Information collection (3) Port and directory information collection

Information Collection (1) Domain Name Information Collection
Information Collection (2) IP Information Collection

what is port

"Port" is the free translation of English port, which can be considered as the outlet for communication between the device and the outside world. Ports can be divided into virtual ports and physical ports, where virtual ports refer to ports inside the computer or in the switch router, which are invisible. For example, port 80, port 21, port 23, etc. in the computer. A physical port is also called an interface, which is a visible port, an RJ45 network port on the back panel of a computer, and an RJ45 port such as a switch router hub. Telephone use RJ11 jack also belongs to the category of physical port. If the IP address is compared to a house, the port is the door to and from the house. A real house has only a few doors, but an IP address can have as many as 65536 (ie: 2^16) ports! The port is marked by the port number, the port number is only an integer, and the range is from 0 to 65535

We usually scan these ports, one is to check the open services, and the other is to check the target assets, so as to pave the way for our subsequent infiltration behavior

Nmap scan port

Nmap scan single ip

nmap 127.0.0.1

Nmap scan entire subnet

nmap 192.168.0.1/24

Nmap parameter syntax:

nmap
-sV
版本检测、使用版本检测扫描之前需要先扫描开放了哪些端口
-PN
参数可以绕过PING命令，用于远程主机是存活在网络上的，目标主机禁ping的情况下
-A
使用所有高级扫描选项；全端口扫描
-O
操作系统探测；
-T
设置扫描速度，1-6 
-sP
主机存活性扫描，arp直连方式

Masscan scan port

masscan 127.0.0.1 -p 1-65535

Directory Information Collection

What is directory scanning

Directory scanning allows us to see how many directories and pages exist on this website, and explore the overall structure of the website.

Through directory scanning, we can also scan sensitive files, background files, database files, and information disclosure files, etc.

dirsearch directory scan

Download address: dirsearch download address

Scan target urls with default settings:

python3 dirsearch.py -u https://target

Scan the target url with a dictionary whose file extension is php, html, js:

python3 dirsearch.py -e php,html,js -u https://target

Specify the thread (it is not recommended to adjust the number of threads too large, which may affect the scanning results)

python3 dirsearch.py -e bak,zip,tgz,txt -u https://target -t 30
-u,--url                    目标url
-t,--threads         		线程数