1. CMS fingerprint recognition
CMS (Content Management System), also known as the whole station system or article system website content management. Users only need to download the corresponding CMS
software package , deploy and build, and then they can directly use the CMS, which is simple and convenient. But all kinds of CMS have their unique structure naming rules and certain
file contents, so you can use these contents to obtain the specific software CMS and version of the CMS site.
Common CMs: dedecms (dream weaving), Discuz, Phpcms, etc.
CMS identification tool:
1. Online website identification: yunsee.cn-2.0
TideFinger tidal fingerprint TideFinger tidal fingerprint
WhatWeb - Next generation web scanner.
2. Local tools:
Yujian web fingerprint identification program: (download, install and use in windows) Yujian web fingerprint identification system download_Yujian web fingerprint identification system official download-Pacific Download Center (pconline.com.cn)
Dayu CMS identification program: GitHub - Ms0x0/Dayu: An open source fingerprint identification tool. (download, install and use in kali)
Query for CMS Vulnerabilities
For the queried cms, you can use
http://www.anquan.us/
https://bugs.shuimugan.com
Detection of Sensitive Directory Information
It is very important to detect the target web directory structure and sensitive hidden files. During the detection process, it is very likely to detect background pages, upload pages, database files, and even website source code file compression packages.
Detection tools: 1. Yujian background scanning tool (attached Yujian download link: link: https://pan.xunlei.com/s/VMlOoYWlg25SrmcUJbVvKAmVA1
Extraction code: cr3e
Copy this content and open the mobile phone Thunder App, it is more convenient to view)
2. wwwscan command line tool
3. dirb command line tool - open kali, enter dirb and press enter, dirb baidu.com press enter to start detection
4. Dirbuster scanning tool - open kali, enter dirbuster and press Enter to open the tool
wordpress test
WordPress is a blogging platform developed with PHP language, and users can set up their own websites on servers that support PHP and MySQL databases. You can also use WordPress as a content management system (CMS).
For wordpress testing, you can use the wpscan tool for corresponding security testing.
Open the kali terminal and enter wpscan --url xxxx.xxxxxxxx.com (wpscan --url website)
2. WAF
Protection products for web application attacks
Awesome-WAF project:
https://github.com/0xInfection/Awesome-WAF
Detection script wafw00f:
https://github.com/EnableSecurity/wafw00f
kali下安装wafw00f
git clone https://github.com/EnableSecurity/wafw00f
cd wafw00f
python setup.py install
3. CDN
CDN: Content Delivery Network
The basic idea is to avoid bottlenecks and links on the Internet that may affect the speed and stability of data transmission as much as possible, so as to make content transmission faster and more stable
Improve network load times, reduce server load, reduce costs, and improve network security
CDN detection
Domestic online CDN cloud observation http://cdn.chinaz.com
Foreign online CDNplanet https://www.cdnplanet.com
Script detection: xcdn https://github.com/3xp10it/xcdn install xcdn git clone https
under kali https://github.com/3xp10it/xcdn
4. Common ways to find real IP:
Super ping: Ping servers in multiple locations, website speed test- Webmaster Tools
Historical analysis:
Weibu Online: Weibu Online X Intelligence Community-Threat Intelligence Query_Threat Analysis Platform_Open Community
Historical Whois: https://www.benmi.com/whoishistory/
Historical hosting: https://toolbar.netcraft.com/site_report?url=
Internal mailbox source: the other party sends an email, check the source IP of the email
Second-level domain name: Find the sub-domain name and find the unbound CDN site.
Mobile App: Use Brup to grab and collect App data packets
WeChat public account: Use Brup to grab the WeChat public account data package
Foreign ping:
ping.ge: http://www.ping.pe
Overseas Speed Test: Overseas Internet Speed Test - Webmaster Tools
Cyberspace Search Engine: fofa: https://fofa.so