AppSecNotes
Asset Discovery
Find Subdomains
  • Search for subdomains with subfinder, assetfinder and amass.
  • Search for backlinks: backlinkwatch.com.
  • Google Dorking: site:domain.com -www.
Try to Find Source Code on GitHub
Scan for Open Ports
  • TCP:
    $ nmap -A -T4 -p- targetdomain;
    or
    $ nmap -sS -p- targetdomain.
  • UDP: $ nmap -sU -top-ports=100 targetdomain.
Evaluate Headers and TLS Ciphers
  • securityheaders.com.
  • Insufficient encruption - deprecated ciphers: $ nmap -p443 -script=ssl-enum-ciphers domain.com.