Auto Web Application Penetration Testing: Intelligence Gathering

Hi all,

A penetration test (pentest for short) is a method of attacking a computer’s systems in the hope of finding weaknesses in its security. If the pentest successfully gains access, it shows that computer functionality and data may be compromised.
Penetration tests serve a range of valuable purposes. One its main purposes is finding vulnerabilities that are difficult for automated security systems to detect. Additionally, they determine the impact of attacks on computer systems, test network defense systems, and provide details needed to support an increase in spending on security technology.

The testing is executed based on the following methodology:

More info, please read this good article.

On this post, i want to introduce my auto_webapp_pentest script.

Intelligence Gathering option

+ Fiding Subdomain

My script are going to use some script for finding subdomain

Fuzzing tool

Sublist3r

Brute force dns

Finally, save result.txt file.

+ Fingerprint WebServer

On this option, i am going to use whatweb, nikto, wafw00f and more for gathering my target webserver.

+ Discover Content

Finding target CMS => Fuzzing target CMS (Check deafult & backup…files, Vulnerability scanning)

If your target are running WordPress, Joomla, Drupal, … this script will enumerate all plug-in, themes, sensitive directory and vulnerability.

For example, my target are running vBulletin:

DEMO

https://www.youtube.com/watch?v=vJMaDMgM_gI

Now, i am continuing to write my script. So when i completed, i will share for you. 😀