Web Security 18 March 2025 8 min read

Web Application Enumeration: Finding Hidden Content and Vulnerabilities

Web application enumeration is the process of gathering information about a target web application to identify potential vulnerabilities. This guide covers techniques for discovering hidden content, endpoints, and attack vectors.

Initial Reconnaissance

Technology Fingerprinting

# Wappalyzer (browser extension)
# BuiltWith (online)

# WhatWeb
whatweb http://target.com

# Check HTTP headers
curl -I http://target.com

# Common headers revealing technology
# X-Powered-By: PHP/7.4
# Server: Apache/2.4.41
# X-AspNet-Version: 4.0.30319

Robots.txt and Sitemap

curl http://target.com/robots.txt
curl http://target.com/sitemap.xml
curl http://target.com/sitemap_index.xml

# Common hidden paths in robots.txt
# Disallow: /admin/
# Disallow: /backup/
# Disallow: /config/

Source Code Analysis

# Check page source for:
# - Comments with sensitive info
# - Hidden form fields
# - JavaScript files
# - API endpoints
# - Version numbers

curl -s http://target.com | grep -E "
                

                
                

                    

                                            

                    

                        Written by
                        

                            
                                Window Events

Leave a Reply

Your email address will not be published. Required fields are marked *