Information Gathering in Web Applications
Training Overview
This training is focused on the information gathering process, which is a crucial first step in cybersecurity. The training covers active and passive information gathering techniques, providing foundational knowledge about different methods and tools that can be used to assess the security posture of a target. Active information gathering involves direct interaction with the target, while passive information gathering involves collecting information about the target without its knowledge.
In later sections of the training, detailed topics include Whois queries, identifying technologies used on target websites, using the Internet Archive (Wayback Machine), advanced search techniques like Google Dorks, metadata analysis, DNS enumeration, discovery tools like theHarvester, subdomain enumeration, and file and directory scanning methods. These topics provide a comprehensive guide to methodologies and tools that are useful when testing the security of a web application or conducting cybersecurity research.
What You Will Learn
- The difference between active and passive information gathering.
- How to use Whois and DNS enumeration to map a target's infrastructure.
- How to leverage Google Dorks and the Wayback Machine for reconnaissance.
- Techniques for subdomain enumeration and directory scanning.
Who is this for?
- Penetration Testers and Red Teamers.
- Bug Bounty Hunters.
- Security Analysts responsible for threat intelligence.
Prerequisites
- A basic understanding of how websites and DNS work.
Tools You Will Use
- Whois command-line tool
- Google Search Engine
- Subdomain enumeration tools (e.g., Subfinder, Amass)
- Directory scanners (e.g., Gobuster, ffuf)
Training Sections
- Introduction
- Whois
- Technologies Used in Websites
- Internet Archive - Wayback Machine
- Google Dorks
- Meta Files
- DNS Enumeration
- Other Discovery Tools
- Subdomain Enumeration
- File and Directory Scanning
- Exam