Web Testing

Cheatsheet-style reference for web application security testing. This page contains common commands, techniques, and tools used during web application penetration testing.

Port Scanning

nmap -sC -sV -oA scan target.com

Basic port scan with version detection and default scripts.

Directory Enumeration

ffuf -w wordlist.txt -u http://target.com/FUZZ

Fast web fuzzer for discovering hidden directories and files.

Subdomain Discovery

subfinder -d target.com -o subdomains.txt

Passive subdomain enumeration using multiple data sources.

Web Testing

Enumeration

Port Scanning

Directory Enumeration

Subdomain Discovery

Authentication & Sessions

Input Validation & XSS

File Uploads

Common Tools & Commands