汇总:web渗透信息收集总结版
优采云 发布时间: 2022-11-29 20:30汇总:web渗透信息收集总结版
目录
渗透测试流程:
渗透测试与入侵的最大区别
目标对象分析:
web方向信息收集:
整个网站站分析:
谷歌黑客:
采集相关url的同类网站:
渗透测试一般流程:
如何绕过CDN查真实IP:
渗透测试流程:渗透测试与入侵最大的区别
" />
渗透测试:以保护系统为目的,更全面地找出测试对象的安全隐患。
入侵:不择手段(甚至是破坏性的)获取系统权限。
目标受众分析:
Web方向信息采集:
整个网站分析:
谷歌黑客:
采集
相关url的类似网站: 例如:php?id=same as the vulnerability website 某种指纹网站常用工具Google hackerurl采集
器!
" />
渗透测试的一般流程:
一、项目准备工作
2、信息采集:whois、网站源IP、侧站、C段网站、服务器系统版本、容器版本、程序版本、
数据库类型、二级域名、防火墙、维护者信息
3、漏洞扫描:Nessus、AWVS
4. 人工挖:逻辑坑
5.身份验证漏洞
6.修复建议
7.(如果有)基线检查/重新测试漏洞
8.输出报告
如何绕过CDN查看真实IP:
1.ping多处看有没有CDN
解决方案:周末写了个c#的优采云
采集动态设置代理IP插件含随机UserAgent
通过代理提供程序接口,获取代理 IP 地址实时每个 IP 地址使用 1 分钟
,1 分钟后获取新 IP 地址。
集成从互联网上复制的随机用户代理来合成优采云
插件。
试了一下,还算不错,屏蔽别人采集
的测试对象站坏了。
//Import System.dll
//Import System.Core.dll
//Import System.Data.dll
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Text.RegularExpressions;
using SpiderInterface;
using System.Net;
using System.IO;
namespace PluginSample
{
public class Plugin1 : IHTTPTamper
{
string[] agentList =new string[] {
"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 OPR/26.0.1656.60",
"Opera/8.0 (Windows NT 5.1; U; en)",
"Mozilla/5.0 (Windows NT 5.1; U; en; rv:1.8.1) Gecko/20061208 Firefox/2.0.0 Opera 9.50",
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; en) Opera 9.50",
"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:34.0) Gecko/20100101 Firefox/34.0",
"Mozilla/5.0 (X11; U; Linux x86_64; zh-CN; rv:1.9.2.10) Gecko/20100922 Ubuntu/10.10 (maverick) Firefox/3.6.10",
"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.57.2 (KHTML, like Gecko) Version/5.1.7 Safari/534.57.2",
"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36",
"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.64 Safari/537.11",
"Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.133 Safari/534.16",
"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.101 Safari/537.36",
"Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.11 TaoBrowser/2.0 Safari/536.11",
"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.71 Safari/537.1 LBBROWSER",
"Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; LBBROWSER)",
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; QQDownload 732; .NET4.0C; .NET4.0E; LBBROWSER)",
"Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; QQBrowser/7.0.3698.400)",
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; QQDownload 732; .NET4.0C; .NET4.0E)",
"Mozilla/5.0 (Windows NT 5.1) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.84 Safari/535.11 SE 2.X MetaSr 1.0",
"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; SV1; QQDownload 732; .NET4.0C; .NET4.0E; SE 2.X MetaSr 1.0)",
"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Maxthon/4.4.3.4000 Chrome/30.0.1599.101 Safari/537.36",
"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2125.122 UBrowser/4.0.3214.0 Safari/537.36"
};
public void CheckCacheDir() {
string Dir = "D:\\IPCACHE\\";
if (!Directory.Exists(Dir)) Directory.CreateDirectory(Dir);
}
<p>
" />
public string GetUrlContent(string url)
{
using(WebClient wc = new WebClient()){
try
{
return Encoding.GetEncoding("UTF-8").GetString(wc.DownloadData(string.Format(url)));
}
catch (Exception e)
{
throw new Exception(e.ToString());
}
}
}
public string ReadTxt() {
string Result = "";
try
{
string filename = "D:\\IPCACHE\\" + DateTime.Now.ToString("yyyyMMddHHmm") + ".txt";
using (StreamReader sr = new StreamReader(filename))
{
Result = sr.ReadToEnd();
}
}
catch
{
Result = "缓存不存在";
}
return Result;
}
public string WriteTxt(string val) {
try
{
string filename = "D:\\IPCACHE\\" + DateTime.Now.ToString("yyyyMMddHHmm") + ".txt";
using (StreamWriter sr = new StreamWriter(filename))
{
sr.Write(val);
}
}
catch
{
return "fail";
}
return "Success";
}
public string GetProxyIp(){
string ProxyApi = "代理IP获取的API, 结果应该是 0.0.0.0.0:xxxx";
CheckCacheDir();
string ip = "";
//检查缓存
string ProxyCache = ReadTxt();
if (ProxyCache != "缓存不存在" && ProxyCache != "")
{
" />
ip = ProxyCache;
}
else {
ip = GetUrlContent(ProxyApi);
WriteTxt(ip);
}
return ip;
}
///
/// 处理下载前的request
///
///
public void BeforeRequest(RequestEntry request) {
//Console.WriteLine("BeforeRequest:"+request.Url);
//request.Referer="";
//request.Headers.
Random r = new Random();
string Agent = agentList[r.Next(agentList.Length)];
request.Headers["User-Agent"] =Agent;
var proxy = new WebProxy(GetProxyIp(), true);
request.WebProxy=proxy;
}
///
/// 处理下载完成后的http响应,网址、默认页、多页、内容分页
///
///
public void AfterResponse(ResponseEntry response) {
Console.WriteLine("AfterResponse:" + response.Url);
}
}
}
</p>
以前每分钟一次的时间粒度调整可以替换为每 10 秒或每秒一次,替换为以下内容
子字符串(0, 14) 每秒, 子字符串 (0, 13) 每 10 秒
原创
时间格式应增加到秒 ss
string filename = "D:\\IPCACHE\\" + DateTime.Now.ToString("yyyyMMddHHmmss").Substring(0, 14) + ".txt";
添加先获取 cookie 的功能,但 cookie 也必须使用代理,否则这里可能会出现问题。
public string GetCookie() {
string url = "https://www.xxxxxxxxxxx.com/";
System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
CookieContainer cookies = new CookieContainer();
HttpWebRequest myHttpWebRequest = (HttpWebRequest)WebRequest.Create(url);
myHttpWebRequest.Timeout = 20 * 1000; //连接超时
myHttpWebRequest.Accept = "*/*";
myHttpWebRequest.UserAgent = "Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0;)";
myHttpWebRequest.CookieContainer = new CookieContainer(); //暂存到新实例
myHttpWebRequest.GetResponse().Close();
cookies = myHttpWebRequest.CookieContainer; //保存cookies
string cookiesstr = myHttpWebRequest.CookieContainer.GetCookieHeader(myHttpWebRequest.RequestUri); //把cookies转换成字符串
return cookiesstr;
}
添加用于使用 Cookie 的代码
request.Headers.Add("Cookie","xxxxxxx");//获取Cookie也得用代理,不然也是白瞎
