Pentesting Note (OSCP)

Information Gathering
- Passive information Gathering
- Active Information Gathering
  DNS Enumeration
  TCP/UDP Port Scanning
  Scanning using Nmap
  SMB and SMTP and SNMP Enumeration
Vulnerability Scanning
- Vulnerability Scanning with Nmap
Web Application Attacks
- Web Recon
  Fingerprinting Web Server with Nmap
  Directory Brute Force
  Web Application Debugging
- OWASP Top 10
  Directory Traversal
  File Inclusion Vulnerabilities (LFI and RFI)
Post Exploitation
- Obtaining Interactive Shell
- Resource Pages
Labs Notes
- THM Labs
- HTB Labs
  Cozyhosting

Powered by GitBook

On this page

Google Dorking
Netcraft Website
Search from GitHub, GitLab, GitHub Gist, SourceForge
Shodan
Security Headers and SSL/TLS

Passive information Gathering

PreviousInformation Gathering NextActive Information Gathering

Last updated 1 year ago

Google Dorking

site:megacorpone.com -filetype:html
The Direcotry Listing like google dorking
- intitle:"index of" "parent directory"

Netcraft Website

from site report > site technology >> List the subdomian technologies

Search from GitHub, GitLab, GitHub Gist, SourceForge

You can search online source codes repositories
Sometime api key , credential leak form this site
Tools
- gitleaks

Shodan

Shodan querys
- hostname:megacorpone.com port:"22"

Security Headers and SSL/TLS

https://www.ssllabs.com/ssltest/
https://www.secuirtyheaders.com
The missing headers are not necessarily vulnerability themselves, but they could indicate web dev or server admin are not familier with server hardening