Pentesting Reconnaissance Vulnerable Web Project

🌱 How to start this project?

Do not clone this repository! Just follow the instructions.

This exercise aims to teach students how to perform the reconnaissance phase on a vulnerable website (bWAPP in BeeBox VM).

Requirements

• bWAPP on BeeBox VM (use the one we did in previous projects).
• Kali Linux (attacker machine).
• Ensure you have a network configured in Bridged Networking mode so that BeeBox and your attacker machine can communicate.

Necessary Tools

• nslookup
• whois
• Sublist3r
• Nikto
• Gobuster
• Dirb
• SecLists repo by Daniel Miessler

📝 Instructions

Step 1: Service Enumeration

• Network Scan: Use nmap to identify the IP address of BeeBox VM.
• Service and Port Identification: Perform a port and service scan with nmap.

Step 2: Domain Information Gathering

• Use of nslookup:
• Use of whois:

Step 3: Vulnerability Scanning

• Use of Nikto:

Step 4: Directory and File Brute Forcing

• Use of Gobuster:
• Use of Dirb:

Step 5: Reconnaissance Report

• Environment Summary:
• Network Scan Results:
• Service Enumeration Results:
• Domain Information:
• Found Subdomains:
• Identified Vulnerabilities:
• Found Directories and Files:
• Analysis and Conclusions:

Delivery

• Detailed report in PDF format with all results and analysis:
  • Screenshots of the commands and relevant results
  • Any custom scripts or additional commands used during the process

Recommendations

• Document each step and result with screenshots and detailed descriptions.

• Use a clear and organized structure for the final report.

• Ensure you have the necessary permissions to perform pentesting in the configured environment.