Information collected way
dns collect sensitive directory, port testing, Google grammar, subdomains probe, next to the station detection, c section inquiries, the whole point of recognition, waf detection, Website
dns collection (dns role by domain name resolves to ip) Webmaster tools (whois queries)
Sensitive directory harvest
There mysql directory management interface, background directory, upload directory, phpinfo, ro'bots.txt, the installation package, the installation page, crawling
Determine the type of site
Judge website scripting language (php, asp), operating system, build a platform, judge cms vendors
Background lookup method:
admin,admin/login.asp,manage,login.asp,,,,,,
Check the bottom of the page, view images properties, the use of tools to view, see robot.txt, search with google