Review Webserver Metafiles

Check List

• Identify hidden or obfuscated paths and functionality through the analysis of metadata files.

• Extract and map other information that could lead to better understanding of the systems at hand.

Methodology

Webserver Metafiles

1

Retrieve the robots.txt file from the target website to identify disallowed paths, hidden directories, or sensitive endpoints that may reveal internal structure or unintended exposures

2

Access the xmlrpc.php file to check for WordPress XML-RPC interfaces, assessing potential vulnerabilities like brute-force attacks or remote method execution

3

Fetch the sitemap.xml file to enumerate indexed URLs, uncovering pages, APIs, or resources that may expose additional attack surfaces or hidden content

4

Query the security.txt file to discover security contact information or vulnerability disclosure policies, identifying the target’s bug bounty program details or reporting channels

5

Check for the humans.txt file to gather metadata about the site’s developers or contributors, potentially revealing internal team details or associated technologies

6

Access the WordPress REST API endpoint to enumerate user information or public API data, testing for unauthorized data leaks or misconfigured access controls

7

Extract META tags from the target’s homepage to identify metadata like generator tags, CMS versions, or author details, providing insights into the technology stack or potential vulnerabilities

---

Cheat Sheet

robots.txt

curl $WEBSITE/robots.txt

xmlrpc.php

curl $WEBSITE/xmlrpc.php

sitemap.xml

curl $WEBSITE/sitemap.xml

security.txt

curl $WEBSITE/security.txt

humans.txt

curl $WEBSITE/humans.txt

META tags

curl $WEBSITE | grep 'meta'

WordPress API

curl $WEBSITE/wp-json/wp/v2/users/

Swagger API

curl $WEBSITE/swagger/v1/swagger.json

SharePoint API

curl $WEBSITE/_api/web/Folders