2022护网准备工作——资产梳理&漏洞排查

作者：FancyPig | 发布时间：2022-07-23 13:10:54 | 更新时间：2022-07-23 18:21:27

前言

通常情况下，我们在HVV前期需要以攻击者的角度来审视客户的资产。

data-postsbox="{"id":11983,"title":"【视频讲解】渗透测试初学者应掌握的常用技巧和思路","author":"FancyPig","author_id":1,"cover_image":"","cover_video":"","views":3193,"comment_count":8,"category":"knowledge","is_forum_post":false}">{"id":11983,"title":"【视频讲解】渗透测试初学者应掌握的常用技巧和思路","author":"FancyPig","author_id":1,"cover_image":"","cover_video":"","views":3193,"comment_count":8,"category":"knowledge","is_forum_post":false}

统计客户资产名称、资产IP地址、开放端口以及部署的安全防护设备。

我们主要流程其实就是

资产梳理
漏洞挖掘
修复漏洞
蜜罐部署

知识铺垫

首先，讲解一下什么是hvv，hvv就是hw，护网的缩写，很多人都不晓得hvv的中文，就感觉听上去还挺高大上的，其实没啥。

hvv基本模式

护网主要是分成红队、蓝队还有紫色方

红队是攻击方
蓝队是防守方
紫色的是裁判组吧

红队有固定的ip池，蓝队也有固定的资产ip提供部分c段，然后就是你们期待的攻守演练。

当然，你们最期待的ddos攻击这里是不允许的。

防守方详细评分标准

1.防守方的失分是多支攻击队从该防守方获取的成果总分。
2.加分包括基础得分与附加分两部分，基础分上限为失分的80%。
3.基础得分是根据防守方提交的成果报告逐一打分后累加的总得分，每个报告对应到一起攻击事件的处置才可得分。

资产测绘

网络空间测绘

针对外网可以采用一些网络空间测绘的产品

data-postsbox="{"id":193,"title":"如何使用shodan/zoomeye搜索引擎进行社工？","author":"FancyPig","author_id":1,"cover_image":"","cover_video":"","views":19033,"comment_count":13,"category":"sg","is_forum_post":false}">{"id":193,"title":"如何使用shodan/zoomeye搜索引擎进行社工？","author":"FancyPig","author_id":1,"cover_image":"","cover_video":"","views":19033,"comment_count":13,"category":"sg","is_forum_post":false}

data-postsbox="{"id":10011,"title":"免费网络空间测绘平台奇安信Hunter——鹰图平台","author":"FancyPig","author_id":1,"cover_image":"https://static.pigsec.cn/wp-content/uploads/2022/02/20220219014721759.png","cover_video":"","views":20317,"comment_count":6,"category":"knowledge","is_forum_post":false}">{"id":10011,"title":"免费网络空间测绘平台奇安信Hunter——鹰图平台","author":"FancyPig","author_id":1,"cover_image":"https://static.pigsec.cn/wp-content/uploads/2022/02/20220219014721759.png","cover_video":"","views":20317,"comment_count":6,"category":"knowledge","is_forum_post":false}

当然也可以参考我们社区分享的教程

《SRC挖洞、HW打点之必备！自动化资产收集——domain_hunter_pro》

针对内网可以使用Goby等工具

攻击暴露面

data-postsbox="{"id":16553,"title":"零零信安攻击面管理系统 | 企业信息泄露情报平台","author":"FancyPig","author_id":1,"cover_image":"","cover_video":"","views":3365,"comment_count":17,"category":"cybersecurity","is_forum_post":false}">{"id":16553,"title":"零零信安攻击面管理系统 | 企业信息泄露情报平台","author":"FancyPig","author_id":1,"cover_image":"","cover_video":"","views":3365,"comment_count":17,"category":"cybersecurity","is_forum_post":false}

漏洞收集

漏扫工具

AWVS 针对Web安全漏洞

data-postsbox="{"id":20578,"title":"最新AWVS14.9.220713150破解版支持Windows/Linux","author":"FancyPig","author_id":1,"cover_image":"","cover_video":"","views":15616,"comment_count":452,"category":"software","is_forum_post":false}">{"id":20578,"title":"最新AWVS14.9.220713150破解版支持Windows/Linux","author":"FancyPig","author_id":1,"cover_image":"","cover_video":"","views":15616,"comment_count":452,"category":"software","is_forum_post":false}

Xray 针对Web安全漏洞 （通常配合AWVS爬虫被动扫描）

data-postsbox="{"id":17918,"title":"Chaitin/xray1.8.5-1.9最新社区高级版包含429POC 附license","author":"FancyPig","author_id":1,"cover_image":"https://static.pigsec.cn/wp-content/uploads/2022/06/20220615100518709.png","cover_video":"","views":7392,"comment_count":16,"category":"software","is_forum_post":false}">{"id":17918,"title":"Chaitin/xray1.8.5-1.9最新社区高级版包含429POC 附license","author":"FancyPig","author_id":1,"cover_image":"https://static.pigsec.cn/wp-content/uploads/2022/06/20220615100518709.png","cover_video":"","views":7392,"comment_count":16,"category":"software","is_forum_post":false}

Nessus 针对Web、主机安全漏洞

data-postsbox="{"id":12467,"title":"Nessus Pro10.1.2最新破解版配合20220328最新版本插件","author":"FancyPig","author_id":1,"cover_image":"","cover_video":"","views":13117,"comment_count":22,"category":"software","is_forum_post":false}">{"id":12467,"title":"Nessus Pro10.1.2最新破解版配合20220328最新版本插件","author":"FancyPig","author_id":1,"cover_image":"","cover_video":"","views":13117,"comment_count":22,"category":"software","is_forum_post":false}

data-postsbox="{"id":19991,"title":"Nessus最新插件包20220712","author":"FancyPig","author_id":1,"cover_image":"","cover_video":"","views":2473,"comment_count":12,"category":"software","is_forum_post":false}">{"id":19991,"title":"Nessus最新插件包20220712","author":"FancyPig","author_id":1,"cover_image":"","cover_video":"","views":2473,"comment_count":12,"category":"software","is_forum_post":false}

Invicti 针对Web安全漏洞

data-postsbox="{"id":20582,"title":"最新Invicti6.6.1.36926专业破解版下载（原Netsparker）","author":"FancyPig","author_id":1,"cover_image":"https://static.pigsec.cn/wp-content/uploads/2022/07/20220721031503316.png","cover_video":"","views":3625,"comment_count":7,"category":"software","is_forum_post":false}">{"id":20582,"title":"最新Invicti6.6.1.36926专业破解版下载（原Netsparker）","author":"FancyPig","author_id":1,"cover_image":"https://static.pigsec.cn/wp-content/uploads/2022/07/20220721031503316.png","cover_video":"","views":3625,"comment_count":7,"category":"software","is_forum_post":false}

HCL AppScan 针对Web安全漏洞

data-postsbox="{"id":20722,"title":"最新HCL AppScan Standard 10.0.828186破解版下载","author":"FancyPig","author_id":1,"cover_image":"","cover_video":"","views":3559,"comment_count":16,"category":"software","is_forum_post":false}">{"id":20722,"title":"最新HCL AppScan Standard 10.0.828186破解版下载","author":"FancyPig","author_id":1,"cover_image":"","cover_video":"","views":3559,"comment_count":16,"category":"software","is_forum_post":false}

非商用扫描工具

可以参考社区分享过的漏扫扫描器

《goon——集合了fscan和kscan等优秀工具功能的扫描爆破工具》

《一款内网综合扫描工具，一键自动化、全方位漏扫——fscan》

《一款纯go开发的全方位扫描器——Kscan》

《多功能开放式重定向漏洞扫描器——openRedScan》

《面向HW的红队半自动扫描器——PowerScanner》

漏洞库参考

data-postsbox="{"id":1390,"title":"网安CVE、CNVD公开漏洞库WIKI合集珍藏版（包括POC、EXP的编写）","author":"FancyPig","author_id":1,"cover_image":"","cover_video":"","views":19569,"comment_count":8,"category":"lsources","is_forum_post":false}">{"id":1390,"title":"网安CVE、CNVD公开漏洞库WIKI合集珍藏版（包括POC、EXP的编写）","author":"FancyPig","author_id":1,"cover_image":"","cover_video":"","views":19569,"comment_count":8,"category":"lsources","is_forum_post":false}

当然您也可以参考我们社区里分享的一些教程，可以通过docker快速部署并上线漏洞库文档

修复漏洞

统计完客户资产后，如果有条件，需要对存在漏洞的资产进行修复；

如果无法修复，需要进行策略的收紧或者针对特定URL进行封堵，防止信息泄露。

部署蜜罐

如果需要为后续溯源进行准备，可以部署蜜罐设置陷阱，参考

《一款针对于IDE的反制蜜罐 IDE-Honeypot》

文档资料

一些HW相关的培训资料

经验分享

data-postsbox="{"id":3712,"title":"最近参加某央企攻防演练中的一些心得与实战工具分享","author":"FancyPig","author_id":1,"cover_image":"","cover_video":"","views":11738,"comment_count":281,"category":"cybersecurity","is_forum_post":false}">{"id":3712,"title":"最近参加某央企攻防演练中的一些心得与实战工具分享","author":"FancyPig","author_id":1,"cover_image":"","cover_video":"","views":11738,"comment_count":281,"category":"cybersecurity","is_forum_post":false}

[postsbox post_id="299"]

标签：漏洞, 网络安全, 信息安全, post