Climbing Mount WebAppSec – Discovering Directories & Files with ZAP

This is the second part of my mini-series on “Domain Discovery”. The first part is here. Following Jason Haddix’s Bug Hunters Methodology I’m at phase three: Mapping Discovering the domain falls into two parts. The first to the left of the domain (subdomains) and the second to the right of the domain (Directories/Files). In this post I will cover directories/files. As with subdomains the premise in discovering directories/files is to firstly enlarge the attack surface and in the process find some easier wins. Directories and files may be forgotten in the mists of time, or may be part of the website admin/functionality the Read More

Climbing Mount WebAppSec – Discovering Directories & Files with Wfuzz

This is the second part of my mini-series on “Domain Discovery”. The first part is here. Following Jason Haddix’s Bug Hunters Methodology I’m at phase three: Mapping Discovering the domain falls into two parts. The first to the left of the domain (subdomains) and the second to the right of the domain (Directories/Files). In this post I will cover directories/files. As with subdomains the premise in discovering directories/files is to firstly enlarge the attack surface and in the process find some easier wins. Directories and files may be forgotten in the mists of time, or may be part of the website admin/functionality the Read More

Climbing Mount WebAppSec – Discovering Subdomains

Following Jason Haddix’s Bug Hunters Methodology I’m at phase two: Discovery. Discovering the domain falls into two parts. The first to the left of the domain (subdomains) and the second to the right of the domain (Directories/Files). In this post I will cover subdomains. The premise in discovering subdomains is to firstly enlarge the attack surface and in the process find some easier wins. Subdomains may be forgotten in the mists of time; for example, originally set up for testing purposes, or a myriad other reasons that make them of interest to us. There’s a lot of solid tools out there Read More