Web Application Penetration Testing workflow

Reconnaissance (Information Gathering)

🔹 Goal: Identify attack surfaces and gather intelligence about the target.

🔹 Tools: Amass, Subfinder, Assetfinder, nmap, Shodan, theHarvester, waybackurls, Burp Suite, Google Dorks

✅ Subdomain Enumeration

• amass enum -passive -d target.com
• subfinder -d target.com
• Check for wildcards: dig @8.8.8.8 target.com +short

✅ Port Scanning

• nmap -sC -sV -p- target.com
• Check open ports/services (e.g., HTTP, SSH, FTP, Redis)

✅ Technology Fingerprinting

• whatweb target.com
• wappalyzer extension (Burp/Browser)

✅ Wayback Enumeration

• waybackurls target.com | tee wayback.txt

✅ Google Dorking

• site:target.com filetype:env OR filetype:sql OR filetype:log