信息收集----网站信息收集

作者：黎明 | 发布时间：2022-10-18 11:17:41 | 更新时间：2022-10-18 11:18:02

相关阅读

data-postsbox="{"id":22253,"title":"【漏洞赏金侦察课程】如何发现隐藏的子域名\u0026URL","author":"FancyPig","author_id":1,"cover_image":"","cover_video":"","views":3134,"comment_count":5,"category":"knowledge","is_forum_post":false}">{"id":22253,"title":"【漏洞赏金侦察课程】如何发现隐藏的子域名\u0026URL","author":"FancyPig","author_id":1,"cover_image":"","cover_video":"","views":3134,"comment_count":5,"category":"knowledge","is_forum_post":false}

data-postsbox="{"id":11160,"title":"【零基础学渗透】主动信息收集","author":"Sec-Labs","author_id":10015,"cover_image":"","cover_video":"","views":9676,"comment_count":485,"category":"cybersecurity","is_forum_post":false}">{"id":11160,"title":"【零基础学渗透】主动信息收集","author":"Sec-Labs","author_id":10015,"cover_image":"","cover_video":"","views":9676,"comment_count":485,"category":"cybersecurity","is_forum_post":false}

data-postsbox="{"id":11003,"title":"【零基础学渗透】被动信息收集","author":"Sec-Labs","author_id":10015,"cover_image":"","cover_video":"","views":13622,"comment_count":853,"category":"cybersecurity","is_forum_post":false}">{"id":11003,"title":"【零基础学渗透】被动信息收集","author":"Sec-Labs","author_id":10015,"cover_image":"","cover_video":"","views":13622,"comment_count":853,"category":"cybersecurity","is_forum_post":false}

data-postsbox="{"id":22692,"title":"信息收集----端口收集","author":"黎明","author_id":70180,"cover_image":"","cover_video":"","views":2734,"comment_count":7,"category":"cybersecurity","is_forum_post":false}">{"id":22692,"title":"信息收集----端口收集","author":"黎明","author_id":70180,"cover_image":"","cover_video":"","views":2734,"comment_count":7,"category":"cybersecurity","is_forum_post":false}

data-postsbox="{"id":22685,"title":"信息收集----域名收集","author":"黎明","author_id":70180,"cover_image":"","cover_video":"","views":2289,"comment_count":4,"category":"cybersecurity","is_forum_post":false}">{"id":22685,"title":"信息收集----域名收集","author":"黎明","author_id":70180,"cover_image":"","cover_video":"","views":2289,"comment_count":4,"category":"cybersecurity","is_forum_post":false}

判断网站操作系统

Linux大小写敏感
Windows大小写不敏感

目录爆破

是否存在信息泄漏

使用目录爆破工具查看扫描到的url是否存在信息泄露

扫描敏感文件

使用目录爆破工具查看扫描到的敏感文件
如
robots.txt
crossdomain.xml
sitemap.xml
xx.tar.gz
xx.bak
等

开源情报信息收集

github

● Github_Nuggests（自动爬取Github上文件敏感信息泄露） :https://github.com/az0ne/Github_Nuggests
● GSIL（能够实现近实时（15分钟内）的发现Github上泄露的信息） :https://github.com/FeeiCN/GSIL
● x-patrol(小米团队的):https://github.com/MiSecurity/x-patrol

确认网站存在信息

确定网站采用的语言

如PHP / Java / Python等
找后缀，比如php/asp/jsp

前端框架

如jQuery / BootStrap / Vue / React / Angular等查看源代码

中间服务器

如 Apache / Nginx / IIS 等

查看header中的信息

根据报错信息判断

根据默认页面判断

Web容器服务器

如Tomcat / Jboss / Weblogic等

后端框架

根据Cookie判断
根据CSS / 图片等资源的hash值判断
根据URL路由判断
如wp-admin根据网页中的关键字判断
根据响应头中的X-Powered-By

CDN信息

常见的有Cloudflare、yunjiasu
探测有没有WAF
有WAF，查看什么类型的，找绕过方式
没有，进入下一步

此处内容已隐藏，请评论后刷新页面查看.

最近作者在学爬虫没时间写，请见谅

标签：cdn, 信息收集, 信息收集的方法, 信息收集工具, 目录爆破, 目录爆破工具, 目录爆破字典, 目录爆破原理, 开源信息, 情报, 前端框架, 中间件, web容器, 后端框架