> For the complete documentation index, see [llms.txt](https://cyb3r.gitbook.io/pentestbook/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://cyb3r.gitbook.io/pentestbook/enumeration.md). # Enumeration - [Pentesting Web checklist](https://cyb3r.gitbook.io/pentestbook/enumeration/web-checklist.md) - [Cheat sheet](https://cyb3r.gitbook.io/pentestbook/enumeration/web-checklist/cheat-sheet.md) - [Pentesting Web Checklist V2](https://cyb3r.gitbook.io/pentestbook/enumeration/web-checklist-1.md) - [Web Attacks](https://cyb3r.gitbook.io/pentestbook/enumeration/web.md) - [General Info](https://cyb3r.gitbook.io/pentestbook/enumeration/web/general-info.md) - [Quick tricks](https://cyb3r.gitbook.io/pentestbook/enumeration/web/quick-tricks.md) - [Bruteforcing / Cracking](https://cyb3r.gitbook.io/pentestbook/enumeration/web/bruteforcing.md) - [Crawl / Fuzz](https://cyb3r.gitbook.io/pentestbook/enumeration/web/crawl-fuzz.md) - [Header injections](https://cyb3r.gitbook.io/pentestbook/enumeration/web/header-injections.md) - [LFI / RFI](https://cyb3r.gitbook.io/pentestbook/enumeration/web/lfi-rfi.md): Local File Inclusion / Remote File Inclusion - [Open redirects](https://cyb3r.gitbook.io/pentestbook/enumeration/web/open-redirects.md) - [SSRF](https://cyb3r.gitbook.io/pentestbook/enumeration/web/ssrf.md): Server-side request forgery (SSRF) - [SQLi](https://cyb3r.gitbook.io/pentestbook/enumeration/web/sqli.md): SQL Injection - [File upload](https://cyb3r.gitbook.io/pentestbook/enumeration/web/upload-bypasses.md) - [XSS](https://cyb3r.gitbook.io/pentestbook/enumeration/web/xss.md): Cross-site scripting - [CSP](https://cyb3r.gitbook.io/pentestbook/enumeration/web/xss/csp.md): Content Security Policy - [XXE](https://cyb3r.gitbook.io/pentestbook/enumeration/web/xxe.md): XML external entity injection is a web security vulnerability that allows an attacker to interfere with an application's processing of XML data. It often allows an attacker to view - [CORS](https://cyb3r.gitbook.io/pentestbook/enumeration/web/cors.md): Cross-Origin Resource Sharing - [CSRF](https://cyb3r.gitbook.io/pentestbook/enumeration/web/csrf.md): Cross-site request forgery - [Command Injection](https://cyb3r.gitbook.io/pentestbook/enumeration/web/command-injection.md) - [HTTP Request Smuggling](https://cyb3r.gitbook.io/pentestbook/enumeration/web/request-smuggling.md): HTTP Request Smuggling / HTTP Desync Attack - [Web Cache Poisoning](https://cyb3r.gitbook.io/pentestbook/enumeration/web/web-cache-poisoning.md) - [Clickjacking](https://cyb3r.gitbook.io/pentestbook/enumeration/web/clickjacking.md) - [Web Sockets](https://cyb3r.gitbook.io/pentestbook/enumeration/web/web-sockets.md) - [CRLF](https://cyb3r.gitbook.io/pentestbook/enumeration/web/crlf.md): Carriage Return Line Feed - [IDOR](https://cyb3r.gitbook.io/pentestbook/enumeration/web/idor.md): IDOR occur when an application provides direct access to objects based on user-supplied input. As a result of this vulnerability attackers can bypass authorization and access resources in the system - [Session fixation](https://cyb3r.gitbook.io/pentestbook/enumeration/web/session-fixation.md) - [Email attacks](https://cyb3r.gitbook.io/pentestbook/enumeration/web/email-attacks.md) - [HTTP Parameter pollution](https://cyb3r.gitbook.io/pentestbook/enumeration/web/parameter-pollution.md) - [SSTI](https://cyb3r.gitbook.io/pentestbook/enumeration/web/ssti.md): Server Side Template Injection - [Deserialization](https://cyb3r.gitbook.io/pentestbook/enumeration/web/deserialization.md) - [Prototype Pollution](https://cyb3r.gitbook.io/pentestbook/enumeration/web/prototype-pollution.md) - [JWT attacks](https://cyb3r.gitbook.io/pentestbook/enumeration/web/dns-rebinding.md): JWT attacks involve a user sending modified JWTs to the server in order to achieve a malicious goal. Typically, this goal is to bypass authentication and access controls by impersonating another user - [Webshells](https://cyb3r.gitbook.io/pentestbook/enumeration/web/web-shells.md) - [Broken Links](https://cyb3r.gitbook.io/pentestbook/enumeration/web/broken-links.md) - [Cookie Padding](https://cyb3r.gitbook.io/pentestbook/enumeration/web/cookie-padding.md) - [Information Disclosure](https://cyb3r.gitbook.io/pentestbook/enumeration/web/information-disclosure.md) - [Web Technologies](https://cyb3r.gitbook.io/pentestbook/enumeration/webservices.md) - [Wordpress](https://cyb3r.gitbook.io/pentestbook/enumeration/webservices/wordpress.md) - [Joomla](https://cyb3r.gitbook.io/pentestbook/enumeration/webservices/joomla.md) - [Drupal](https://cyb3r.gitbook.io/pentestbook/enumeration/webservices/drupal.md) - [Tomcat](https://cyb3r.gitbook.io/pentestbook/enumeration/webservices/tomcat.md) - [APIs](https://cyb3r.gitbook.io/pentestbook/enumeration/webservices/apis.md) - [GraphQL API](https://cyb3r.gitbook.io/pentestbook/enumeration/webservices/graphql-api.md) - [JS](https://cyb3r.gitbook.io/pentestbook/enumeration/webservices/js.md) - [ASP.NET](https://cyb3r.gitbook.io/pentestbook/enumeration/webservices/.net.md) - [GitHub / GitLab](https://cyb3r.gitbook.io/pentestbook/enumeration/webservices/github.md) - [WAFs](https://cyb3r.gitbook.io/pentestbook/enumeration/webservices/wafs.md) - [Firebird](https://cyb3r.gitbook.io/pentestbook/enumeration/webservices/firebird.md) - [WebDav](https://cyb3r.gitbook.io/pentestbook/enumeration/webservices/webdav.md) - [Jenkins](https://cyb3r.gitbook.io/pentestbook/enumeration/webservices/jenkins.md) - [IIS](https://cyb3r.gitbook.io/pentestbook/enumeration/webservices/iis.md) - [VHosts](https://cyb3r.gitbook.io/pentestbook/enumeration/webservices/vhosts.md) - [Firebase](https://cyb3r.gitbook.io/pentestbook/enumeration/webservices/firebase.md) - [OWA](https://cyb3r.gitbook.io/pentestbook/enumeration/webservices/owa.md) - [OAuth](https://cyb3r.gitbook.io/pentestbook/enumeration/webservices/oauth.md) - [Flask](https://cyb3r.gitbook.io/pentestbook/enumeration/webservices/flask.md) - [Symfony && Twig](https://cyb3r.gitbook.io/pentestbook/enumeration/webservices/symfony-and-and-twig.md) - [NoSQL (MongoDB, CouchDB)](https://cyb3r.gitbook.io/pentestbook/enumeration/webservices/nosql-and-and-mongodb.md) - [PHP](https://cyb3r.gitbook.io/pentestbook/enumeration/webservices/php.md) - [RoR (Ruby on Rails)](https://cyb3r.gitbook.io/pentestbook/enumeration/webservices/ror-ruby-on-rails.md) - [JBoss - Java Deserialization](https://cyb3r.gitbook.io/pentestbook/enumeration/webservices/jboss-java-deserialization.md) - [OneLogin - SAML Login](https://cyb3r.gitbook.io/pentestbook/enumeration/webservices/onelogin-saml-login.md) - [Flash SWF](https://cyb3r.gitbook.io/pentestbook/enumeration/webservices/flash-swf.md) - [Nginx](https://cyb3r.gitbook.io/pentestbook/enumeration/webservices/nginx.md) - [Python](https://cyb3r.gitbook.io/pentestbook/enumeration/webservices/python.md) - [Adobe AEM](https://cyb3r.gitbook.io/pentestbook/enumeration/webservices/adobe-aem.md) - [Magento](https://cyb3r.gitbook.io/pentestbook/enumeration/webservices/magento.md) - [SAP](https://cyb3r.gitbook.io/pentestbook/enumeration/webservices/sap.md) - [MFA](https://cyb3r.gitbook.io/pentestbook/enumeration/webservices/mfa.md) - [GWT](https://cyb3r.gitbook.io/pentestbook/enumeration/webservices/gwt.md) - [Jira](https://cyb3r.gitbook.io/pentestbook/enumeration/webservices/jira.md) - [OIDC (Open ID Connect)](https://cyb3r.gitbook.io/pentestbook/enumeration/webservices/oidc-open-id-connect.md) - [ELK](https://cyb3r.gitbook.io/pentestbook/enumeration/webservices/elk.md) - [Sharepoint](https://cyb3r.gitbook.io/pentestbook/enumeration/webservices/sharepoint.md) - [Others](https://cyb3r.gitbook.io/pentestbook/enumeration/webservices/others.md) - [Cloud](https://cyb3r.gitbook.io/pentestbook/enumeration/cloud.md) - [General](https://cyb3r.gitbook.io/pentestbook/enumeration/cloud/general.md) - [Cloud Info Gathering](https://cyb3r.gitbook.io/pentestbook/enumeration/cloud/cloud-info-recon.md) - [AWS](https://cyb3r.gitbook.io/pentestbook/enumeration/cloud/aws.md) - [Azure](https://cyb3r.gitbook.io/pentestbook/enumeration/cloud/azure.md) - [GCP](https://cyb3r.gitbook.io/pentestbook/enumeration/cloud/gcp.md) - [Docker && Kubernetes](https://cyb3r.gitbook.io/pentestbook/enumeration/cloud/docker-and-and-kubernetes.md) - [CDN - Comain Fronting](https://cyb3r.gitbook.io/pentestbook/enumeration/cloud/cdn-comain-fronting.md) - [Files](https://cyb3r.gitbook.io/pentestbook/enumeration/files.md) - [SSL/TLS](https://cyb3r.gitbook.io/pentestbook/enumeration/ssl-tls.md) - [Ports](https://cyb3r.gitbook.io/pentestbook/enumeration/ports.md) --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://cyb3r.gitbook.io/pentestbook/enumeration.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.