Page 218 - Hands-On Bug Hunting for Penetration Testers
P. 218
Going Further Chapter 13
Fingerprinting
Fingerprinting is the process of gathering system information that allows you to identify
data about the OS and specs of a target application's environmentbdata that can help you
tune your engagement strategy. Detecting the hosting service, server OS type (if that's the
backend) and version, the application language and framework, any included third-party
libraries, and publicly-viewable API integrations, is all an essential part of the discovery
process.
Fuzzing
Fuzzing consists of bombarding an application with different permutations of information
in an attempt to reveal weaknesses through a repeated, high-speed process of trial and
error. Fuzzing tools usually ingest either a pattern or a dictionary of fuzzing inputs to build
the series of attack strings they will submit to the target application.
Google Dorks
Google Dorks are search queries that can be used to return sites that are possibly
susceptible to certain vulnerabilities (depending on the query used). We discuss Google
Dorks in greater detail in our chapter on SQL injection.
Known Component Vulnerabilities
A known component vulnerability is a previously-discovered and reported vulnerability. It
often features a CVE ID that can be used to incorporate the finding into scanning databases
and tools designed to discover instances of the vulnerability in a consistent, reproducible
way. We talk about component vulnerabilities in the $IBQUFS , Framework and Application-
Specific Vulnerabilities.
OSINT
Open source intelligence is the practice of collecting information about a target from public
records (domain registrar records, official documents, social network profiles, participation
in public forums or other digital spaces, and other sources) that can be used to assist in
other intelligence-gathering activities, such as compromising passwords or enabling
targeted social engineering (spear phishing, whaling, and so on).
[ 203 ]
