ctf-recon
CTF Reconnaissance & Enumeration
Web Reconnaissance
Initial Checks
# Fetch and inspect
curl -v http://target/
curl -s http://target/ | head -100
# Check common paths
for path in robots.txt sitemap.xml .env .git/HEAD .well-known/ admin api debug; do
code=$(curl -s -o /dev/null -w "%{http_code}" "http://target/$path")
[ "$code" != "404" ] && echo "[+] /$path -> $code"
done
# Response headers
curl -sI http://target/ | grep -iE "(server|x-|powered|content-type|set-cookie)"
More from ramzxy/ctf
ctf-osint
Open Source Intelligence techniques for CTF challenges. Use when gathering information from public sources, social media, geolocation, or identifying unknown data.
22ctf-reverse
Reverse engineering techniques for CTF challenges. Use when analyzing binaries, game clients, obfuscated code, or esoteric languages.
20ctf-stego
Steganography techniques for CTF challenges. Use when data is hidden in images, audio, video, or other media files.
19ctf-web
Web exploitation techniques for CTF challenges. Use when solving web security challenges involving XSS, SQLi, CSRF, file upload bypasses, JWT attacks, Web3/blockchain exploits, or other web vulnerabilities.
15ctf-pwn
Binary exploitation (pwn) techniques for CTF challenges. Use when exploiting buffer overflows, format strings, heap vulnerabilities, race conditions, or kernel bugs.
13write-exploit
Write, test, and iterate on CTF exploit scripts. Use when you need to develop a working exploit with a test-debug-fix loop against a live target.
13