Spidering and Other Data-Collection Techniques

Parallel to brute-forcing for sensitive assets, spidering can help you get a picture of a site that, without a sitemap, just brute-forcing itself can't provide. That link base can also be shared with other tools, pruned of any out-of-scope or irrelevant entries, and subjected to more in-depth analysis. There are a couple of useful spiders, each with its own advantages. The first one we'll cover, Burp's native spider functionality, is obviously a contender because it's part of (and integrates with) a tool that's probably already part of your toolset.