⭕Web Pentest

Basic checks

1. try to check application is php based by adding /index.php after the domain

2. check basic directory like :- /admin /robots.txt /.git

3. check for .git folder or any other git files

4. check directory or files named License or release

5. check released application vulnerable version

6. look for any mail address

7. try to find username present on

8. check "powered by"

9. check "powered by" application's github repository for more directory results

10. try to find version number on web page or in page source

11. check copyright , version , release

12. to find for specific file or file location - try to install it that service in own machine

13. check SSL/TLS certificate

wapplalyzer

1. find technology of web application

2. Check database

3. check framework

4. check server name

5. check cms

source code

1. check html comments

2. check js scripts

3. check other js links

developer tools

1. check js scripts loading while the page loads

2. check the contents of the js scripts (sometimes they hold some useful information)

burp-suite

1. check for :- x=powered-by

2. check response for both http & https (sometimes you find something different)

3. check server name in response

4. check response for both ip & domain name (sometimes you find something different)

5. check response time

6. check response size while testing

File found on web server

1. check metadata of that file (pdf,img,...) using exiftool