Webserver Checklist Pentest
Webserver Checklist Pentest
Webserver Checklist Pentest
Home
kalitutorials
Malware
Ransomware
Cryptocurrency hack
SOC Resources
Advertise
GBH Team
GBHackers On Security
Home
Hacks
THREATS
PENTEST
KALI
SOC
Infosec
TECH
TOOLS
Courses
PENTESTING
Web Server Pentesting
Web server pentesting performing under 3 major category which is identity, Analyse, Report
Vulnerabilities such as authentication weakness, configuration errors, protocol Relation
vulnerabilities.
1. “Conduct a serial of methodical and Repeatable tests “ is the best way to test the web
server along with this to work through all of the different application Vulnerabilities.
3. Performing web server Authentication Testing, use Social engineering techniques to collect
the information about the Human Resources, Contact Details, and other Social Related
information.
4. Gathering Information about Target, use whois database query tools to get the Details such
as Domain name, IP address, Administrative Details, autonomous system number, DNS etc.
5. Fingerprint webserver to gather information such as server name, server type, operating
systems, an application running on the server etc use fingerprint scanning tools such as,
Netcraft, HTTPrecon, ID Serve.
6. Crawel Website to gather Specific information from web pages, such as email addresses
7. Enumerate web server Directories to extract important information about web
functionalities, login forms etc.
8. Perform Directory traversal Attack to access Restricted Directories and execute the
command from outside of the Web server root directories.
9. Performing vulnerability scanning to identify the weakness in the network use the
vulnerability scanning tools such as HPwebinspect, Nessus . and determine if the system can be
exploited.
10. Perform we cache poisoning attack to force the web server’s cache to flush its actual cache
content and send a specifically crafted request which will be stored in the cache.
11. Performing HTTP response splitting attack to pass malicious data to a vulnerable
application that includes the data in an HTTP response header.
12. Bruteforce SSH,FTP, and other services login credentials to gain unauthorized access.13.
Perform session hijacking to capture valid session cookies and ID’s,use tools such as Burb
suite , Firesheep ,jhijack to automated session hijacking.
15. Use tools such as Webalizer, AWStats to examine the web server logs .
Protocols
Accounts
Shares
Ports
Server Certificates