crash.software
Projects
Pull Requests
Issues
Builds
Cipherops
Code
Files
Commits
Branches
Tags
Pull Requests
Code Comments
Code Compare
Issues
Builds
Statistics
Child Projects
cra.sh
RESTful API
Projects STRLCPY Cipherops Files
🤬
c4f376e2
ROOT /
web-application /
web-application-testing-checklist.md
169 lines | ISO-8859-1 | 4 KB

Web Application Testing Checklist

### Infrastructure Penetration Testing Checklist

Resourse by: Purab Parihar
Contact him : 
LinkedIn: [Purab Parihar](https://www.linkedin.com/in/purabparihar/)
Twitter: [@purab_parihar](https://twitter.com/purab_parihar)

#### Recon

##### External Infrastructure

- [ ] Performing Subdomain Scans
- [ ] Performing recon on Company's LinkedIn Page
- [ ] Listing Employees from Company Profile
- [ ] Extracting email addresses from Employees' Profile for Identifying email formats
- [ ] Google Dorking on Email's Found/Guessed Patterns
- [ ] Gathering Breached Credentials
- [ ] Performing Port Scan on IPs
- [ ] Using Shodan on Public Facing IPs

##### Internal Infrastructure

- [ ] Using Responder in Analyze Mode
- [ ] Using Wireshark for monitoring Network Traffic
- [ ] Performing Network Range Scan
- [ ] Fingerprinting
- [ ] Performing Whois on IPs
- [ ] Performing ASN Discovery
- [ ] Gathering DNS Records
- [ ] Bruteforcing Hostnames with DNS
- [ ] Google Dorking
- [ ] Searching for specific filetypes on the target domain
- [ ] Reverse DNS Lookup
- [ ] Mapping Network
- [ ] Identifying Live Hosts
- [ ] Port Scan
- [ ] Service Scan
- [ ] Version Scan
- [ ] Scanning with NSE/Scripts
- [ ] OS Scan
- [ ] UDP as well as TCP Scan
- [ ] SNMP Enumeration
- [ ] NetBIOS Enumeration
- [ ] Visualizing Network on MindMaps

#### Vulnerability Assessment and PT

##### FTP (Port 21)

- [ ] Grabbing Banner for Versions
- [ ] Anonymous Login
- [ ] FTP Bounce
- [ ] Testing Default or Guessable Passwords

##### SSH (Port 22)

- [ ] Grabbing Banner for Versions
- [ ] Testing Null Password
- [ ] Testing Default or Guessable Passwords

##### SMTP (Port 25)

- [ ] Grabbing Banner for Versions
- [ ] Connecting with Telnet
- [ ] Testing SMTP Relay
- [ ] User Enumeration

##### DNS (Port 53)

- [ ] DNS Hostname Bruteforce
- [ ] DNS Reverse Lookup
- [ ] DNS Service Record Enumeration
- [ ] DNS Service Discovery
- [ ] DNS Zone Transfer

##### Jenkins

- [ ] Checking pages accessible without authentication
- [ ] Exploiting vulnerable versions

##### IIS

- [ ] Enumerating .config files
- [ ] Checking for Trace.AXD enabled debugging
- [ ] Path Traversal
- [ ] Source Code Disclosure
- [ ] Downloading DLLs
- [ ] Exploiting vulnerabilities in specific IIS DLLs
- [ ] Testing for IIS tilde character "~" Vulnerability
- [ ] Bypassing Basic Authentication
- [ ] Directory Brute Force

##### Kerberos (Port 88)

- [ ] Enumerating Active Directory Attacks

##### RPC (Port 111)

- [ ] Enumerating Basic Information using rpcinfo
- [ ] Connecting to RPC with RPC Client
- [ ] Enumerating Rusers
- [ ] Checking for accessible NFS mounts

##### LDAP (Port 389)

- [ ] Listing public information
- [ ] Checking Null Credentials
- [ ] Extracting Users, Computers, and other information
- [ ] Enumerating Domain Admins and Enterprise Admins
- [ ] Enumerating Administrators and Remote Desktop Groups

##### SMB (Port 445)

- [ ] Testing Anonymous Credentials
- [ ] Grabbing Banner for Versions
- [ ] Testing Null Sessions
- [ ] Exploiting vulnerabilities with RPCClient
- [ ] Listing shares and mounting them

##### MSSQL (Port 1433)

- [ ] Grabbing Banner for Versions
- [ ] Basic Information Gathering
- [ ] Executing Commands with MSSQL
- [ ] Privilege Escalation

##### MySQL (Port 3306)

- [ ] Enumerating with nmap
- [ ] Grabbing Banner for Versions
- [ ] Enumerating Privileges and File Privileges
- [ ] Extracting User Information
- [ ] Writing and Reading Files
- [ ] Changing User Passwords

##### Postgresql (Port 5432)

- [ ] Grabbing Banner for Versions
- [ ] Injecting DB Name Flags

##### VNC (Port 5900)

- [ ] Testing Unauthenticated VNC Access
- [ ] Checking for VNC Passwords

##### Redis (Port 6379)

- [ ] Grabbing Banner for Versions
- [ ] Attempting access to Redis without credentials
- [ ] Enumerating information after login
- [ ] Extracting connected clients
- [ ] Gathering configuration details
- [ ] Dumping the database

##### PJL (Port 9100)

- [ ] Interacting with PJL using tools like `PRET`
- [ ] Testing for vulnerabilities and misconfigurations

##### Memcache (Port 11211)

- [ ] Extracting statistics using `memcstat`
- [ ] Dumping data from Memcache using `memccat`
Please wait...
Page is in error, reload to recover