;
   ;: ;
   ;: ;
-
   Enumeration step: Cgi-bin file enum
   Comment: ;
   Usefull refference: ;
   Goal: ;
   ;: ;
   ;: ;
   ;: ;