Use search engines to collect information 1
GoogleHacking
common grammar
Intext: (only valid for Google, use text as keywords)
Intitle: (use tags as keywords)
Cache: (cache content, find valuable things in expired content) such as Baidu snapshot
Filetype: (Search for the specified file type)
Inurl: (Search for urls containing specified characters) Targeted search to the background address web page injection (inurl: asp? id=) These web pages searched may have injection points.
Site: (Search for related content on the designated site) Used to combine site XXX.com intext/intitle/cache/inurl/filetype:
add "" to search for keywords or search for several keywords at the same time link to search for a
typical website link Usage
Find the management background
Site: xxx.com intext: Management|Background|Login|Username|Password|Account|System
Site: xxx.com inurl: login|admin|manage|manager|admin_login/system
Site:xxx.comintitle:Background |Login|Manage
Upload vulnerability
Site: xxx.com inurl:file
Site:xxx.com inurl:upload
Find the injection interface:
Site:xxx.com inurl:php?id=
Find the editing interface
Site:xxx.com inurl:ewebeditor
Collect information through the target site,
usually just a known website name or ip address. The
first step is to penetrate these known sites. Information digs out more information, but because the target site configuration is unknown, in order to avoid triggering the firewall, do not use tools to actively collect it. It is recommended to collect information first, that is, collect information from the page or use third-party webmaster tools.
Webmaster Tools
Enter URL->ip->Port Scan (preliminary) to
check subdomains;
use tools to collect information
Window platform commonly used tools and methods
1 Use DOS command
Ping: network connectivity test
Arp display modification address resolution
Tracert: display routing
Nslookup: Domain name system query
telnet: test whether to open the remote desktop
netstat: view all open ports of the local machine
nbtstat: get NetBIOS information
ftp: test the remote host with ftp open
net: the most important command, you need to be proficient in every subcommand
2 Use tools Collecting information
Common tools
AWVS AppScan Zenmap Dirbuster Yujian series scanning tool
Layer subdomain name excavator
Maltego
AWVS Nmap is necessary for query information.
Browser plug- in for the background Yujian 3
Firefox: showIP HttpFox COOKIE WATCHER header spy wappalyzer flagfox domaindetails
KALI:
Enumeration service
DNS enumeration tool dnaenum fierce
Snmp enumeration tool snmpwaik to
test network range
Domain name query tool Dmitry
trace route query tool Scapy to
identify active hosts, view open ports, system fingerprint identification, service fingerprint identification