Information collection at the early stage of Penetration Testing

Source: Internet
Author: User
Tags website ip

Information collection at the early stage of Penetration Testing

Information collection at the early stage of Penetration Testing

Everything starts with a URL.

Use Google Hacking to view the target website, such as site: www.baidu.com. You can view the main site information, site: baidu.com, and view information about some sub-sites. Get started with a website.

Get website ip information: http://tool.chinaz.com/Same/, query the ip address of the website, you can also get the site information with the same ip address.

Determine whether the ip address is the CDN ip address or the real ip address. If it is a real ip address, you can scan the port to view the open port. If CDN is protected, you need to find the real ip address of the website.

View whois information, http://whois.chinaz.com/, get website registration mailbox, can be used for social engineering or login account.

Obtain the website directory information. Search for Google Hacking, such as site: baidu.com inurl: admin. Use similar syntaxes to obtain sensitive information about the website, including background information, uploading and downloading. For example, inurl: admin, inurl: upload, inurl: download, inurl: login, intitle: "login ". For example, directory traversal, intitle: index.. Here, inurl: login obtains the logon interface of the website. If there is no verification code, there is a threat of brute-force cracking or credential stuffing.

Actively collect information. 1) Use crawlers to obtain the website directory structure. For example, the wvs crawler function obtains the website directory structure. 2) use the directory guessing tool to perform brute force cracking.

Collect passive information and use the burp proxy to perform normal functions on the website, and obtain the website directory and hidden interfaces.

Obtain Server information, view the Server header of Response information, and obtain Server information. For example, Microsoft-IIS/6.0.

Obtain the script information. 1) view the Response header, for example, X-Powered-By: ASP. NET, X-Powered-By: PHP. 2) view Cookie information, such as PHPSESSID, JSESSIONID, and ASPSESSIONID. 3) view file suffixes, such as. asp, aspx,. php,. jsp,. do, and. action.

Obtain the framework information. Obtain the framework information used by the website through the error message or URL structure. Such as ThinkPHP and Struts.

Obtain Application information. For websites built using the open-source website construction system, obtain the used programs and versions

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.