When you've narrowed down your search to the application you'd like to test, it's time to start collecting information. Getting a full sitemap, unmasking hidden content, and discovering artifacts left over from development (commented-out code, inline documentation, and so on) can help your narrow your focus to fertile areas. And by understanding what information you'll need for your vulnerability report, you can ensure you're collecting everything you need for when it's time to submit, right from the start.
This chapter discusses techniques to map your target application's attack surface, search the site for hidden directories and leftover (but accessible) services, make informed decisions about what tools to use in a pentesting session, and document your sessions for your eventual report.
We'll cover the following...
