paradox-echo

pentesting

Stages of pentesting

  1. recon
    • passive
      ====== dorking ======

      Dorking is an advanced application of search engine search operators — using a search engine to hunt for specific vulnerable devices, exploitable files, sensitive data and so on through specific search strings.

      Examples:
      google - allintext:password filetype:log
      google - filetype:env "DB_PASSWORD"

    • active
  2. review & filter
  3. access
  4. maintain access
  5. clean traces
  6. reporting