Attackers may need to spend a lot of time identifying the vulnerabilities in specific pages/URL locations. Common tactics include cloning or downloading all available website information locally to narrow down the right entry point to exploit, and performing social engineering attacks in order to harvest email addresses and other relevant information.

It is also possible to copy a website directly to the tester's location. This allows the tester to review the directory structure and its contents, extract metadata from local files, and use the site's contents as an input to a program such as crunch, which will produce a personalized word list to support password cracking.

Once you have mapped out the basic structure of the website and/or web services that are being delivered, the next stage of the kill chain is to identify the vulnerabilities that can be exploited.

Kali provides an inbuilt application, httrack, which provides the option for the penetration tester to download all the website's contents to the local system. httrack is both a command-line and GUI utility, widely used to make a local copy of any website. Attackers can directly issue the httrack http://targetwebapp/ -O outputfolder command, as shown in the following screenshot:

Once httrack is complete, testers must be able to load the application locally and harvest information or identify the implementation flaw.