Later, the boy always depressed silence, quiet, and from work, listening to music brush vibrato, in a daze, stay up late, sorry, do not chat, day after day, you do. . .
1 domain name, the domain name found by the destination IP
corresponding to the IP collection (not considering CDN):
the ping command
nslookup
subdomain collected by other domain names to see if there are loopholes
Layer
theHarvester
-d -b baidu xxxx.com theHarvester.py
-d specified target
-b specify the search engine
whois information query: query target site owner's identity
爱站https://whois.aizhan.com
站长工具:http://whois.chinaz.com/
微步在线 https://x.threatbook.cn
2、敏感目录
robots.txt、后台目录、安装包(1.zip/2.zip等等)、上传目录(upload/upload.php/upfile.php等等)、mysql管理接口、安装页面、phpinfo、编辑器、iis短文件
常用工具:
御剑、dirbuster、wwwscan、IIS_shotname_Scanner、爬行菜刀、webrobot、burp
3、端口扫描,查看对方开了什么端口,从而找到可以利用的漏洞
PortScan
python main.py -d 目标ip -t 1000 -w 5
Pscan
python pscan.py --mode port --host 192.168.1.121 --port 80,8080 --thread 50
4、旁站C段,如果目标网站比较难攻破,可以从C段或旁站入手,C段前提必须在同一个网关
旁站:同服务器站点,
C段:同一网段的其他服务器
K8旁站,御剑1.5
5, the whole point of the analysis
server types: server platform, version, and so
websites container: IIS, Apache, Nginx, tomcat, etc.
script types: ASP, PHP, JSP, ASPX etc
database types: access, sqlserver, mysql, Oracle , postgresql etc.
CMS type: dedecms, kingcms etc.
WAF: D shield, pagoda, etc.
6, Google Hacker
intext: Find a site that contains a Web page keyword
intitle: search for a title
filetype: search for a file type
inurl: Find a website url in a field with the
site: Finding information in a certain domain name
7, information analysis
Website backstage look:
weak passwords default background: admin, admin / login.asp, manage , login.asp etc.
Check the web page links: Home Management landing there something similar
view website management system used to determine the background
CDN Workaround:
Find secondary domain name
for the server to take the initiative contract (e-mail)
query historical resolve ip
modify the hosts file
prohibits illegal, the consequences
welcome public attention number: web security tool library
