网络安全--信息搜集片
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><strong style="color: blue;">1.whois信息</strong>:</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">whois指的是域名注册时留下的信息,<span style="color: black;">例如</span>留下管理员的名字、<span style="color: black;">tel</span>号码、邮箱。</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">域名注册人可能<span style="color: black;">便是</span>网站管理员,<span style="color: black;">能够</span>尝试社工、讨论,<span style="color: black;">查找</span>是不是注册了其他域名扩大攻击范围。</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">站长之家、https://whois.chinaz.com/等。</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><strong style="color: blue;">2.子域名:</strong></p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">经过</span>Goolge hacking语言寻找(爬取搜索引擎)。</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">经过</span>某些平台(微步社区、云悉资产)。</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">运用</span>工具爆破DNS服务器(SubBrute Knockpy github有下载)泛解析(<span style="color: black;">无</span>设置过的解析)。</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">网页内蜘蛛爬虫。</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">查找</span>域名证书。</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">(1)layer子域名挖掘机。</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">(2)dnsenum</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">com(用于<span style="color: black;">商场</span><span style="color: black;">机构</span>);</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">net(用于网络服务);</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">org(用于组织协会等);</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">gov (用于政府<span style="color: black;">分部</span>);</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">edu(用于教育<span style="color: black;">公司</span>);</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">mil(用于军事<span style="color: black;">行业</span>);</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">int(用于国际组织);</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">cn (中国)</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">重视</span>:edu<span style="color: black;">亦</span>是顶级域名,<span style="color: black;">然则</span>http://edu.cn/是二级域名</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><strong style="color: blue;">3.端口检测(Nmap):</strong></p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">有些危险端口开放了<span style="color: black;">咱们</span>就<span style="color: black;">能够</span>尝试入侵例如:445|3306|22|1433|6379。</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">能够</span>尝试爆破<span style="color: black;">或</span><span style="color: black;">运用</span>某些端口存在漏洞服务,<span style="color: black;">况且</span>有可能一台服务器上面<span style="color: black;">区别</span>端口<span style="color: black;">表率</span>着<span style="color: black;">区别</span>的web服务站。</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">同端口<span style="color: black;">表率</span>同一个服务器<span style="color: black;">或</span>内网。</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">端口:负责网络通信。</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">1433 3306端口 3389[远程服务协议] 1433</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">运用</span>Nmap,kali自带。</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">最简单的命令:namp 扫描<span style="color: black;">位置</span>。</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">重视</span>:namp扫描之后,会给对方服务器留下<span style="color: black;">海量</span>的日志和<span style="color: black;">海量</span>的请求。</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">curl:发起<span style="color: black;">拜访</span></p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">dict:字段协议[帮<span style="color: black;">咱们</span>探测端口开放的服务]。</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><strong style="color: blue;">4.指纹识别:</strong></p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">指纹识别<span style="color: black;">表率</span>身份,网站的指纹=网站的特征。</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">例如</span>:中间件、数据库、cms。</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">倘若</span>搜索cms漏洞时,搜索不到,<span style="color: black;">能够</span><span style="color: black;">运用</span>国家信息安全漏洞共享平台</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">能够</span><span style="color: black;">运用</span>:云悉资产、微步社区。</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">在线识别:</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">whatweb:https://www.whatweb.net/</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">bugscaner:</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">http://whatweb.bugscaner.com/</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">国内:</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">云悉指纹:https://www.yunsee.cn/</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">软件识别:</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">御剑web指纹识别。</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">识别出响应的cms<span style="color: black;">或</span>Web容器,<span style="color: black;">才可</span><span style="color: black;">查询</span>出<span style="color: black;">关联</span>漏洞。</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><strong style="color: blue;">5.旁站<span style="color: black;">查找</span>:</strong></p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">旁站指的是在同一ip上面的多个网站,<span style="color: black;">倘若</span>你成功拿下旁站,运气好和主张在同一台<span style="color: black;">设备</span>上,是不是就拿到了主站,<span style="color: black;">倘若</span>运气<span style="color: black;">欠好</span>是一个内网,<span style="color: black;">咱们</span>是不是<span style="color: black;">便是</span>尝试内网渗透。</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">能够</span><span style="color: black;">运用</span>站长之家,同ip网站<span style="color: black;">查找</span>就<span style="color: black;">能够</span></p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">在线旁站<span style="color: black;">查找</span>:https://phpinfo.me/</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">想要绕过CDN,就要判断<span style="color: black;">是不是</span>存在CDN,采用多地点:ping。</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><strong style="color: blue;">6.C段扫描</strong>:</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">C段:x.x.x.1-255,例如:192.168.1.1-192.168.1.1-255都属于C段,有些大<span style="color: black;">机构</span>可能会持有<span style="color: black;">全部</span>IP段,这个IP段中所有IP都是这个<span style="color: black;">机构</span>的资产,拿下一台可能有用的信息,可能在同一内网内,<span style="color: black;">亦</span>可能是同一份信息资产。</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">站长之家</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><strong style="color: blue;">7.内容<span style="color: black;">敏锐</span>信息<span style="color: black;">泄密</span>:</strong></p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">尝试Google语法,Google Hacking找到某些<span style="color: black;">敏锐</span>内容,<span style="color: black;">例如</span>身份证号码的表格,<span style="color: black;">包括</span>服务器账号<span style="color: black;">秘码</span>的文件、某些<span style="color: black;">敏锐</span>文件,备份数据库。</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">常用语法:site:指定域名 inurl:指定域名 filetype:指定文件类型</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">能够</span><span style="color: black;">运用</span>谷歌镜像站尝试一下:</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">常用的网络空间搜索引擎有:</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">钟馗之眼:https://www.zoomeye.org/</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">shodan:https://www.shodan.io/</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">fofa: https://g.fofa.info/toLogin</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><strong style="color: blue;">网络安全学习资料点击→:<a style="color: black;">作者收集的网络安全资料</a></strong></p>
你的努力一定会被看见,相信自己,加油。
页:
[1]