Posts

Showing posts from May, 2018

Less Time To Perform Penetration Tests ? Look For Known Bugs...!!

Image
August 1St 2017 Evening, 
I was having my evening tea as few hours left for a day off and suddenly I was assigned a new task by my manager. He rush down to me and said dear Raghav, you have to perform a quick security tests on particular website ABC and its sub-domain. Try to wrap it up in an hour or two. Find any critical or high bug and make the incident report so we can impress our client and buy proper time to perform security assessments.
The moment I received E-mail related to project, My first move was to search for sub-domains so I use following techniques like Google/Bing search operators, reverse IP lookups, dnsdumpster.com, Knock Sub-domain Scan and Acunetix Sub-domain Scanner.

Fig.1 Sub-domain Scanning

As I made the list of sub-domains, I quickly opened Firefox web browser then installed Wappalyzer Addon andstated looking for technologies and there versions for various domain. After 10 minutes I was finished with technology version mapping with targeted domains. After giving …