Beginner hacking setup for Scanning Web Vulnerabilities, exploits , admin access

[glisenti]

Hello Administrators & Forum Members.

I would need a bit of guidance in regards to what would be the safest and easiest way to begin scanning URL's for Vulnerabilities and gain
access to admin shop credentials. where to begin if operating from a local PC ?

I have great ideas and projects if anyone is interested in working in a collaboration.

Initially my skills are specialized in sms spamming.

Please feel free to give your thoughts on where to begin if one is interested in scanning for Web Vulnerabilities.

Thank you.

 

[xyzz]

What scanner do you use?

 

[glisenti]

Acunetix

 

[gh0stman3]

bro, basically you explore each vulnerability and see for yourself if it's not a false positive.. if not, go further and dig deeper

 

[0x4809234098234]

I do what I call a phased approach. It begins with simply masscan an entire country's ASN. For the common web ports. Then, I narrow down and look at regions. I will start with 1 range and begin looking for headers. Stuff that is interesting I sort into a new list. You keep doing this and eventually you have a solid amount of IPs that can be popped.

 

[babyysmoove]

In regards to hardware for your "setup" get something with some good specs, GPU, CPU, and RAM of course. From there get familiar with different softwares and tools such as Nmap, Acunetix, and SQLmap and practice practice practice

 

[jhon]

A good approach would be to use a methodology, for example PTES skipping some initial phases of course, from there you will know which is the best tool or technique to use, acunetix is good but it comes with a lot of false positives and the security solutions that exist today they are very robust which forces us to explore manually.

 

[Prokhorenco]

There is a really good resource that teaches you all the common ways to gain initial access into company networks and pen test applications both web and network.

Initial Access Tactics, techniques and procedures: https://enlacehacktivista.org/index.php?title=Initial_Access_Tactics,_techniques_and_procedures
Scanning and Recon: https://enlacehacktivista.org/index.php?title=Scanning_and_Recon
Search Engines: https://enlacehacktivista.org/index.php?title=Search_Engines_Resources
OSINT: https://enlacehacktivista.org/index.php?title=OSINT_Tools_and_Resources