Mapping web application resources can reveal important information about the tree and directory structure of your application, thereby revealing information about the software used, its version, or the programming language used in the construction. It consists in building a systematic view, which usually hierarchically shows what data the WEB application is built from. You can build a web app resource map in several ways:
- by reference to a txt file containing often entries to hidden paths to which they do not have to look at all kinds of crawlers and spiders. In the graphic below you can see a sample robots.txt file that reveals information about the programming language used – php, or the location of the administrator module – /admin/.
Figure. Sample robots.txt. Source: [robots]
- using tools called"spiders",which find references to various resources (graphics, scripts, links) in the page code and on this basis form the structure of the application resource tree. An example of such a tool is a module in Burp called Spider. In the example below, Burp Spider built an application map. This allowed, among other things, to know the location of the administration panel, the libraries used, or the programming language.
Figure. Application map built by Burp Spider. Source: [Own study]
