(NIC = need internet connection)

• HEADER

GET the header result to have a preview

• DNS INFORMATION

GET the website DNS informations

• Let's Debug information

Check certificate on the website | https://letsdebug.net/ (NIC)

• CMS

Check if the website made with a CMS, this version and if this have CVE | https://whatcms.org/ (NIC)

• WAF

Check if the website have a WAF | https://github.com/EnableSecurity/wafw00f

• Wayback Check

Check endpoints in the wayback machine (NIC)

• Check in Github

I think the title is pretty self-explanatory 😊 (NIC)

• CSE

Check in the google CSE for potentialy found buckets, aws etc... You can add your own API KEY in modules/google_dork.py on line 106 (api_key =) | https://github.com/nightwatchcybersecurity/public-cloud-storage-search (NIC)

• GOOGLE DORK

Need more explanations ? 😋 (NIC)

• Firebaseio Check

Check in the firebaseio to potentialy have databases (NIC)

• Localhost host

Do a "host: localhost" in header, scan with localhost host to bypass waf or restriction

• Vhosts misconfiguration

Checks if the ip or a different www exists and if it is similar or identical to the index page of the website

• Domain backup

Check if a backup or an archive of the website exists (toto.com/toto.zip)

• Websocket

Check if websockets exists