Wednesday is here and another module awaits!
Today we move on to Content Discovery “The various ways of discovering hidden or private content on a webserver that could lead to new vulnerabilities.”
Content which is covered is the following – What Is Content Discovery?, Manual Discovery – Robots.txt, Manual Discovery – Favicon, Manual Discovery – Sitemap.xml, Manual Discovery – HTTP Headers, Manual Discovery – Framework Stack, OSINT – Google Hacking / Dorking, OSINT – Wappalyzer, OSINT – Wayback Machine, OSINT – GitHub, OSINT – S3 Buckets & Automated Discovery.
The section about the favicon lookup was cool as I didn’t know this was a thing! But If an old favicon gets left and you are able to download it and check the md5 hash of the favicon you may be able to work out the framework for the website/web application as shown below.
https://wiki.owasp.org/index.php/OWASP_favicon_database
Overall, very qucik and basic room but it’s just another step along the learning jouney (the favicon was cool however), but as shown with the above example if you don’t review all the basics you may miss something you need later on!
Until next time & don’t sleepwalk through life!
Viszontlátásra