What are network assets ？

Network assets are mainly computers （ Or communication ） Various devices used in the network . It mainly includes the host 、 Network devices （ Router 、 Switches etc. ） And safety equipment （ Firewall, etc ）.

origin

The term "network assets" comes from Robert, an American information technology pioneer · Metcalf invented the Ethernet .1973 year , Robert · Metcalf invented a standard for information connection , So that computers at different distances can connect with each other , This kind of network was called Ethernet （ Now the World Wide Web ）. When using this network , Customers must buy network cards . Network owners want to get more benefits from using the network , The use scale of network cards must reach a certain number , That is, the value of the network depends on the number of network connection servers and the number of network users . The underlying principle is ： The cost of network usage is related to the number of network cards used ; Or say , The value of the network is directly proportional to the square of the number of network users . This kind of network effect based on the number of network users , Called network assets .

How do we collect ？

When we get the site that needs to be tested , We need to collect as much information about network assets as possible in the following ways .

Using plug-ins

Google plug-in unit Wappalyzer

Here we use the webmaster's home as a test website

We can see the server after the plug-in is installed 、web frame 、js The library and other information are displayed , This is how we use this plug-in . Through this plug-in, we can know the version of the website and find some version vulnerabilities for verification .

Using the website

lookup ip

1.ip Inquire about check ip Website ip Inquire about Same as ip Website query iP Anti search domain name iP Check the domain name Same as ip domain name

2.What's that site running? | Netcraft

Bypass cdn Inquire about ip

c Segment query

1. Same as IP Website query ,C Segment query ,IP Anti search domain name ,C Paragraph marginal note , Sidenote tool

Subdomain query

Online subdomain query

whois Inquire about

Webmaster Tools - Home of stationmaster

fofa Website information collection

grammar ：

title="beijing"

Search for... From the title “ Beijing ”

header="elastic"

from http Search in the head “elastic”

body=" Cyberspace mapping "

from html Search the text for “ Cyberspace mapping ”

fid="sSXXGNUO2FefBTcCLIT/2Q=="

Find the same website fingerprint

Search site type assets

domain="qq.com"

Search the root domain with qq.com Website .

icp=" Beijing ICP Prove 030173 Number "

Find the record No “ Beijing ICP Prove 030173 Number ” Website

Search site type assets

js_name="js/jquery.js"

Find sites that contain js/jquery.js The assets of the

Search site type assets

js_md5="82ac3f14327a8b7ba49baa208d4eaa15"

lookup js The source code matches the asset

cname="ap21.inst.siteforce.com"

lookup cname by "ap21.inst.siteforce.com" Website

cname_domain="siteforce.com"

lookup cname contain “siteforce.com” Website

icon_hash="-247388890"

Search using this icon The assets of the

Limited to FOFA Senior members use

host=".gov.cn"

from url Mid search ”.gov.cn”

Search with host As name

port="6379"

Find corresponding “6379” Port assets

ip="1.1.1.1"

from ip Search in contains “1.1.1.1” Website

Search with ip As name

ip="220.181.111.1/24"

Inquire about IP by “220.181.111.1” Of C Segment assets

status_code="402"

The query server status is “402” The assets of the

Query website type data

protocol="quic"

Inquire about quic Agreement assets

Search for the specified protocol type ( Valid when port scanning is turned on )

country="CN"

Search for specific countries ( code ) The assets of the .

region="Xinjiang"

Search for assets in a specified Administrative Region .

city="Ürümqi"

Search for assets in a specified city .

cert="baidu"

Search for certificates (https perhaps imaps etc. ) With medium baidu The assets of the .

cert.subject="Oracle Corporation"

The search certificate holder is Oracle Corporation The assets of the

cert.issuer="DigiCert"

The search certificate issuer is DigiCert Inc The assets of the

cert.is_valid=true

Verify that the certificate is valid ,true It works ,false Invalid

Limited to FOFA Senior members use

jarm="2ad...83e81"

Search for JARM The fingerprint

banner="users" && protocol="ftp"

Search for FTP Agreement with users Assets of text .

type="service"

Search all agreement assets , Support subdomain and service Two kinds of

Search all agreement assets

os="centos"

Search for CentOS assets .

server=="Microsoft-IIS/10"

Search for IIS 10 The server .

app="Microsoft-Exchange"

Search for Microsoft-Exchange equipment

after="2017" && before="2017-10-01"

Time range search

asn="19551"

Search assignments asn The assets of the .

org="LLC Baxet"

Search assignments org( organization ) The assets of the .

base_protocol="udp"

Search assignments udp The assets of the agreement .

-

is_fraud=falsenew

Exclude counterfeiting / Fraud data

-

is_honeypot=false

Exclude honeypot data

Limited to FOFA Senior members use

is_ipv6=true

Search for ipv6 The assets of the

Search for ipv6 The assets of the , We only accept true and false.

is_domain=true

Search for domain name assets

Search for domain name assets , We only accept true and false.

port_size="6"

Query the number of open ports equal to "6" The assets of the

Limited to FOFA Member use

port_size_gt="6"

The number of open ports queried is greater than "6" The assets of the

Limited to FOFA Member use

port_size_lt="12"

The number of query open ports is less than "12" The assets of the

Limited to FOFA Member use

ip_ports="80,161"

Search open at the same time 80 and 161 Port of ip

Search open at the same time 80 and 161 Port of ip assets ( With ip Asset data in units )

ip_country="CN"

Search for Chinese ip assets ( With ip Asset data in units ).

Search for Chinese ip assets

ip_region="Zhejiang"

Search for ip assets ( With ip Asset data in units ).

Search for assets in a specified Administrative Region

ip_city="Hangzhou"

Search for the ip assets ( With ip Asset data in units ).

Search for assets in a specified city

ip_after="2021-03-18"

Search for 2021-03-18 After the ip assets ( With ip Asset data in units ).

Search for 2021-03-18 After the ip assets

ip_before="2019-09-09"

Search for 2019-09-09 Former ip assets ( With ip Asset data in units ).

Search for 2019-09-09 Former ip assets

shodan Network information collection

grammar ：

 port               port  
product          The software or product used
os               Type of operating system
version：        Search for the specified software version , for example version:"1.3.2"
net：             Search for the specified IP Address or subnet , for example net:"110.43.140.0/24"
html.title               Webpage title
http.html            Web content
http.server         http Request returned server The type of
http.status         http The status of the request return response code
hostname               Host type
http.favicon.hash     icon Corresponding hash
vuln                   CVE Hole number , for example ：vuln：CVE-2014-0723
country：         Search for a specific country , for example country:"CN"
city：             Search for a specific city , for example city:"Beijing"
org：             Search for a specific organization or company , for example org:"google"
isp：             Search for the specified ISP supplier , for example isp:"China Telecom"

zoomeye Zhong Kui's eyes

Logical operations

  Location

  Certificate search

 IP And domain name information related search

Fingerprint related search

  Time node interval search

  Other searches

utilize Google grammar

Google grammar

1、site: Specify domain name

2、inurl: Search the URL you need

3、allintext： A character in the body is a keyword search

4、allintitle: Title Search

5、define： words

6、filetype： File in specified format

7、info： Basic information of the website

8、link： View connections

utilize an instrument

Subdomain excavator

Mitsurugi

Polar bear scanner

Summary

The breadth of information collection represents the depth in the whole process of network detection , Information collection is the most important preparation