pentest-recon-attack-surface
Pentest Recon Attack Surface
Purpose
Perform comprehensive attack surface mapping by correlating three data sources: external network scans, authenticated browser exploration, and source code analysis. Produces a structured endpoint inventory with authorization metadata, role/privilege architecture, and prioritized authorization vulnerability candidates for downstream code review and exploitation.
Prerequisites
Authorization Requirements
- Written authorization with explicit scope for reconnaissance and source code access
- Source code access to the target application (white-box engagement)
- Test accounts at every privilege level (anonymous, user, admin, service)
- Network scan approval — confirm acceptable scan intensity with target owner
Environment Setup
- nmap, subfinder, httpx, whatweb for external reconnaissance
- Playwright with authenticated browser contexts
- katana or gospider for web crawling
- ffuf for content discovery
- semgrep and ripgrep for source code analysis
More from jd-opensource/joysafeter
pentest-osint-recon
Open Source Intelligence gathering and attack surface management for external reconnaissance.
89pentest-mobile-app
OWASP Mobile Top 10 security testing for Android and iOS — local storage, certificate pinning bypass, IPC abuse, and binary protections.
59pentest-api-deep
Deep OWASP API Security Top 10 testing for REST, GraphQL, gRPC, and WebSocket APIs — BFLA, mass assignment, rate limiting, and unsafe consumption.
58pentest-exploit-validation
Proof-driven exploitation with 4-level evidence system, bypass exhaustion protocol, mandatory evidence checklists, and strict EXPLOITED/POTENTIAL/FALSE_POSITIVE classification.
54pentest-ai-llm-security
AI/LLM application security testing — prompt injection, jailbreaking, data exfiltration, and insecure output handling per OWASP LLM Top 10.
54pentest-secrets-exposure
Discover hardcoded credentials, leaked API keys, exposed configuration files, sensitive data in artifacts, and information disclosure via error handling.
52