Content discovery / recon
The process of identifying and mapping out different type of components,fuctionality, subdomains, directories, and endpoints is content discovery.
When doing content discovery the following components we should look for
- Technology stack
- Subdomains
- Directories and endpoints
- Parameters and Functionality
- APIs
- JS files
- Open services and Ports.
Analyzing web services contains
- About running Server
-
Operating systems, Web server (
Apache/Nginx) - Version of the Web Server
- Subdomains we can look for.
Looking for Common files
- robots.txt, security.txt
- .htaccess
- manifest.json
- sitemap.xml
- browserconfig.xml etc
Frontend Checks
- Instecting the page source, checking scripts
- Check for Links(broken) or active and check for sensitive information
Entry Point
- Check for what endpoints exist, HTTP methods, used Parameters
- Fuzz for endpoints, files, parameters, methods and etc.