**
web security attack and defense articles to collect information -1-
**
whois query methods
1.web接口查询
https://whois.aliyun.com
https://www.whois365.com/cn
https://whois.chinaz.com
https://whois.aizhan.com
2.通过whois命令行查询
例:whois aliyun.com(在kali中执行)
Collect information subdomain
where prefix before the top-level domain is a subdomain of the top-level domain, subdomain in the general level below the top-level domain protective measures, we can start with either the site started slowly to its top-level subdomain domain near
Subdomain excavation tool
1.Maltego CE
2.wydomain
(在kali中输入git clone https://github.com/ring04h/wydomain 命令可直接下载到kali中)
GitHub地址: https://github.com/ring04h/wydomain
3.搜索引擎查询
site:baidu.com
4.第三方网站查询
https://tool.chinaz.com/subdomain
https://dnsdumpster.com
https://whois.chinaz.com
https://whois.aizhan.com
Port information inquiry
principle: the use of protocols such as TCP or UDP packets sent to the destination port specified flag or the like, waiting for the target return packet, thereby determining port status
1.nmap probe (gods eye): nmap -A - v -T4 domain
2. use online sites to detect (not detect local): https: //tool.chinaz.com/port/
Collect sensitive information
Google hacking syntax:
intext: search text content Example: intext: Site Management
intitle: search Title Content Example: intext: Admin
filetype: searches for the specified file format Example: filetype: TXT
inurl: search for a specific URL Example: inurl:? PHP the above mentioned id
Site : search for a specific site Example: site: baidu.com
info: specify the search pages of information example: info: baidu.com
HTTP response collection server information
to communicate via HTTP or HTTPS to the target site, the message server header and X-Powered-By header target response will be exposed to the target server and programming language information used, there can be use for through this information vulnerability try