Reconnaissance: The First Strike (of Information)

Before you can ethically 'attack' a web application, you need to understand it. This phase is all about gathering as much information as possible.

Key Activities:

• Identifying Technologies: What web server, frameworks, languages are used?
• Discovering Subdomains & Virtual Hosts.
• Finding Hidden Directories & Files.
• Understanding Application Functionality: How does it work? What are the user roles?
• Spidering/Crawling: Automatically discovering all accessible pages.

Tools like Nmap, Dirb/Dirbuster, Wappalyzer, and Burp Suite's spider are invaluable here. The more you know, the more attack vectors you might uncover. It's like casing a joint, but for good!