Web application testing starts very much like the penetration testing discussed in Chapter 10 , “Metasploit.” You must get authority to test a target, and validation of ownership is critical. With web application reconnaissance specifically, you have a few other resources to utilize, such as Whois and DNSdumpster.
In Lab 11.1 , you'll be validating the owner of the web application you are testing.
LAB 11.1 : VALIDATING TARGETSWhois is a protocol for searching Internet registration databases for domain names and IP addresses. Open your browser and navigate to https://www.whois.icann.org Make sure you are going to the correct site. Some clones of Whois are trying to sell you something. As you see in Figure 11.3 , ICANN's WHOIS Lookup gives you the ability to look up a domain owner.
Figure 11.3 :
Where the form asks you to enter a domain, type in www.example.com .In Figure 11.4 , you see that www.example.com is a domain that has been owned by the Internet Assigned Numbers Authority (IANA) since 1992.
Figure 11.4 :www.example.com
Open another tab in your browser and type in https://dnsdumpster.com DNSdumpster is a free domain‐research tool that can discover other hosts associated with the initial domain you looked up with Whois. You have to know the entire web application landscape in order to protect it. As you see in Figure 11.5 , you get a wealth of information about www.example.com .
Figure 11.5 :
With both tabs open, compare the registered owner with the DNS servers hosting the site. If they are the same, feel free to proceed with the rest of your test. Just a side note, my favorite part of the DNSdumpster site is toward the bottom of a search. It will map the domain for you. Are any of the devices you are testing connected to the Internet? Open a third tab and navigate to www.shodan.io Shodan is the search engine to use if you are looking for specific types of IoT, including webcams, routers, or servers mostly running HTTP/HTTPS, FTP, SSH, Telnet, SNMP, IMAP, SMTP, and SIP. Shodan users can find all sorts of fun things connected to the Internet. Everything from traffic lights, control systems, power grids, security cameras, and even a nuclear power plant or two have been found. Many of these IoT devices still have their default configuration on them, such as admin/admin , and the only software needed to connect is your web browser.
In Figure 11.6 , you see the search for www.example.com . Shodan.io crawls the Internet for publicly accessible devices. With your search, you will get 10 results unless you create an account. If you sign in, you can get up to 50.
Figure 11.6 :www.example.com in their details
Type telnet in the search bar.It is quite scary when you find a Shodan result with username/password credentials in the banner. Remember, do not touch these devices unless you have permission to do so .
发布评论