Web Attack Cheat Sheet

Discovering
Enumerating
Scanning
Monitoring
Attacking
Manual
AI
General

Discovering

Targets

Bounty Targets Data: Contains data dumps of Hackerone and Bugcrowd scopes.

Project Discovery Chaos: Maintains internet-wide assets' data for enhanced DNS insights.

curl -s -X POST -H "Content-Type: text/xml" ... --data-binary "SOAP request" https://autodiscover-s.outlook.com | xmllint --format -

Enumerating

Fingerprint

WhatWeb: Identifies web technologies like CMS, analytics packages, etc.

whatweb -a 4 -U 'Mozilla' -c 'cookie=here' -t 20 www.example.com

Scanning

Static Application Security Testing

Semgrep: Open-source, static analysis tool.

Monitoring

CVE

OpenCVE: Alerts you when a CVE is published or updated.

Attacking

Brute Force

Hydra: Security tool for brute-forcing various protocols.

hydra -l root -P passlist.txt www.example.com ssh

Manual

Payloads

Payloads All The Things: Collection of useful payloads for bypassing filters.

AI

LLM Vulnerabilities

LLM Attacks: Discusses web LLM attacks that exploit data, APIs, etc.

General

Print only response headers:

curl -skSL -D - https://www.example.com -o /dev/null

Web Attack Cheat Sheet

Discovering
Enumerating
Scanning
Monitoring
Attacking
Manual
AI
General

Discovering

Targets

Bounty Targets Data: Contains data dumps of Hackerone and Bugcrowd scopes.

Project Discovery Chaos: Maintains internet-wide assets' data for enhanced DNS insights.

curl -s -X POST -H "Content-Type: text/xml" ... --data-binary "SOAP request" https://autodiscover-s.outlook.com | xmllint --format -

Enumerating

Fingerprint

WhatWeb: Identifies web technologies like CMS, analytics packages, etc.

whatweb -a 4 -U 'Mozilla' -c 'cookie=here' -t 20 www.example.com

Scanning

Static Application Security Testing

Semgrep: Open-source, static analysis tool.

Monitoring

CVE

OpenCVE: Alerts you when a CVE is published or updated.

Attacking

Brute Force

Hydra: Security tool for brute-forcing various protocols.

hydra -l root -P passlist.txt www.example.com ssh

Manual

Payloads

Payloads All The Things: Collection of useful payloads for bypassing filters.

AI

LLM Vulnerabilities

LLM Attacks: Discusses web LLM attacks that exploit data, APIs, etc.

General

Print only response headers:

curl -skSL -D - https://www.example.com -o /dev/null

Web Attack Cheat Sheet

Table of Contents

Discovering

Targets

Enumerating

Fingerprint

Scanning

Static Application Security Testing

Monitoring

CVE

Attacking

Brute Force

Manual

Payloads

AI

LLM Vulnerabilities

General

Web Attack Cheat Sheet

Table of Contents

Discovering

Targets

Enumerating

Fingerprint

Scanning

Static Application Security Testing

Monitoring

CVE

Attacking

Brute Force

Manual

Payloads

AI

LLM Vulnerabilities

General