Map Execution Paths

PreviousIdentify Application Entry Points NextFingerprint Web Application Framework

Last updated 1 month ago

Was this helpful?

Map Execution Paths

Check List

Map the target application and understand the principal workflows.

Cheat Sheet

Path

Burp Suite

Mapping a Website with Burp Suite

Burp Suite > Target > Site map > Right Click on One Domain > Engagement tools > Analyze Target

Crawling a Website with Burp Suite

Burp Suite > ِDashbord > New Scan > Use Web app Scan > Use a preset scan mode > Analyze Target in Summary

feroxbuster --url $WEBSITE -C 200 -x php,aspx,jsp

dirsearch -u $WEBSITE \
          -w /usr/share/seclists/Discovery/Web-Content/raft-large-directories.txt \
          -e php,cgi,htm,html,shtm,sql.gz,sql.zip,shtml,lock,js,jar,txt,bak,inc,smp,csv,cache,zip,old,conf,config,backup,log,pl,asp,aspx,jsp,sql,db,sqlite,mdb,wasl,tar.gz,tar.bz2,7z,rar,json,xml,yml,yaml,ini,java,py,rb,php3,php4,php5

Data Flow

BurpSuite

Burp Suite > Target > Site map > Analyze Three Domain

Race

BurpSuite

Burp Suite > Target > Right Click on One Domain > Extensions > Turbo intruder > send to turbo intruder > Add to WordList path in line "for word in open('/usr/share/dict/words')" > Attack

PreviousIdentify Application Entry Points NextFingerprint Web Application Framework

Last updated 1 month ago

Was this helpful?