Practically speaking, the big question that you will ask yourself is, what do I need to find? You will need a solid checklist to refer to when it's time for your web intrusion test. That being said, here's a checklist that you can use for this step in the workflow:
- Robots.txt file
- Backup files (.bak, .old)
- Other interesting files (.xls, .doc, .pdf, .txt)
- Administration URL (for example, phpmyadmin, wp-admin)
- Debugging leftover pages and URLs
- Is CMS used? (WordPress)
If you find any item in the preceding list, check its contents for juicy information, including:
- Personal information
- Email addresses
- Credentials
- An entry point to another system (for example, WordPress)