Chapter 2. Reconnaissance

In this chapter, we will cover:

  • Scanning and identifying services with Nmap
  • Identifying a web application firewall
  • Watching the source code
  • Using Firebug to analyze and alter basic behavior
  • Obtaining and modifying cookies
  • Taking advantage of robots.txt
  • Finding files and folders with DirBuster
  • Password profiling with CeWL
  • Using John the Ripper to generate a dictionary
  • Finding files and folders with ZAP

Introduction

Every penetration test, be it for a network or a web application, has a workflow; it has a series of stages that should be completed in order to increase our chances of finding and exploiting every possible vulnerability affecting our targets, such as:

  • Reconnaissance
  • Enumeration
  • Exploitation
  • Maintaining access
  • Cleaning tracks ...

Get Kali Linux Web Penetration Testing Cookbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.