# ✅ Enumeration Checklist

IP & DNS Check

• Identify hosting details (e.g. behind a CDN like Cloudflare)
• Use nslookup, dig, or online tools to verify DNS records
• Determine if it’s hosted in a corporate network or cloud provider (AWS, Azure, etc.)

Common File Discovery

• Check for robots.txt, sitemap.xml, .git, .env, crossdomain.xml
• Use tools like dirsearch, feroxbuster, gobuster

Technology Stack Identification

• Use whatweb, Wappalyzer, browser extensions, or online tools
• Note versions of exposed technologies (except outdated jQuery 😉)
• Look for outdated CMS, plugins, or known vulnerable components

WAF Detection

• Use wafw00f or nmap -p80 --script http-waf-detect
• If a WAF is present, consider bypasses or rate-limiting IPs to avoid bans

Entry Point Discovery

• Identify forms, search fields, comment areas, file/image uploaders
• Look for reflection in URL or page content (possible XSS points)
• Note anything that might end up stored in the backend (DB, logs, etc.)