12/7/2022 THM - Content Discovery, Subdomain Enumeration

Question 1

How do you show HTML code in the browser?

Answer 1

view-source
OR
Inspect

Question 2

What does the “Robots.txt” file do?

Answer 2

Tells a search engine which directories to crawl and which ones to avoid

Question 3

How is the “Robots.txt” file useful (one sentence)?

Answer 3

Displays directories you may have not known existed.

Question 4

What does the “sitemap.xml” file do?

Answer 4

List every file the website owner wishes to be listed on the search engine

Question 5

How is the “sitemap.xml” file useful (one sentence)?

Answer 5

Discover OSINT information for later use.

Question 6

What is one way to retrieve HTTP Header Information?

Answer 6

curl [url] -v

Question 7

What is an online tool to identify what technologies a website is running (ie framework)?

Answer 7

Wappalyzer

Question 8

What is the syntax for S3 buckets?

Answer 8

{name}.s3.amazonaws.com

Question 9

Three common automated tools to perform content discovery?

Answer 9

ffef
dirb
gobuster

Question 10

What does CT stand for when dealing with certificates? Why is this important?

Answer 10

Certificate Transparency (CT)
- Publically accessible to ensure everyone uses trusted certs from trusted sources
crt.sh (Website)
entrust (Website)