GitBook: [master] one page modified

2021-06-26 15:04:40 +00:00 · 2021-06-26 15:04:40 +00:00 · 49c89a682d
commit 49c89a682d
parent 267593139b
1 changed files with 5 additions and 1 deletions
--- a/pentesting/pentesting-web/README.md
+++ b/pentesting/pentesting-web/README.md
@ -21,6 +21,10 @@ nc -v domain.com 80 # GET / HTTP/1.0
 openssl s_client -connect domain.com:443 # GET / HTTP/1.0
 ```

+## Web API Guidance
+
+{% page-ref page="web-api-pentesting.md" %}
+
 ## Methodology summary

 > In this methodology we are going to suppose that you are going to a attack a domain \(or subdomain\) and only that. So, you should apply this methodology to each discovered domain, subdomain or IP with undetermined web server inside the scope.
@ -94,7 +98,7 @@ Some **tricks** for **finding vulnerabilities** in different well known **techno
 * \*\*\*\*[**WebDav**](put-method-webdav.md)\*\*\*\*
 * \*\*\*\*[**Werkzeug**](werkzeug.md)\*\*\*\*
 * \*\*\*\*[**Wordpress**](wordpress.md)\*\*\*\*
-* **Electron Desktop**
+* \*\*\*\*[**Electron Desktop \(XSS to RCE\)**](xss-to-rce-electron-desktop-apps.md)\*\*\*\*

 _Take into account that the **same domain** can be using **different technologies** in different **ports**, **folders** and **subdomains**._  
 If the web application is using any well known **tech/platform listed before** or **any other**, don't forget to **search on the Internet** new tricks \(and let me know!\).