Attacking applications can be as simple as drag and drop while sometimes it can take weeks to make successful attack. Jumping directly into scripts, trying random stuff won't help every time but proper map. Have your map up on screen to minimize risks of distraction.
Map can save your hours even weeks from trying random stuff to no output. Clear goals, your methodology, footprinting, and scanning in map will let you explore hidden functionalities, directories and domains in application. Trying shodan, Google and Github dorking will increase your chances of finding more juicy stuff.
I do start attack by:
- Nmap, Gobuster, and Waybackurls
- Google, Shodan, Github dorking
- Subdomain enumeration, brute forcing endpoints "helps in finding sensitive information and directory traversals"
After scanning and footprinting, I do review everything till that moment, I already have stuff required to launch successful attack. To be honest, I do try scripts, automation tools and oneliners at the end of day to review stuff left uncovered.
Manual attack not only helps me out in understanding each step but adding more knowledge and experience to my skills. Automation helps in enjoying fancy screens and scripts running down the screen as if am getting video taped for hacking movie. LOL