📃
Anggi's Notes
  • Tentang Penulis
  • Preambule
  • Tutorial Red Team Area (General)
    • Tutorial Setup VirtualBox
    • Tutorial Setup Kali Linux pada VirtualBox
    • Network Adapter Type pada Virtual Box
    • Tutorial Port Forwarding Pada Virtual Box
    • Mempercepat update/upgrade/install Kali Linux
    • Networking in a Nutshell
    • Linux in A Nutshell
    • Linux Command Intro
    • VA-PT Cheatsheet
    • Penetration Testing Guide & Checklist
    • Pentesting Web checklist
    • NMAP Cheatsheet
    • Bind vs Reverse Shell Concept
    • Reverse Shell Cheatsheet
    • Linux TTY Shell Cheat Sheet
    • Menaikkan Common Shell ke Meterpreter
    • Metasploit Cheatsheet
      • msfvenom
      • searchploit
    • Metasploitable-2
    • Metasploitable-3
    • Linux Privilege Escalation
      • Linux Privilege Escalation with Misconfigured /etc/passwd
      • Linux Privilege Escalation with SUID
      • Linux Privilege Escalation with Misconfigured Sudo
      • Linux Privilege Escalation with MSF
    • DVWA
      • Brute Force
        • Low
        • Medium
        • High
      • Command Injection
        • Low
        • Medium
        • High
      • Local File Inclusion
        • Low
        • Medium
        • High
      • File Upload Vulnerability
        • Low
        • Medium
        • High
      • Cross Site Scripting (XSS)
        • Reflected
          • Low
          • Medium
          • High
        • Stored
          • Low
          • Medium
          • High
        • DOM
          • Low
          • Medium
          • High
      • SQL Injection
        • Non Blind
          • Low
          • Medium
          • High
        • Blind
          • Low
          • Medium
          • High
      • CSRF
        • Low
        • Medium
        • High
    • Pentesting Report Sample
    • Tutorial Penggunaan ZAP
    • Windows VA/Audit
      • DetExploit
      • HardeningKitty
      • Tutorial Installasi OWASP ZAP pada Windows OS
    • Linux VA/Audit dengan Lynis
    • Mobile Security Framework (MobSF) Windows Docker
  • Tutorial Red Team Area (Teknik Windows Attack )
    • Reconnaissance Techniques
    • Windows Red Team Exploitation Techniques
    • Windows Red Team Defense Evasion Techniques
  • Tutorial Blue Team Area
    • Merancang SOC
    • IR Playbook
    • Blue Team Opensource Online Tools
    • Wireshark Query Cheatsheet
  • Temuan Celah Keamanan
    • LFI (Directory Traversal) di redacted.co.id
    • Kredensial Database dan Azure Leaks pada redacted.com
    • HTML Injection di Tokopedia
    • 🤪4300$ Bounty from Opensource automate recon tools, why not?
    • I hacked Mastercard 4 times? But How?
    • LFI dan RCE di aset redacted.com
    • FTPd DOS di aset redacted.co.id
    • Gitlab SSRF di redacted.com
    • Firebase Android database Takeover
    • RCE di 11 Subdomain Dell
    • SSRF di redacted.com
    • Reflected XSS di CelticPipes
    • Git Disclosure di redacted.co.id
    • Open Redirection+XSS pada Private Program Bugcrowd
    • Rails Debug Mode Enabled pada redacted.com
Powered by GitBook
On this page
  • Recon phase
  • Large scope
  • User management
  • Input handling
  • Application Logic
  • Other checks

Was this helpful?

  1. Tutorial Red Team Area (General)

Pentesting Web checklist

Supaya kamu ga pusing harus ngapain aja kalo mau pentest web ya.

PreviousPenetration Testing Guide & ChecklistNextNMAP Cheatsheet

Last updated 3 months ago

Was this helpful?

Sumber:

Recon phase

Large scope

Medium scope

Small scope

Network

Preparation

User management

Registration

Authentication

Session

Profile/Account details

Forgot/reset password

Input handling

Error handling

Application Logic

Other checks

Infrastructure

CAPTCHA

Security Headers

Identify web server, technologies and database ()

Web fuzzing ( and )

Find ()

Identify WAF (, )

/Github tools (, )

Get urls ( , , )

Check potential vulnerable urls ()

Automatic XSS finder ()

Broken link hijacking ()

Get all JS files (, )

JS hardcoded APIs and secrets ()

JS analysis (, , , )

Run automated scanner ()

Test CORS (, )

Check DMARC/SPF policies ()

Open ports with

to all ports

Check UDP ports ( or nmap)

Test ()

If got creds, try password for all the services discovered

(also my%00email@mail.com for account tko)

Check for password wordlist ( and )

Test 0auth login functionality for

Test response tampering in authentication

If , check common flaws

Try login with common

Bypass tokens

Create a list of features that are pertaining to a user account only and try

File : , No Size Limit, File extension, Filter Bypass, extension, RCE

Check profile picture URL and find email id/user info or

of all downloadable files (Geolocation, usernames)

HTTP in GET & POST (X Forwarded Host)

Path , LFI and RFI

in any request, change content-type to text/xml

Stored

injection with ' and '--+-

injection

HTTP Request

in previously discovered open ports

Try to discover hidden parameters (or )

Check for test credit card number allowed like 4111 1111 1111 1111 ( )

hosting misconfiguration ()

Test storage

Bypass with OCR tool ()

Pentest Book six2dez
ASN
amass
asnlookup
metabigor
bgp
acquisitions
viewdns
Enumerate subdomains
amass
subfinder
puredns
wordlist
gotator
ripgen
wordlist
httpx
Subdomain takeovers
nuclei-takeovers
cloud assets
cloudenum
Shodan
Transfer zone
gowitness
webscreenshot
aquatone
httpx
Directory enumeration
ffuf
wordlist
leaked ids, emails
pwndb
whatwaf
wafw00f
Google dorking
GitHub dorking
githound
gitdorks_go
gau
waybackurls
gospider
gf-patterns
dalfox
blc
subjs
xnLinkFinder
nuclei-tokens
subjs
JSA
xnLinkFinder
getjswords
nuclei
CORScanner
corsy
spoofcheck
Shodan
Port scan
udp-proto-scanner
SSL
testssl
spraying
Insufficient email verification process
SQL Injections
cewl
burp-goldenNuggets
Open Redirection
SAML
JWT
credentials
Cross-site request forgery
AntiCSRF
CSRF
upload
eicar
burp
EXIF Geolocation Data
Metadata
Reflected XSS
header injection
traversal
XXE
XSS
SQL
NoSQL
Smuggling
Open redirect
SSRF
arjun
parameth
sample1
sample2
Virtual
VHostScan
cloud
easy one