Common reconnaissance phase steps on HackTheBox machines (or during penetration testing).
Port Scanning
When obtaining the IP address of a HackTheBox machine, one essential task is to perform port scanning. The most powerful tool for conducting port scanning is nmap.
whatwebhttps://blog.linuxsec.org-a3-v# Example output:Status:200OKTitle:LinuxSecBlog— Linux Tutorial for BeginnersIP:104.21.95.121Country:UNITEDSTATES,US......
wafw00f
wafw00fhttps://blog.linuxsec.org# Example output:.........
[*] Checking https://blog.linuxsec.org[+] The site https://blog.linuxsec.org is behind Cloudflare (CloudflareInc.) WAF.[~] Number of requests: 2
https://github.com/m4ll0k/SecretFinder - SecretFinder is a python script based on LinkFinder, written to discover sensitive data like apikeys, accesstoken, authorizations, jwt,..etc in JavaScript files.
Note: This page is incomplete and will be regularly updated. If you have any ideas or resources that need to be added, please contact me at yuyudhn@gmail.com.