Introduction
The black box test attack launched from the external network, because of ignorance of the target network, the attacker first collects a large amount of information as much as he can to pave the way for the later attack. The collection of information is very normal, and it determines Whether the attacker can accurately locate the loopholes in the target network security line of defense, of course, information collection also plays a role in daily life, "knowing oneself, knowing the enemy, a hundred battles will never end."
collect
Edge information collection
- The structure of the network system company (Tianyancha)
- Important institutional branches
- Internal employee account composition
- Identification method
- Email address
- Social network accounts and information
- Network habits of administrators
Network information collection
- Google Hacking
- whois query (webmaster's home)
- DNS domain name query
- Fingerprint scanning (Yunxi, Weibu)
- Directory Scan (Royal Sword)
- Subdomain: (subBrute, knockpy, layer subdomain mining machine, github collection subdomain)
- Side station: the station under the same IP
- C-segment scan
- Sensitive directory\information leakage (Goole grammar, Zhong Kui's Eye, fofa, shodan)
- CDN
Port/service information collection
- Port scan: port corresponding service, you can try port intrusion
Vulnerability scan
- Operating system vulnerability scanning: Nessus
- Web page service scanning: appscan, awvs