Pentesting theory
Five stages of hacking
- Reconaissance
- Scanning and enumeration
- Gaining access
- Maintaining access
- Covering tracks
Physical/Social
- Google street view
- hunter.io
- googling
- filetype/ext
- theharvester (emails, subdomains)
- haveibeenpwned
- bluto: brute force against have i been pwned
- crt.sh: *.domain.com
- wappalyzer: technologies on a website
Vulnerability scanners
- Nessus
- Pro edition
- nikto
- burp suite (for web apps)
- Pro edition (400USD)
Information gathering
- Find e-mail addresses:
- [[hunter.io]]
- [[phonebook.cz]]
- https://clearbit.com/
- Find subdomains
- https://crt.sh/
Scanning and enumeration
nikto -h http://example.com
dirbuster