Scribd
Upload
9 views2 pages

Resume

The document outlines key information to gather during web reconnaissance, including website ownership, IP addresses, and hosting infrastructure. It also provides a series of questions and answers related to web security testing techniques and HTTP request/response headers. Tools and techniques for fingerprinting and information gathering, such as BuiltWith and Wappalyzer, are mentioned as well.

Uploaded by

mierd olas varias
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
9 views2 pages

Resume

The document outlines key information to gather during web reconnaissance, including website ownership, IP addresses, and hosting infrastructure. It also provides a series of questions and answers related to web security testing techniques and HTTP request/response headers. Tools and techniques for fingerprinting and information gathering, such as BuiltWith and Wappalyzer, are mentioned as well.

Uploaded by

mierd olas varias
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 2

Resumen:

1.-What Information Are We Looking For?


Website & domain ownership.
IP addresses, domains and subdomains.
Hidden files & directories.
Hosting infrastructure (web server, CMS, Database etc).
Presence of defensive solutions like a web application firewall

XML: http://web/page-sitemap.xml , http://web/category-sitemap.xml,


http://web/author-sitemap.xml

Fingerprinting:
BuiltWith
Wappalyzer
whatweb http://web/
wafw00f url -a

Preguntas:

1.- Port scanning is a passive reconnaissance technique.


False
2.-How many information gathering tests are outlined in the OWASP Web Security
Testing Guide?
10
3.-The Whois lookup utility can be used to identify the nameservers of a
particular domain.
True
4.-Can Netcraft be used to identify the presence of a web proxy or web
application firewall (WAF)?
True
5.-Which one of the following DNS records is used to resolve a domain to a mail
server?
MX
6.-The Disallow directive specifies which resources are prohibited by search
engine crawlers.
TRUE
7.Which one of the following Google search queries can be used to search for
subdomains for the domain INE.com?
site:*.ine.com
8.-Can the BuiltWith browser add on be used to enumerate JavaScript libraries
being used on a site?
True
9.-Which one of the following Wafw00f commands can be used to enumerate all
possible instances of a WAF?
wafw00f http://ine.com -a
10.-Does HTTRack utilize spidering to find and download files from a webserver?
TRUE
11.-In addition to taking website screenshots, EyeWitness also downloads the
website source code.
True
12.-Spidering is a passive information gathering technique.
False

13.-In an HTTP request, which part specifies the resource being requested from
the server?
Request URL
14.-Which HTTP method is used by web browsers to request a resource from a web
server?
GET
15.-In HTTP response parsing, what does the "Content-Type" header specify?
Type of data in the response body
16.-What is the purpose of the "Set-Cookie" header in an HTTP response?
It contains the data that the browser needs to send back to the server with
future requests.
17.-Which HTTP response header informs the browser how long it should cache the
response?
Cache-Control
18.-What does the "Referer" header in an HTTP request typically contain?
The URL of the previous web page from which the request originated.

You might also like