Bug Bounty Hub
  • πŸš€WELCOME
    • Bug Bounty Hub
    • BBH - Values
    • About the author
  • πŸ•ΈοΈPENTESTING WEB
    • Information Gathering
      • Enumerating ASN and IP blocks
      • Reverse IP Lookup
      • Scanning Open Ports/Services
      • Subdomain Enumeration
        • Active Subdomain Enumeration
        • Passive Subdomain Enumeration
        • Subdomain Permutations
        • Check Alive Subdomains
      • Subdomain Takeover
      • Fuzzing
      • JavaScript Files
      • Endpoints
      • Input Parameters
      • Mapping Attack Surface - Crawling/Spider
      • Fingerprinting
      • Potential Vulnerabilities - Nuclei
    • Client-Side Injection Attacks
    • Server-Side Vulnerabilities
      • Path Traversal/File Inclusion
      • Access Control
      • Authentication
      • Server-side Request Forgery (SSRF)
      • File upload vulnerabilities
      • OS Command Injection
      • SQL Injection
        • MySQL Injection
        • SQLi with SQLMap
    • Authentication
    • Insecure Direct Object Reference (IDOR)
    • Cross-Site Request Forgery Attacks
    • Business Logic Flaws
    • HTTP Verb Tampering
    • Bypass 401 & 403
    • Evading WAFs
    • Reporting
  • 🐣THE BASICS OF WEB
    • HTTP Methods
    • HTTP Response Codes
    • HTTP Headers
      • AWS S3 Buckets Headers
    • HTTP Cookies
    • Encoding
      • URL encoding
      • HTML encoding
      • Base 64 encoding
      • Unicode encoding
    • Web Browsers
      • Same-Origin Policy (SOP)
      • Content Security Policy (CSP)
      • Subresource Integrity Check (SIC)
    • Web Proxies
  • πŸ“šRESOURCES
    • Books
    • Web resources
    • CTF Platforms
  • πŸ”οΈBug Bounty Platforms
Powered by GitBook
On this page
  • Gospider
  • Katana

Was this helpful?

  1. PENTESTING WEB
  2. Information Gathering

Mapping Attack Surface - Crawling/Spider

Crawling or spidering an application is important for exploring its attack surface. This process involves enumerating the structure of the web application, including its navigation and content.

Gospider

# Crawling One Site
gospider --site $domain -o gospider-output.txt -c 10 --blacklist png,jpg,css,gif,svg,mp4,mov,avi,wmv,mp3,wav,ogg,woff,woff2

# Crawling a pool of sites in TXT file
gospider --sites scope.txt -o gospider-output.txt -c 10 --blacklist png,jpg,css,gif,svg,mp4,mov,avi,wmv,mp3,wav,ogg,woff,woff2

# Crawling an Active Session
gospider --site $domain --cookie "<COOKIE>"

Katana

echo $domain | katana -silent

PreviousInput ParametersNextFingerprinting

Last updated 5 months ago

Was this helpful?

πŸ•ΈοΈ