Active Reconnaissance
Active reconnaissance is the process of interacting directly with the target primarily through the use of scanning. We will use our recon to search for our target's APIs and any useful information.
During this process you will be scanning systems, enumerating open ports, and finding ports that have services using HTTP. Once you have found systems hosting HTTP, you can open a web browser and investigate the web application. You could find an API being advertised to end users or you may have to dig deeper. Finally, you can scan the web app for API-related directories. Essentially, you will be building out the target's API attack surface. During active recon we will use tools like: nmap, OWASP Amass, gobuster, kiterunner, and DevTools.
Last updated