API Reconnaissance Flashcards
What are the 3 types of apis cited?
Public, partner and private
What is passive reconnaissance?
It’s the act of obtaining information about a target without directly interacting with the target’s systems.
What is the main goal of passive reconnaissance?
Is to find and document public information about your target’s attack surface.
How to specify an in title term (For example the term “api”) and a site in a google search?
intitle:”api” site:”site-name.com”
How to specify a path, a part of a path or url query string in a google search?
inurl:”/path/…”, inurl:”api.php?action=”
How to search for elements in text in a google search?
intext:”term”
How to search for an extension in github?
extension:extension-name
What is the google/github dorking technique?
It’s the act of using advanced search terms to make a passive reconnaissance of the target’s system.
How to search for a header in github?
“HEADER-NAME: Value”
How would you search for specific file names in github?
filename:<file.extension></file.extension>
What is active reconnaissance?
It’s the act of interacting with the target primarily through the use of scanning to search for the target’s apis and any useful information.
What does amass do? Is it a passive or active reconnaissance tool?
It maps the target’s external network by collecting OSINT from different sources. It can be configured to perform passive or active scans.
What are the main differences between Gobuster and Kiterunner?
Kiterunner is a more advanced tool for discovering api endpoints. It will use all HTTP request methods and mimic common api path structures.
Why is API Reconnaissance so important?
Because discovering api endpoints is the first step to perform an API attack. Also, a good recon can give you lots of useful information and even credentials like API Keys.
