AppSecNotes
Fingerprinting
  • Run Nuclei. To apply rate limiting use -rl.
  • Run Nikto: $ nikto -host https://www.domain.com -usecookies.
  • Use the Wappalyzer brower extension. Search if the versions found have vulnerabilities.
  • Check with builtwith.com.
  • Check source code and sources (inspect), footer of the application, header responses and licensing information.
  • Try to force an Internal Server Error to see if the response discloses any version information:
    • If an API has a parameter that takes integers, test it with the following arguments to see of it handles them gracefully: "-1", "0", with a string, with an array.
    • Test requests without any or some URL parameters or body JSON keys.
  • Check if the webpage has any WAF protecting it with: $ wafw00f domain.com.
  • Enumerate Storage Buckets if applicable.
  • Enumerate Firebase Databases if applicable.