whois

推荐站长之家api调用

image-20210323150835126

常见网站架构的类型

1.php+mysql+win/linux

1
1.2003 iis6.0/2008 iis7.0/2012 iis8.0
1
2. apache
1
3.nginx

2.aspx+access/mssql+win 3. 3.jsp+oracle/mysql/+win/linux

1
1.tomcat

4.php+postgresql+linux

文件和目录扫描工具

  • 御剑后台扫描工具
  • dirbuster
  • pk

子域名收集

  • layer子域名挖掘机

  • subDomainBrute

    安装常见问题 默认 python pip 版本不对应
    更换默认python版本为3 安装pip3

  • wydomain

  • sublist3r

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
    35
    36
    37
    38
    39
    40
    41
    42
    43
    44
    45
    46
    47
    48
    49
    50
    51
    52
    53
    54
    55
    af install sublist3r #kali下

    ┌──(root💀kali)-[~]
    └─# sublist3r -d qq.com 130 ⨯

    ____ _ _ _ _ _____
    / ___| _ _| |__ | (_)___| |_|___ / _ __
    \___ \| | | | '_ \| | / __| __| |_ \| '__|
    ___) | |_| | |_) | | \__ \ |_ ___) | |
    |____/ \__,_|_.__/|_|_|___/\__|____/|_|

    # Coded By Ahmed Aboul-Ela - @aboul3la

    [-] Enumerating subdomains now for qq.com
    [-] Searching now in Baidu..
    [-] Searching now in Yahoo..
    [-] Searching now in Google..
    [-] Searching now in Bing..
    [-] Searching now in Ask..
    [-] Searching now in Netcraft..
    [-] Searching now in DNSdumpster..
    [-] Searching now in Virustotal..
    [-] Searching now in ThreatCrowd..
    [-] Searching now in SSL Certificates..
    [-] Searching now in PassiveDNS..
    [-] Total Unique Subdomains Found: 2690
    login.imqq.com
    localhost.ptlogin2.imqq.com
    ssl.ptlogin2.imqq.com
    ssl.ui.ptlogin2.imqq.com
    ssl.xui.ptlogin2.imqq.com
    www.qq.com
    0.qq.com
    007.qq.com
    021.qq.com
    1.qq.com
    10.qq.com
    100.qq.com
    file.100.qq.com
    res.100.qq.com
    1000.qq.com
    101.qq.com
    pick.101.qq.com
    game.108.qq.com
    110.qq.com
    1108.qq.com
    111.qq.com
    1111.qq.com
    124bjg0.qq.com
    12530.qq.com
    176.qq.com
    17roco.qq.com
    m.17roco.qq.com
    m1.17roco.qq.com
    mres.17roco.qq.com

c段查询

端口扫描

  • nmap

1
nmap -all ip

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
┌──(root💀kali)-[~]
└─# nmap -v -A -p1-65535 127.0.0.1
Starting Nmap 7.91 ( https://nmap.org ) at 2021-04-10 13:58 CST
NSE: Loaded 153 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 13:58
Completed NSE at 13:58, 0.00s elapsed
Initiating NSE at 13:58
Completed NSE at 13:58, 0.00s elapsed
Initiating NSE at 13:58
Completed NSE at 13:58, 0.00s elapsed
Initiating SYN Stealth Scan at 13:58
Scanning localhost (127.0.0.1) [65535 ports]
Discovered open port 22/tcp on 127.0.0.1
Completed SYN Stealth Scan at 13:58, 0.37s elapsed (65535 total ports)
Initiating Service scan at 13:58
Scanning 1 service on localhost (127.0.0.1)
Completed Service scan at 13:58, 0.01s elapsed (1 service on 1 host)
Initiating OS detection (try #1) against localhost (127.0.0.1)
Retrying OS detection (try #2) against localhost (127.0.0.1)
Retrying OS detection (try #3) against localhost (127.0.0.1)
Retrying OS detection (try #4) against localhost (127.0.0.1)
Retrying OS detection (try #5) against localhost (127.0.0.1)
NSE: Script scanning 127.0.0.1.
Initiating NSE at 13:58
Completed NSE at 13:58, 0.08s elapsed
Initiating NSE at 13:58
Completed NSE at 13:58, 0.00s elapsed
Initiating NSE at 13:58
Completed NSE at 13:58, 0.00s elapsed
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000018s latency).
Not shown: 65534 closed ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 8.4p1 Debian 5 (protocol 2.0)
| ssh-hostkey:
| 3072 95:24:8a:70:02:c1:7c:b9:63:1d:57:bd:c4:ba:59:84 (RSA)
| 256 ac:24:26:ce:c9:34:47:e7:62:38:13:d1:03:6d:c7:54 (ECDSA)
|_ 256 79:e3:be:ae:1e:ee:87:ed:bd:3d:b3:23:e6:de:92:08 (ED25519)
No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).
TCP/IP fingerprint:
OS:SCAN(V=7.91%E=4%D=4/10%OT=22%CT=1%CU=43844%PV=N%DS=0%DC=L%G=Y%TM=60713E8
OS:C%P=x86_64-pc-linux-gnu)SEQ(SP=106%GCD=1%ISR=10A%TI=Z%CI=Z%II=I%TS=A)OPS
OS:(O1=MFFD7ST11NWA%O2=MFFD7ST11NWA%O3=MFFD7NNT11NWA%O4=MFFD7ST11NWA%O5=MFF
OS:D7ST11NWA%O6=MFFD7ST11)WIN(W1=FFCB%W2=FFCB%W3=FFCB%W4=FFCB%W5=FFCB%W6=FF
OS:CB)ECN(R=Y%DF=Y%T=40%W=FFD7%O=MFFD7NNSNWA%CC=Y%Q=)T1(R=Y%DF=Y%T=40%S=O%A
OS:=S+%F=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%
OS:Q=)T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T=40%W=0%S=
OS:A%A=Z%F=R%O=%RD=0%Q=)T7(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)U1(R=
OS:Y%DF=N%T=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N%
OS:T=40%CD=S)

Uptime guess: 22.103 days (since Fri Mar 19 11:30:10 2021)
Network Distance: 0 hops
TCP Sequence Prediction: Difficulty=262 (Good luck!)
IP ID Sequence Generation: All zeros
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

NSE: Script Post-scanning.
Initiating NSE at 13:58
Completed NSE at 13:58, 0.00s elapsed
Initiating NSE at 13:58
Completed NSE at 13:58, 0.00s elapsed
Initiating NSE at 13:58
Completed NSE at 13:58, 0.00s elapsed
Read data files from: /usr/bin/../share/nmap
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 12.35 seconds
Raw packets sent: 65645 (2.892MB) | Rcvd: 131283 (5.520MB)
  • 御剑端口扫描

image-20210410140746650

WEB信息探测

云悉

  • 御剑web指纹扫描工具
  • InsightScan
  • HBSV

邮箱信息搜集

  • theHarvester

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
    35
    36
    37
    38
    39
    40
    41
    42
    43
    44
    45
    46
    47
    48
    49
    50
    51
    52
    53
    54
    55
    56
    57
    58
    59
    60
    61
    62
    63
    64
    65

    ┌──(root💀kali)-[~]
    └─# theHarvester -d freebuf.com -b baidu 2 ⨯

    *******************************************************************
    * _ _ _ *
    * | |_| |__ ___ /\ /\__ _ _ ____ _____ ___| |_ ___ _ __ *
    * | __| _ \ / _ \ / /_/ / _` | '__\ \ / / _ \/ __| __/ _ \ '__| *
    * | |_| | | | __/ / __ / (_| | | \ V / __/\__ \ || __/ | *
    * \__|_| |_|\___| \/ /_/ \__,_|_| \_/ \___||___/\__\___|_| *
    * *
    * theHarvester 3.2.3 *
    * Coded by Christian Martorella *
    * Edge-Security Research *
    * cmartorella@edge-security.com *
    * *
    *******************************************************************


    [*] Target: freebuf.com

    [*] Searching Baidu.

    [*] No IPs found.

    [*] No emails found.

    [*] Hosts found: 8
    ---------------------
    bar.freebuf.com:60.205.171.29
    company.freebuf.com:60.205.171.29
    job.freebuf.com:60.205.171.29
    live.freebuf.com:60.205.171.29
    my.freebuf.com:60.205.171.29
    search.freebuf.com:60.205.171.29
    shop.freebuf.com:60.205.171.29
    www.freebuf.com:60.205.171.29

    ┌──(root💀kali)-[~]
    └─# theHarvester -d dansemal.github.io -b baidu

    *******************************************************************
    * _ _ _ *
    * | |_| |__ ___ /\ /\__ _ _ ____ _____ ___| |_ ___ _ __ *
    * | __| _ \ / _ \ / /_/ / _` | '__\ \ / / _ \/ __| __/ _ \ '__| *
    * | |_| | | | __/ / __ / (_| | | \ V / __/\__ \ || __/ | *
    * \__|_| |_|\___| \/ /_/ \__,_|_| \_/ \___||___/\__\___|_| *
    * *
    * theHarvester 3.2.3 *
    * Coded by Christian Martorella *
    * Edge-Security Research *
    * cmartorella@edge-security.com *
    * *
    *******************************************************************


    [*] Target: dansemal.github.io

    [*] Searching Baidu.

    [*] No IPs found.

    [*] No emails found.

    [*] No hosts found.
  • 社工库