当前位置:网站首页>2. Overview of information collection
2. Overview of information collection
2022-07-22 13:37:00 【/home/liupc】
1 Why do you collect information ?
It can also be called asset collection perhaps Step on the spot . If there is no information collection , The scope of the later penetration test is very blind . It is possible to miss many important safety hazards .
Information collection can help us build a database of information , Define the scope of the attack . Do the work of rear attack accurately .
such as , Someone else gave a domain name www.baidu.com, You don't even know how many sub stations he has , It is possible to miss many loopholes . perhaps , I don't even know that the background code is used java Written , How to find out log4j The remote code vulnerability of ?
The more information is collected , The more security problems can be found .
2 What is information collection ?
1. Domain name related , For example, what domain names are there under Baidu
2.IP, If there is CDN, Or load balancing , How to find the real IP?
Of the same network segment IP What else ? We call it C Segment query .
3. Open port .
4.CMS The fingerprint . What framework does the system have .
5. There is also the use of search engines to collect information . For example, search zhihushang and... On Baidu “ Didi fine ” About , How to input :
Another example , How to find “ Background management system ”,
5. Cyberspace mapping
6. Directory scanning
边栏推荐
- Pyhton crawls the primary and secondary website pages and saves the crawled image information locally
- It's a holiday. I need to read books carefully
- 海量 Region 集群调优最佳实践
- 【PostgreSQL 15】PostgreSQL 15对UNIQUE和NULL的改进
- 另类加法与走方格的方案数
- Uniapp realizes the lucky circle function of lottery
- 从源码上学习 MockMvc 的使用
- 直播回顾| Apache Pulsar Meetup 精彩回放(含 PPT 下载)
- Service (LB) and managed pod
- One bite of Stream(8)
猜你喜欢
应用在触摸面板中的电容式触摸芯片
leetcode-2337:移动片段得到字符串
leetcode-6112:装满杯子需要的最短总时长
Operating principle of JVM
Privacy-Preserving Generative Deep Neural Networks Support Clinical Data Sharing
Analysis of the advantages of the LAAS scheme of elephant swap led to strong performance of ETOKEN
第N次重装系统之win10注册表
另类加法与走方格的方案数
软件测试面试中,面试官问你一些比较“刁难”的问题你会怎么回答
leetcode-6116:计算布尔二叉树的值
随机推荐
Window compilation generates Darknet (cuda11.1+opencv4.5+vs2019)
Leetcode - zj - future04: distribution des marchandises en magasin
leetcode-386:字典序排数
Leetcode-1260: 2D mesh migration
【C】信息管理系统/通讯录通用模板(介绍静态、动态、文件三个版本)
在Mysql中为什么定义varchar(255)?
leetcode-zj-future04:门店商品调配
带你刷(牛客网)C语言百题(第三天)
How to install MySQL
Recordrtc video recording, playback, screenshot, Download
leetcode-720:词典中最长的单词
Leetcode-2337: move the fragment to get the string
2022/07/21 --- maximum value of sliding window;
Leetcode-6118: sum of squares of minimum differences
Service (LB) and managed pod
[advanced C language] learning about flexible arrays
AMBA 2 AHB、AMBA 3 AHB(AHB_Lite)和AMBA 5 AHB协议比较
TiDB 最佳实践
Leetcode-zj-future03: location of express transfer station
Use the browser plug-in to run JS to delete the "disable copy" function of a specific website