Sitemap Recon Lab

Level 1 Recon & Enumeration simulation: learn how sitemap entries can reveal staging or internal-looking routes during recon.

Beginner

Recon & Enumeration • 20 min

This lab is a controlled simulation only. No real backend or dangerous code execution is used.

Objective 1

Review how sitemap.xml can expose application structure to anyone who can fetch it.

Objective 2

Identify unusual paths that may indicate staging or internal workflows.

Objective 3

Understand why route exposure matters even before deeper testing starts.

Use the input fields below to safely simulate the vulnerable behavior.

Sensitive Sitemap Path

Fake sitemap.xml

/home /login /staging-dashboard Submitted path: (none yet)

Review the fake sitemap and identify the route that looks like a sensitive staging or internal page a recon workflow would flag.

Reveal them progressively if you get stuck.

Click the hint button to reveal progressive guidance.