> For the complete documentation index, see [llms.txt](https://oscp.adot8.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://oscp.adot8.com/web-applications/checklist.md).

# Checklist

{% hint style="danger" %}
Cannot "GET" /blahblah = TRY DIFFRENT REQUEST METHODS
{% endhint %}

```
gobuster dir -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x php,txt,config,pdf -t 100 -u
```

```
ffuf -w  /usr/share/dirbuster/wordlists/directory-list-2.3-small.txt -recursion -recursion-depth 4 -e .php,.txt,.html -u
```

Extensions to look for : php,aspx,txt,html,config,conf,asp,pdf,zip,tar

* `/usr/share/seclists/Discovery/Web-Content/raft-medium-directories.txt`
* `/usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt`

{% hint style="info" %}
Enumerate all sub directories
{% endhint %}

```
gobuster vhost -w ~/opt/wordlists/subdomains_small.txt -u domain.htb
```

```
 wfuzz -c -f sub-fighter -w /usr/share/dnsrecon/dnsrecon/data/subdomains-top1mil-20000.txt-u $url -H "HOST: FUZZ.$domain.com" --hw 1
```

{% hint style="info" %}
Check SSL certificate
{% endhint %}

### Real and per-existing web application

1. Narrow down version
2. Default credentials / bruteforce variations of default creds (run in the background)
3. Search for existing exploits and CVE's

{% hint style="danger" %}
Don't be afraid to get to page 4 on google
{% endhint %}

### Box built web application

1. Directory bust the f\*\*\* out of it at each level (run the background)
2. Default credentials / bruteforce variations of default creds (run in the background)
3. Existing exploits??
4. Fuzz all input boxes for SQLI, command injection, etc.
5. File upload features?
6. Directory traversal, LFI, RFI
7. Read source code, search for hints/clues
8. Review requests and responses in Burp

{% hint style="info" %}
If the website is fairly static and boring don't be afraid to look into the `assets` directory and folders of the nature. Offsec likes hiding things in random places
{% endhint %}

{% hint style="warning" %}
REGARDING ANY AND ALL HTTP PORTS (WINDOWS RPC SPEFICALLY) VISIT ALL OF THEM USING THE IP AND FQDN... Offsec sneaky like that
{% endhint %}
