Tools

We will show different tool we can use for enumerating web applications.

Browser Dev Tools

All Browser provide us with Tools to analyze the web application we are targeting.

Below you can see a screenshot of the Firefox Dev Tools.

The Dev Tools provide us with network information, debugging possibilities and much more functionalities we can use to try understand the web applications we are targeting.

Wappalyzer

The above tool identifies the technology stack of an web application.

As we can show above the extension shows us the technologies the web app uses.

Find out what websites are built with - Wappalyzerwww.wappalyzer.com

Burp Suite

Burp Suite is a integrated platform for web application security testing. It provide several tools which helps us identify vulnerabilities in web applications.

Burp Suite is the industry standard for web application security testing.

We will dedicate a whole section for Burp Suite.

Gobuster

gobuster dir -u http://target.htb -w wordlist.txt -t 10 -x php,html

gobuster dir -u http://target.htb -w wordlist.txt -p pattern     # Pattern: {GOBUSTER}/v1

GitHub - OJ/gobuster: Directory/File, DNS and VHost busting tool written in GoGitHub

Feroxbuster

feroxbuster -u http://test.htb -x php,html -d <depth> -w wordlist.txt

GitHub - epi052/feroxbuster: A fast, simple, recursive content discovery tool written in Rust.GitHub

wfuzz

wfuzz -c -w wordlist.txt http://target.com/?page=FUZZ

GitHub - xmendez/wfuzz: Web application fuzzerGitHub

ffuf

ffuf -w wordlist.txt -u https://target.com/FUZZ

ffuf -request post.req -w wordlist.txt

GitHub - ffuf/ffuf: Fast web fuzzer written in GoGitHub

whatweb

whatweb 10.10.10.100

GitHub - urbanadventurer/WhatWeb: Next generation web scannerGitHub

PreviousWeb Application NextLists for Fuzzing

Last updated 1 year ago

hashtagBrowser Dev Tools

hashtagWappalyzer

hashtagBurp Suite

hashtagGobuster

hashtagFeroxbuster

hashtagwfuzz

hashtagffuf

hashtagwhatweb