Tools

We will show different tool we can use for enumerating web applications.

Browser Dev Tools

All Browser provide us with Tools to analyze the web application we are targeting.

Below you can see a screenshot of the Firefox Dev Tools.

Firefox Dev Tools

The Dev Tools provide us with network information, debugging possibilities and much more functionalities we can use to try understand the web applications we are targeting.

Wappalyzer

The above tool identifies the technology stack of an web application.

Example of www.youtube.com

As we can show above the extension shows us the technologies the web app uses.

LogoFind out what websites are built with - Wappalyzerwww.wappalyzer.com

Burp Suite

Burp Suite is a integrated platform for web application security testing. It provide several tools which helps us identify vulnerabilities in web applications.

Burp Suite Community Edition

Burp Suite is the industry standard for web application security testing.

We will dedicate a whole section for Burp Suite.

Gobuster

gobuster dir -u http://target.htb -w wordlist.txt -t 10 -x php,html
gobuster dir -u http://target.htb -w wordlist.txt -p pattern     # Pattern: {GOBUSTER}/v1
LogoGitHub - OJ/gobuster: Directory/File, DNS and VHost busting tool written in GoGitHub

Feroxbuster

feroxbuster -u http://test.htb -x php,html -d <depth> -w wordlist.txt
LogoGitHub - epi052/feroxbuster: A fast, simple, recursive content discovery tool written in Rust.GitHub

wfuzz

wfuzz -c -w wordlist.txt http://target.com/?page=FUZZ
LogoGitHub - xmendez/wfuzz: Web application fuzzerGitHub

ffuf

ffuf -w wordlist.txt -u https://target.com/FUZZ
ffuf -request post.req -w wordlist.txt
LogoGitHub - ffuf/ffuf: Fast web fuzzer written in GoGitHub

whatweb

whatweb 10.10.10.100
LogoGitHub - urbanadventurer/WhatWeb: Next generation web scannerGitHub
PreviousWeb ApplicationNextLists for Fuzzing

Last updated