Auto Web Application Penetration Testing: Intelligence Gathering
A penetration test (pentest for short) is a method of attacking a computer’s systems in the hope of finding weaknesses in its security. If the pentest successfully gains access, it shows that computer functionality and data may be compromised.
Penetration tests serve a range of valuable purposes. One its main purposes is finding vulnerabilities that are difficult for automated security systems to detect. Additionally, they determine the impact of attacks on computer systems, test network defense systems, and provide details needed to support an increase in spending on security technology.
The testing is executed based on the following methodology:
More info, please read this good article.
On this post, i want to introduce my auto_webapp_pentest script.
Intelligence Gathering option
+ Fiding Subdomain
My script are going to use some script for finding subdomain
Brute force dns
Finally, save result.txt file.
+ Fingerprint WebServer
On this option, i am going to use whatweb, nikto, wafw00f and more for gathering my target webserver.
+ Discover Content
Finding target CMS => Fuzzing target CMS (Check deafult & backup…files, Vulnerability scanning)
If your target are running WordPress, Joomla, Drupal, … this script will enumerate all plug-in, themes, sensitive directory and vulnerability.
For example, my target are running vBulletin:
Now, i am continuing to write my script. So when i completed, i will share for you. 😀