Content Discovery

Manual Discovery

Check walking an app!

robots.txt

File for search engine crawlers.

Default favicon

Using md5 hash sum we can detect what framework site has been built. For example curl url/path/to/favicon.ico | md5sum

Sitemap.xml

List of every file the website owner wishes to be listed on a search engine.

HTTP Headers

Get headers with curl: curl http://ip:port/path -v For example, we can see:

• webserver version
  • is there known vulnerabilities in this version?
• html comments in source code

OSINT

Using google

• site:example.com
• inurl:keyword - keyword in url
• filetype:pdf
• intitle:admin

Other websites

• Wappalyzer helps identify what technologies a website uses.
• Wayback Machine
• git
• AWS S3 Buckets

Automated Discovery

• ffuf
• dirb
• gobuster