0Sec
0Sec
0Sec
  • Spider Security
  • offensive security
    • OSCP
      • WriteUps
        • PortSwigger
          • SQL injection labs
          • Exploiting XXE to retrieve data by repurposing a local DTD
        • PentesterLabs
          • Recon
        • HTB
          • BoardLight
          • Lame
        • THM
          • Walkthroughs
            • Attacktive Directory
            • LineKernel
            • Day 1 — Linux PrivEsc
          • CTF
            • Page
            • BLUE
            • mKingdom
            • RazorBlack
      • Module 1 (General Info)
      • Module 2 (Getting Kali)
        • Leason 1 - Booting Up Kali Linux
        • Leason 2 - The Kali Menu
        • Leason 4 - Finding Your Way Around Kali
        • Leason 5 - Managing Kali Linux Services
      • Module 3 (CLI)
        • The Bash Environment
        • Piping and Redirection
        • Text Searching and Manipulation
          • Regular
        • Managing Processes
        • File and Command Monitoring
      • Module 4 (Practical Tools)
        • Netcat
        • Socat
        • PowerShell & Powercat
        • Wireshark
        • Tcpdump
      • Module 5 (Bash Script)
      • Module 6 (Passive Info Gathering)
      • Module 7 ( Active Info Gathering)
      • Module 8 (Vulnerability Scanning)
      • Module 9 (Web Application Attacks)
        • Cross Site Scripting (XSS)
        • local file inclusion & remote file inclusion
          • Exploit LFI
        • SQL injection
          • Blind Boolean based SQL & Evasion Techniques
          • SQL
          • Login bypass List
        • File upload
        • Remote code execution
      • Module 10 ( Intro Buffer OverFlow)
      • Module 11 (Widows Buffer OverFlow)
        • Buffer OverFlow Challange
      • Module 12 (Linux Buffer OverFlows)
      • Module 13 (Clint Side Attacks)
      • Module 14 (Locating Public Exploits)
      • Module 15 (FIxing Exploits)
      • Module 16 (File Transfers)
      • Module 17 (Antivirus Evasion)
        • Windows
      • Module 18 (Privllege Escalation)
        • Windows
          • Checklist
          • THM - Windows PrivEsc Arena
        • Linux
          • Checklist
          • Linux PrivEsc Arena
      • Module 19 (Password Attacks)
      • Module 20 (Port Redirection and Tunneling)
      • Module 21 (Active Directory Attacks)
        • adbasics_v1.2
      • Module 22 (Metasploit Framwork)
      • Module 23 (Powershell Empire)
      • Course Materials
  • SANS
  • AppSec
    • EWAPTX
      • PHP Type Juggling
      • CSP
      • SqlI
        • Information_schema
        • WriteUps
      • SSTI & CSTI
      • XSS_HTML Injection
      • CORS Attack
      • Clickjacking
      • Open redirect
      • JSONP
      • LFI && LFD && RFI
      • HTTP Host header attacks
      • CSRF
      • XML injection
      • XML external entity (XXE) injection
      • APIs & JWT attacks
      • Insecure Deserialization
      • OAUTH 2.0 authentication vulnerabilities
      • Host Header Injection
      • Insecure Direct Object References (IDOR)
  • Reverse Eng & Malware dev
    • Internals
      • Windows internals
        • Topics in GitHub
        • Chapter 1 Concepts and tools
        • Chapter 2. System architecture
        • Chapter 3. Processes and jobs
        • Chapter 4. Threads
        • Chapter 5. Memory management
        • Chapter 6. I/O system
        • Chapter 7. Security
      • Linux internals ⇒ Soon
      • MacOs X internals ⇒ Soon
  • cheat sheet
    • Pentest_Notes
    • Linux BOF & Wireless Attacks
    • WriteUps
Powered by GitBook
On this page
  • Web Application Enumeration
  • Web Application Assessment Tools
  • Wfuzz
  • Fuzzing Parameters In URLs
  • Fuzzing Cookies
  • Fuzzing POST Requests
  • OWASP Top Ten
  1. offensive security
  2. OSCP

Module 9 (Web Application Attacks)

Web Application Enumeration

  • Programming language and Frameworks

    • PHP - ASP.net - JSP - PYTHON - JAVA and More

    • Wappalyzer - inspecting URLs - whatweb - Error

  • Web Server Software

    • Apache - Nginx - IIS

    • Wappalyzer - whatweb - Error

  • Database software

    • MySQL - MariaDB - MongoDB - Oracle - SQL Server

    • Wappalyzer - Error

  • Server OS

    • Linux - Windows

    • Wappalyzer - NSE (Nmap Script Engine)

Web Application Assessment Tools

  • Fuzz Directories

    • Drip - gobuster - dirsearsh - fuff - wfuzz

Wfuzz

Fuzzing Dir

wfuzz -c -z file,/usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt --hc 404,302,301 http://192.168.2.5/bWAPP/FUZZ

Fuzzing Files

.bak, .php, .zip . xml , .json ...etc

wfuzz -c -z file,/usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt --hc 404,302,301 http://192.168.2.5/bWAPP/FUZZ.php

Dirbuaster

Fuzzing Parameters In URLs

wfuzz -z range,0-10 --hl 97 http://testphp.vulnweb.com/listproducts.php?cat=FUZZ

Fuzzing Cookies

wfuzz -z file,wordlist/general/common.txt -b cookie=value1 -b cookie2=value2 http://testphp.vulnweb.com/FUZZ

Fuzzing POST Requests

 wfuzz -z file,wordlist/others/common_pass.txt -d "uname=FUZZ&pass=FUZZ"  --hc 302 http://testphp.vulnweb.com/userinfo.php

  • Test Vulnerabilities

    • Nikto - Nessus - acunetix - netsparker - burp and zap proxy

OWASP Top Ten

  1. A01:2021-Broken Access Control

  2. A02:2021-Cryptographic Failures

  3. A03:2021-Injection

  4. A04:2021-Insecure Design

  5. A05:2021-Security Misconfiguration

  6. A06:2021-Vulnerable and Outdated Components

  7. A07:2021-Identification and Authentication Failures

  8. A08:2021-Software and Data Integrity Failures

  9. A09:2021-Security Logging and Monitoring Failures

  10. A10:2021-Server-Side Request Forgery

PreviousModule 8 (Vulnerability Scanning)NextCross Site Scripting (XSS)

Last updated 11 months ago