# Content discovery / recon

Content discovery is a significant part of web application penetration testing or bug bounty hunting. This process involves identifying and mapping out components, endpoints, directories, functionality, and subdomains of a target web application.

Things we want to look at are:

* Subdomains
* Technology stack
* Directories and endpoints
* Parameters
* Functionality
* APIs
* JavaScript / fontend analysis
* Other open ports / services

## Checklist

**Web Server**

* [ ] &#x20;What is the server running?&#x20;
  * [ ] Operating system: Linux or Windows?&#x20;
  * [ ] Web server: Apache or Nginx? Etc
* [ ] &#x20;Can we identify the version of the Web Server?
* [ ] Are there any subdomains?

**Common files**

* [ ] robots.txt
* [ ] &#x20;sitemap.xml
* [ ] .htaccess
* [ ] &#x20;security.txt
* [ ] manifest.json
* [ ] browserconfig.xml
* [ ] etc

**Frontend checks**

* [ ] &#x20;Inspect the page source for frontend scripts & information
* [ ] &#x20;Is there any sensitive information in the frontend?
* [ ] Are there links and other things in the frontend that aren't used?

**Entry Points**

* [ ] What endpoints exist
* [ ] What HTTP methods are used
* [ ] What parameters are used
* [ ] Fuzz for hidden endpoints, files, parameters, methods, etc

**Map Application Architecture**

* [ ] &#x20;Step through the entire application


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://appsecexplained.gitbook.io/appsecexplained/discovery-recon/content-discovery-recon.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.