đź“‹
A Journey From IT to IT Security
  • IT Training Resources
  • IT Security Roles
    • Web Application Security Specialist
      • Training Guide
      • Self-hosted Training Lab
        • Vulnerable Web Apps
      • Web Security testing Methodology
        • 1 Footprinting
        • 2 Scanning
        • 3 Enumeration
        • 4 Gaining Access
        • 5 Maintain Access
        • 6 Covering Tracks
        • 7 Vulnerability assessment
    • DevSecOps Engineer
      • Training Guide
      • Building a DevSecOps CD/CI Pipeline
        • Self-hosted DevOps CD/CI platforms
        • Software Component Analysis (SCA)
        • Static Application Security Testing (SAST)
        • Dynamic Application Security Testing (DAST)
        • System Hardening
        • System Compliance Analysis
        • Vulnerability Analysis
      • Ready-to-use and train DevSecOps CD/CI Pipeline
    • Chief Information Security Officer (CISO)
    • Digital Forensics Investigator
      • Forensics Methodology
    • Cloud Security Engineer
      • Getting started with kubernetes
  • Resources
    • IT Basics
      • Networking Basics Study Guide
      • RBAC / ABAC
      • Anonymous Surfing
      • Python Programming
      • Infrastructure as code
      • Containers
        • Docker
        • Docker security
      • The Security Development Lifecycle (SDL)
    • Literature
    • Useful Tool Tutorials
    • Useful Online Tools
    • Exploits
  • Unsorted
    • Gitlab-ci with docker-compose
Powered by GitBook
On this page
  • Website Footprinting
  • HTTrack
  • BurbSuite
  • Owasp Zap
  • Firebug
  • Online Tools
  • Shodun
  • Exploit Database
  • DNS footprinting
  1. IT Security Roles
  2. Web Application Security Specialist
  3. Web Security testing Methodology

1 Footprinting

PreviousWeb Security testing MethodologyNext2 Scanning

Last updated 3 years ago

Website Footprinting

HTTrack

mirror websites. More at

Install on debian unix like kali:

$ apt-get install httrack webhttrack
$ webhttrack

Use the webhttrack GUI which is a browser GUI and you can select the options via your browser or the wizard for options:

$ webhttrack www.mysite.com --mirror-wizard

The website should be copied into the default folder if not specified: home/username/websites/TheCopiedWebsite

$ sudo cp -r TheCopiedWebsite /var/www/html

Then start your local apache web server

$ service apache2 status
$ service apache2 start

Then open localhost/TheCopiedWebsite in your browser to explore the copied website.

BurbSuite

TBD

Owasp Zap

TBD

Firebug

TBD

Online Tools

Shodun

Explore the internet of things. Free account has a limited quantity of searches per day. Find exploits and targets.

Basic commands:

Look for vulnerable HTTP Website hosted with Apache servers in your city, i.e.:

apache country="FR" city:"chamonix" port:"80"

Look for google web server i.e.:

"Server: gws" hostname:"google"

Look for subnet devices i.e.:

cisco net "80:332:11:10/24"

Exploit Database

DNS footprinting

What Information can we fing in the DNS records? Depends on the country.

SVR= Service location records

PTR= Pointer records

RP= Responsible Person record (not in Switzerland)

HInfo=Host Information

```

https://en.kali.tools/?p=443
https://www.exploit-db.com/google-hacking-database
https://shodun.ioshodun.io
LogoOffensive Security’s Exploit Database Archive