This repository has been archived by the owner on Sep 8, 2021. It is now read-only.
Folders and files Name Name Last commit message
Last commit date
parent directory
View all files
Information Gathering and Vulnerability Scanning
DNS lookups
Identify technical contacts
Administrator contacts
Cloud vs. self-hosted
Social media scraping
Key contacts/job responsibilities
Job listing/technology stack
Cryptographic flaws
Secure Sockets Layer (SSL) certificates
Revocation
Company reputation/security posture
Data
Password dumps
File metadata
Strategic search engine analysis/enumeration
Website archive/caching
Public source-code repositories
Open-source intelligence (OSINT)
Tools
Sources
Common weakness enumeration (CWE)
Common vulnerabilities and exposures (CVE)
Enumeration
Hosts
Services
Domains
Users
Uniform resource locators (URLs)
Website reconnaissance
Crawling websites
Scraping websites
Manual inspection of web links
Packet crafting
Defense detection
Load balancer detection
Web application firewall (WAF) detection
Antivirus
Firewall
Tokens
Scoping
Issuing
Revocation
Wardriving
Network traffic
Capture API requests and responses
Sniffing
Cloud asset discovery
Third-party hosted services
Detection avoidance
Fingerprinting
Operating systems (OSs)
Networks
Network devices
Software
Analyze output from:
DNS lookups
Crawling websites
Network traffic
Address Resolution Protocol (ARP) traffic
Nmap scans
Web logs
Considerations of vulnerability scanning
Time to run scans
Protocols
Network topology
Bandwidth limitations
Query throttling
Fragile systems
Non-traditional assets
Scan identified targets for vulnerabilities
Set scan settings to avoid detection
Scanning methods
Stealth scan
Transmission Control
Protocol (TCP) connect scan
Credentialed vs. non-credentialed
Nmap
Nmap Scripting Engine (NSE) scripts
Common options
A
sV
sT
Pn
O
sU
sS
T 1-5
script=vuln
p
Vulnerability testing tools that facilitate automation
You can’t perform that action at this time.