Review Webserver Metafiles for Information Leakage
OWASP
OWASP Web Security Testing Guide 4.2 > 1. Information Gathering > 1.3. Review Webserver Metafiles for Information Leakage
ID | Link to Hackinglife | Link to OWASP | Objectives |
---|---|---|---|
1.3 | WSTG-INFO-03 | Review Webserver Metafiles for Information Leakage | - Identify hidden or obfuscated paths and functionality through the analysis of metadata files (robots.txt, <META> tag, sitemap.xml) - Extract and map other information that could lead to a better understanding of the systems at hand. |
Searching for well-known files
- robots.txt
- sitemap.xml
- security.txt (proposed standard which allows websites to define security policies and contact details.)
- human.txt (initiative for knowing the people behind a website.)
Examining META tags
<META>
tags are located within the HEAD
section of each HTML document.
Robots directive can also be specified through the use of a specific META
tag.
If no META
tag is present, then the default is INDEX, FOLLOW
.
Other revealing META
tags.
The .well-known/ directory
Some of the files are these: https://www.iana.org/assignments/well-known-uris/well-known-uris.xhtml.
Last update: 2024-04-09 Created: December 24, 2023 11:19:43