# Enumeration - [Files](https://www.pentest-book.com/enumeration/files.md) - [SSL/TLS](https://www.pentest-book.com/enumeration/ssl-tls.md) - [Ports](https://www.pentest-book.com/enumeration/ports.md) - [Web Attacks](https://www.pentest-book.com/enumeration/web.md) - [General Info](https://www.pentest-book.com/enumeration/web/general-info.md) - [Quick tricks](https://www.pentest-book.com/enumeration/web/quick-tricks.md) - [Header injections](https://www.pentest-book.com/enumeration/web/header-injections.md) - [Bruteforcing](https://www.pentest-book.com/enumeration/web/bruteforcing.md) - [Online hashes cracked](https://www.pentest-book.com/enumeration/web/online-hashes-cracked.md) - [Crawl/Fuzz](https://www.pentest-book.com/enumeration/web/crawl-fuzz.md) - [LFI/RFI](https://www.pentest-book.com/enumeration/web/lfi-rfi.md) - [File upload](https://www.pentest-book.com/enumeration/web/upload-bypasses.md) - [SQLi](https://www.pentest-book.com/enumeration/web/sqli.md) - [SSRF](https://www.pentest-book.com/enumeration/web/ssrf.md) - [Open redirects](https://www.pentest-book.com/enumeration/web/open-redirects.md) - [XSS](https://www.pentest-book.com/enumeration/web/xss.md) - [CSP](https://www.pentest-book.com/enumeration/web/csp.md) - [XXE](https://www.pentest-book.com/enumeration/web/xxe.md) - [Cookie Padding](https://www.pentest-book.com/enumeration/web/cookie-padding.md) - [Webshells](https://www.pentest-book.com/enumeration/web/web-shells.md) - [CORS](https://www.pentest-book.com/enumeration/web/cors.md) - [CSRF](https://www.pentest-book.com/enumeration/web/csrf.md) - [Web Cache Poisoning](https://www.pentest-book.com/enumeration/web/web-cache-poisoning.md) - [Broken Links](https://www.pentest-book.com/enumeration/web/broken-links.md) - [Clickjacking](https://www.pentest-book.com/enumeration/web/clickjacking.md) - [HTTP Request Smuggling](https://www.pentest-book.com/enumeration/web/request-smuggling.md) - [Web Sockets](https://www.pentest-book.com/enumeration/web/web-sockets.md) - [CRLF](https://www.pentest-book.com/enumeration/web/crlf.md) - [IDOR](https://www.pentest-book.com/enumeration/web/idor.md) - [Web Cache Deception](https://www.pentest-book.com/enumeration/web/web-cache-deception.md) - [Session fixation](https://www.pentest-book.com/enumeration/web/session-fixation.md) - [Email attacks](https://www.pentest-book.com/enumeration/web/email-attacks.md) - [Pastejacking](https://www.pentest-book.com/enumeration/web/pastejacking.md) - [HTTP Parameter pollution](https://www.pentest-book.com/enumeration/web/parameter-pollution.md) - [SSTI](https://www.pentest-book.com/enumeration/web/ssti.md) - [Prototype Pollution](https://www.pentest-book.com/enumeration/web/prototype-pollution.md) - [Command Injection](https://www.pentest-book.com/enumeration/web/command-injection.md) - [Deserialization](https://www.pentest-book.com/enumeration/web/deserialization.md) - [DNS rebinding](https://www.pentest-book.com/enumeration/web/dns-rebinding.md) - [API Security](https://www.pentest-book.com/enumeration/web/api-security.md) - [Supply Chain Attacks](https://www.pentest-book.com/enumeration/web/supply-chain.md) - [Race Conditions](https://www.pentest-book.com/enumeration/web/race-conditions.md) - [GraphQL Deep Dive](https://www.pentest-book.com/enumeration/web/graphql-deep.md) - [OAuth/PKCE Attacks](https://www.pentest-book.com/enumeration/web/oauth-attacks.md) - [VHosts](https://www.pentest-book.com/enumeration/web/vhosts.md) - [Tabnabbing](https://www.pentest-book.com/enumeration/web/tabnabbing.md) - [Web Technologies](https://www.pentest-book.com/enumeration/webservices.md) - [APIs](https://www.pentest-book.com/enumeration/webservices/apis.md) - [JS](https://www.pentest-book.com/enumeration/webservices/js.md) - [ASP.NET](https://www.pentest-book.com/enumeration/webservices/.net.md) - [JWT](https://www.pentest-book.com/enumeration/webservices/jwt.md) - [GitHub](https://www.pentest-book.com/enumeration/webservices/github.md) - [GitLab](https://www.pentest-book.com/enumeration/webservices/gitlab.md) - [WAFs](https://www.pentest-book.com/enumeration/webservices/wafs.md) - [Firebird](https://www.pentest-book.com/enumeration/webservices/firebird.md) - [Wordpress](https://www.pentest-book.com/enumeration/webservices/wordpress.md) - [WebDav](https://www.pentest-book.com/enumeration/webservices/webdav.md) - [Joomla](https://www.pentest-book.com/enumeration/webservices/joomla.md) - [Jenkins](https://www.pentest-book.com/enumeration/webservices/jenkins.md) - [IIS](https://www.pentest-book.com/enumeration/webservices/iis.md) - [VHosts](https://www.pentest-book.com/enumeration/webservices/vhosts.md) - [Firebase](https://www.pentest-book.com/enumeration/webservices/firebase.md) - [OWA](https://www.pentest-book.com/enumeration/webservices/owa.md) - [OAuth](https://www.pentest-book.com/enumeration/webservices/oauth.md) - [Flask](https://www.pentest-book.com/enumeration/webservices/flask.md) - [Symfony && Twig](https://www.pentest-book.com/enumeration/webservices/symfony-and-and-twig.md) - [Drupal](https://www.pentest-book.com/enumeration/webservices/drupal.md) - [NoSQL (MongoDB, CouchDB)](https://www.pentest-book.com/enumeration/webservices/nosql-and-and-mongodb.md) - [PHP](https://www.pentest-book.com/enumeration/webservices/php.md) - [RoR (Ruby on Rails)](https://www.pentest-book.com/enumeration/webservices/ror-ruby-on-rails.md) - [JBoss - Java Deserialization](https://www.pentest-book.com/enumeration/webservices/jboss-java-deserialization.md) - [OneLogin - SAML Login](https://www.pentest-book.com/enumeration/webservices/onelogin-saml-login.md) - [Flash SWF](https://www.pentest-book.com/enumeration/webservices/flash-swf.md) - [Nginx](https://www.pentest-book.com/enumeration/webservices/nginx.md) - [Python](https://www.pentest-book.com/enumeration/webservices/python.md) - [Tomcat](https://www.pentest-book.com/enumeration/webservices/tomcat.md) - [Adobe AEM](https://www.pentest-book.com/enumeration/webservices/adobe-aem.md) - [Magento](https://www.pentest-book.com/enumeration/webservices/magento.md) - [SAP](https://www.pentest-book.com/enumeration/webservices/sap.md) - [MFA/2FA](https://www.pentest-book.com/enumeration/webservices/mfa.md) - [GWT](https://www.pentest-book.com/enumeration/webservices/gwt.md) - [Jira](https://www.pentest-book.com/enumeration/webservices/jira.md) - [OIDC (Open ID Connect)](https://www.pentest-book.com/enumeration/webservices/oidc-open-id-connect.md) - [ELK](https://www.pentest-book.com/enumeration/webservices/elk.md) - [Sharepoint](https://www.pentest-book.com/enumeration/webservices/sharepoint.md) - [CI/CD Security](https://www.pentest-book.com/enumeration/webservices/ci-cd-security.md) - [SaaS Testing](https://www.pentest-book.com/enumeration/webservices/saas-testing.md) - [Others](https://www.pentest-book.com/enumeration/webservices/others.md) - [Cloud](https://www.pentest-book.com/enumeration/cloud.md) - [General](https://www.pentest-book.com/enumeration/cloud/general.md) - [Cloud Info Gathering](https://www.pentest-book.com/enumeration/cloud/cloud-info-recon.md) - [AWS](https://www.pentest-book.com/enumeration/cloud/aws.md) - [Azure](https://www.pentest-book.com/enumeration/cloud/azure.md) - [GCP](https://www.pentest-book.com/enumeration/cloud/gcp.md) - [Docker && Kubernetes](https://www.pentest-book.com/enumeration/cloud/docker-and-and-kubernetes.md) - [Serverless Security](https://www.pentest-book.com/enumeration/cloud/serverless.md) - [CDN - Comain Fronting](https://www.pentest-book.com/enumeration/cloud/cdn-comain-fronting.md) - [Cloud AI Security](https://www.pentest-book.com/enumeration/cloud/cloud-ai-security.md) - [K8s Admission Bypass](https://www.pentest-book.com/enumeration/cloud/k8s-admission-bypass.md) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://www.pentest-book.com/enumeration.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.