Review Webserver Metafiles

Check List

Identify hidden or obfuscated paths and functionality through the analysis of metadata files.
Extract and map other information that could lead to better understanding of the systems at hand.

Methodology

Webserver Metafiles

Retrieve the robots.txt file from the target website to identify disallowed paths, hidden directories, or sensitive endpoints that may reveal internal structure or unintended exposures

Access the xmlrpc.php file to check for WordPress XML-RPC interfaces, assessing potential vulnerabilities like brute-force attacks or remote method execution

Fetch the sitemap.xml file to enumerate indexed URLs, uncovering pages, APIs, or resources that may expose additional attack surfaces or hidden content

Query the security.txt file to discover security contact information or vulnerability disclosure policies, identifying the target’s bug bounty program details or reporting channels

Check for the humans.txt file to gather metadata about the site’s developers or contributors, potentially revealing internal team details or associated technologies

Access the WordPress REST API endpoint to enumerate user information or public API data, testing for unauthorized data leaks or misconfigured access controls

Extract META tags from the target’s homepage to identify metadata like generator tags, CMS versions, or author details, providing insights into the technology stack or potential vulnerabilities

Cheat Sheet

robots.txt

curl $WEBSITE/robots.txt

xmlrpc.php

curl $WEBSITE/xmlrpc.php

sitemap.xml

curl $WEBSITE/sitemap.xml

security.txt

curl $WEBSITE/security.txt

humans.txt

curl $WEBSITE/humans.txt

META tags

curl $WEBSITE | grep 'meta'

WordPress API

curl $WEBSITE/wp-json/wp/v2/users/

Swagger API

curl $WEBSITE/swagger/v1/swagger.json

SharePoint API

curl $WEBSITE/_api/web/Folders

PreviousFingerprint Web Server NextEnumerate Applications

Last updated 2 days ago