\u4fe1\u606f\u6536\u96c6\u662f\u6e17\u900f\u6d4b\u8bd5\u7684\u7b2c\u4e00\u6b65\uff0c\u4e5f\u662f\u6700\u5173\u952e\u7684\u4e00\u6b65\u3002\u6536\u96c6\u5230\u7684\u4fe1\u606f\u8d8a\u5168\u9762\uff0c\u540e\u7eed\u653b\u51fb\u7684\u6210\u529f\u7387\u8d8a\u9ad8\u3002\u4fe1\u606f\u6536\u96c6\u5206\u4e3a\u88ab\u52a8\u6536\u96c6<\/strong>\uff08\u4e0d\u76f4\u63a5\u63a5\u89e6\u76ee\u6807\uff09\u548c\u4e3b\u52a8\u6536\u96c6<\/strong>\uff08\u76f4\u63a5\u4e0e\u76ee\u6807\u4ea4\u4e92\uff09\u4e24\u79cd\u65b9\u5f0f\u3002<\/p>\n \u4fe1\u606f\u6536\u96c6\u7684\u5b8c\u6574\u6d41\u7a0b\uff1a<\/p>\n \u6e17\u900f\u7684\u672c\u8d28\u5c31\u662f\u4fe1\u606f\u6536\u96c6\uff0c\u6536\u96c6\u5f97\u8d8a\u5168\u9762\uff0c\u6210\u529f\u7684\u6982\u7387\u8d8a\u9ad8\u3002<\/p>\n<\/blockquote>\n","protected":false},"excerpt":{"rendered":" \u6e17\u900f\u6d4b\u8bd5\u4fe1\u606f\u6536\u96c6\u65b9\u6cd5\u603b\u7ed3 \u6982\u8ff0 \u4fe1\u606f\u6536\u96c6\u662f\u6e17\u900f\u6d4b\u8bd5\u7684\u7b2c\u4e00\u6b65\uff0c\u4e5f\u662f\u6700\u5173\u952e\u7684\u4e00\u6b65\u3002\u6536\u96c6\u5230\u7684\u4fe1\u606f\u8d8a\u5168\u9762\uff0c\u540e\u7eed\u653b\u51fb\u7684\u6210 … <\/p>\n","protected":false},"author":3,"featured_media":177,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[10],"tags":[],"class_list":["post-154","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-pentest-basic"],"_links":{"self":[{"href":"https:\/\/www.redspear.cn\/index.php\/wp-json\/wp\/v2\/posts\/154","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.redspear.cn\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.redspear.cn\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.redspear.cn\/index.php\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.redspear.cn\/index.php\/wp-json\/wp\/v2\/comments?post=154"}],"version-history":[{"count":2,"href":"https:\/\/www.redspear.cn\/index.php\/wp-json\/wp\/v2\/posts\/154\/revisions"}],"predecessor-version":[{"id":202,"href":"https:\/\/www.redspear.cn\/index.php\/wp-json\/wp\/v2\/posts\/154\/revisions\/202"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.redspear.cn\/index.php\/wp-json\/wp\/v2\/media\/177"}],"wp:attachment":[{"href":"https:\/\/www.redspear.cn\/index.php\/wp-json\/wp\/v2\/media?parent=154"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.redspear.cn\/index.php\/wp-json\/wp\/v2\/categories?post=154"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.redspear.cn\/index.php\/wp-json\/wp\/v2\/tags?post=154"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}\u4e00\u3001\u4f01\u4e1a\u4fe1\u606f\u6536\u96c6<\/h2>\n
1. \u4f01\u4e1a\u57fa\u672c\u4fe1\u606f<\/h3>\n
\n
\n
2. \u5907\u6848\u4fe1\u606f\u67e5\u8be2<\/h3>\n
\n
\u4e8c\u3001\u57df\u540d\u4fe1\u606f\u6536\u96c6<\/h2>\n
1. \u5b50\u57df\u540d\u6536\u96c6<\/h3>\n
# \u5e38\u7528\u5de5\u5177\nOneForAll\uff1apython3 oneforall.py --target example.com run\nsubfinder\uff1asubfinder -d example.com\nLayer\u5b50\u57df\u540d\u6316\u6398\u673a\nSublist3r\uff1apython sublist3r.py -d example.com\n\n# \u5728\u7ebf\u5e73\u53f0\nhttps:\/\/phpinfo.me\/domain\/\nhttps:\/\/www.virustotal.com\/\nhttps:\/\/crt.sh\/\uff08\u8bc1\u4e66\u900f\u660e\u5ea6\u67e5\u8be2\uff09<\/code><\/pre>\n2. \u57df\u540d\u89e3\u6790<\/h3>\n
# \u67e5\u8be2A\u8bb0\u5f55\u3001MX\u8bb0\u5f55\u3001CNAME\u8bb0\u5f55\nnslookup -type=A example.com\ndig example.com A\ndig example.com MX<\/code><\/pre>\n\u4e09\u3001IP\u4fe1\u606f\u6536\u96c6<\/h2>\n
1. IP\u53cd\u67e5\u57df\u540d<\/h3>\n
\n
2. C\u6bb5\u626b\u63cf<\/h3>\n
# nmap\u626b\u63cfC\u6bb5\u5b58\u6d3b\u4e3b\u673a\nnmap -sn 192.168.1.0\/24\n\n# masscan\u5feb\u901f\u626b\u63cf\u7aef\u53e3\nmasscan 192.168.1.0\/24 -p 80,443,8080 --rate=1000<\/code><\/pre>\n3. CDN\u8bc6\u522b<\/h3>\n
# \u591a\u5730ping\u68c0\u6d4bCDN\nhttps:\/\/ping.chinaz.com\/\nhttps:\/\/www.17ce.com\/\n\n# \u7ed5\u8fc7CDN\u627e\u771f\u5b9eIP\n1. \u5b50\u57df\u540d\u63a2\u6d4b\uff08\u53ef\u80fd\u6ca1\u8d70CDN\uff09\n2. \u5386\u53f2DNS\u8bb0\u5f55\u67e5\u8be2\n3. \u90ae\u4ef6\u670d\u52a1\u5668IP\n4. \u56fd\u5916\u4e3b\u673aping<\/code><\/pre>\n\u56db\u3001\u7aef\u53e3\u670d\u52a1\u6536\u96c6<\/h2>\n
1. \u7aef\u53e3\u626b\u63cf<\/h3>\n
# nmap\u5168\u7aef\u53e3\u626b\u63cf\nnmap -sV -sC -p 1-65535 target.com\n\n# \u5feb\u901f\u626b\u63cf\u5e38\u7528\u7aef\u53e3\nnmap -sV -top-ports 1000 target.com\n\n# masscan\u5feb\u901f\u626b\u63cf\nmasscan target.com -p 1-65535 --rate=10000<\/code><\/pre>\n2. \u5e38\u89c1\u7aef\u53e3\u53ca\u5229\u7528<\/h3>\n
\n
\n \u7aef\u53e3<\/th>\n \u670d\u52a1<\/th>\n \u5229\u7528\u65b9\u5411<\/th>\n<\/tr>\n \n 21\/22<\/td>\n FTP\/SSH<\/td>\n \u533f\u540d\u767b\u5f55\u3001\u7206\u7834\u3001\u96a7\u9053\u8f6c\u53d1<\/td>\n<\/tr>\n \n 80\/443\/8080<\/td>\n Web\u670d\u52a1<\/td>\n Web\u6f0f\u6d1e\u653b\u51fb<\/td>\n<\/tr>\n \n 3306<\/td>\n MySQL<\/td>\n \u7206\u7834\u3001\u63d0\u6743<\/td>\n<\/tr>\n \n 6379<\/td>\n Redis<\/td>\n \u672a\u6388\u6743\u8bbf\u95ee<\/td>\n<\/tr>\n \n 7001\/7002<\/td>\n WebLogic<\/td>\n \u53cd\u5e8f\u5217\u5316\u3001\u5f31\u53e3\u4ee4<\/td>\n<\/tr>\n \n 27017<\/td>\n MongoDB<\/td>\n \u672a\u6388\u6743\u8bbf\u95ee<\/td>\n<\/tr>\n<\/table>\n \u4e94\u3001Web\u6307\u7eb9\u8bc6\u522b<\/h2>\n
1. \u6846\u67b6\u8bc6\u522b<\/h3>\n
\n
\n
2. \u7279\u5f81\u6536\u96c6<\/h3>\n
\n
\u516d\u3001\u76ee\u5f55\u6587\u4ef6\u6536\u96c6<\/h2>\n
1. \u76ee\u5f55\u626b\u63cf<\/h3>\n
# \u5e38\u7528\u5de5\u5177\ndirsearch\uff1apython3 dirsearch.py -u target.com\ngobuster\uff1agobuster dir -u target.com -w wordlist.txt\n\u5fa1\u5251\u540e\u53f0\u626b\u63cf\ndirmap<\/code><\/pre>\n2. \u654f\u611f\u6587\u4ef6<\/h3>\n
\n
\u4e03\u3001JS\u6587\u4ef6\u5206\u6790<\/h2>\n
1. JS\u4fe1\u606f\u63d0\u53d6<\/h3>\n
# \u5de5\u5177\nJSFinder\uff1apython3 JSFinder.py -u target.com\nLinkFinder\uff1apython3 linkfinder.py -i target.com -o cli\n\n# \u67e5\u627e\u5185\u5bb9\nAPI\u63a5\u53e3\n\u9690\u85cf\u53c2\u6570\n\u786c\u7f16\u7801\u5bc6\u94a5\u3001Token\n\u5185\u7f51\u5730\u5740<\/code><\/pre>\n\u516b\u3001\u641c\u7d22\u5f15\u64ce\u5229\u7528<\/h2>\n
1. Google Hacking<\/h3>\n
# \u5e38\u7528\u8bed\u6cd5\nsite:example.com \u2014 \u9650\u5b9a\u7f51\u7ad9\ninurl:admin \u2014 URL\u5305\u542badmin\nintitle:\u540e\u53f0 \u2014 \u6807\u9898\u5305\u542b\u540e\u53f0\nfiletype:pdf \u2014 \u6587\u4ef6\u7c7b\u578b\nintext:password \u2014 \u6b63\u6587\u5305\u542bpassword\n\n# \u7ec4\u5408\u4f7f\u7528\nsite:example.com filetype:sql\nsite:example.com inurl:login\nsite:example.com intext:\u6570\u636e\u5e93<\/code><\/pre>\n2. \u7f51\u7edc\u7a7a\u95f4\u641c\u7d22\u5f15\u64ce<\/h3>\n
\n
\u4e5d\u3001\u81ea\u52a8\u5316\u5de5\u5177<\/h2>\n
1. \u706f\u5854ARL<\/h3>\n
# \u81ea\u52a8\u5316\u8d44\u4ea7\u6536\u96c6+\u6f0f\u6d1e\u626b\u63cf\ndocker pull tophant\/arl\ndocker-compose up -d<\/code><\/pre>\n2. \u8d44\u4ea7\u7ba1\u7406\u5e73\u53f0<\/h3>\n
\n
\u603b\u7ed3<\/h2>\n
\n
\n