Discovering, profiling, and fuzzing web applications is a great way to gain some Reconnaissance information about your targets that happen to run some sort of web application. This information will allow you to know what exactly you have on your network to work with, and where you can possible go next. We will first start with a tool such as dotdotpwn
to accomplish some fuzzing, as well as utilizing w3af to check for vulnerabilities.
Dotdotpwn
is a multi-protocol fuzzer to discover traversal directory vulnerabilities. Fuzzers provide a testing technique that looks for poor coding or security loopholes in software applications such as web servers or even operating systems. The ultimate goal is to find these vulnerabilities in the Recon stage so that we can exploit them later. So dotdotpwn
makes a great Recon tool.
First thing to know about dotdotpwn
is that it supports many different protocols or modules. These modules include HTTP, FTP, and TFTP just to name...