coelner/hacktricks
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

GitBook: [master] one page modified

Browse Source
This commit is contained in:
CPol 2021-02-10 22:13:53 +00:00 committed by gitbook-bot
parent 6e39506335
commit 7589f8aef7
No known key found for this signature in database
GPG Key ID: 07D2180C7B12D0FF
1 changed files with 7 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
pentesting/pentesting-web/README.md
View File

@ -241,21 +241,13 @@ _Note that anytime a new directory is discovered during brute-forcing or spideri
* Look for **links** to other files inside the **CSS** files.
* [If you find a _**.git**_ file some information can be extracted](git.md)
* If you find **API endpoints** you [should also test them](api-pentesting.md). These aren't files, but will probably "look like" them.
#### JS code
The **JS code** of a web application can be really interesting: It could contain **API keys**, **credentials**, other **endpoints**, and understanding it you could be able to **bypass security measures**.
It could be also very useful to **parse** the **JS files** in order to search for other **endpoints:** **\(wrap of LinkFinder\),** **.**
Another interesting approach could be **monitoring the JS files** with a tool like [**JSMon**](https://github.com/robre/jsmon) that checks for changes.
You should also **check** if the application is using any **outdated** and **vulnerable javascript library** with: [**RetireJS**](https://github.com/retirejs/retire.js/)
If the **javascript** code is **obfuscated**, these tools could be useful:
* **JS files**: In the spidering section several tools that can extract path from JS files were mentioned. Also, It would be interesting to **monitor each JS file found**, as in some ocations, a change may indicate that a potential vulnerability was introduced in the code. You could use for example [**JSMon**](https://github.com/robre/jsmon)**.**
* You should also check discovered JS files with [**RetireJS**](https://github.com/retirejs/retire.js/) ****to find if it's vulnerable.
* **Javascript Deobfuscator and Unpacker** \([https://lelinhtinh.github.io/de4js/](https://lelinhtinh.github.io/de4js/)\)
* **Javascript Beautifier** \([http://jsbeautifier.org/](https://beautifier.io/)\)
* **BrainFuck deobfuscation** \(javascript with chars:"\[\]!+" [https://ooze.ninja/javascript/poisonjs/](https://ooze.ninja/javascript/poisonjs/)\)
In several occasions you will need to **understand regular expressions** used, this will be useful: [https://regex101.com/](https://regex101.com/)
* In several occasions you will need to **understand regular expressions** used, this will be useful: [https://regex101.com/](https://regex101.com/)
* You could also **monitor the files were forms were detected**, as a change in the parameter or the apearance f a new form may indicate a potential new vulnerable functionality.
#### 403 Forbidden/Basic Authentication/401 Unauthorized \(bypass\)