GitBook: [master] one page modified
This commit is contained in:
parent
267593139b
commit
49c89a682d
@ -21,6 +21,10 @@ nc -v domain.com 80 # GET / HTTP/1.0
|
||||
openssl s_client -connect domain.com:443 # GET / HTTP/1.0
|
||||
```
|
||||
|
||||
## Web API Guidance
|
||||
|
||||
{% page-ref page="web-api-pentesting.md" %}
|
||||
|
||||
## Methodology summary
|
||||
|
||||
> In this methodology we are going to suppose that you are going to a attack a domain \(or subdomain\) and only that. So, you should apply this methodology to each discovered domain, subdomain or IP with undetermined web server inside the scope.
|
||||
@ -94,7 +98,7 @@ Some **tricks** for **finding vulnerabilities** in different well known **techno
|
||||
* \*\*\*\*[**WebDav**](put-method-webdav.md)\*\*\*\*
|
||||
* \*\*\*\*[**Werkzeug**](werkzeug.md)\*\*\*\*
|
||||
* \*\*\*\*[**Wordpress**](wordpress.md)\*\*\*\*
|
||||
* **Electron Desktop**
|
||||
* \*\*\*\*[**Electron Desktop \(XSS to RCE\)**](xss-to-rce-electron-desktop-apps.md)\*\*\*\*
|
||||
|
||||
_Take into account that the **same domain** can be using **different technologies** in different **ports**, **folders** and **subdomains**._
|
||||
If the web application is using any well known **tech/platform listed before** or **any other**, don't forget to **search on the Internet** new tricks \(and let me know!\).
|
||||
|
Loading…
Reference in New Issue
Block a user