当前位置:网站首页>[network security] network asset collection
[network security] network asset collection
2022-07-02 15:33:00 【Penguin jumping stairs】
What are network assets ?
Network assets are mainly computers ( Or communication ) Various devices used in the network . It mainly includes the host 、 Network devices ( Router 、 Switches etc. ) And safety equipment ( Firewall, etc ).
origin
The term "network assets" comes from Robert, an American information technology pioneer · Metcalf invented the Ethernet .1973 year , Robert · Metcalf invented a standard for information connection , So that computers at different distances can connect with each other , This kind of network was called Ethernet ( Now the World Wide Web ). When using this network , Customers must buy network cards . Network owners want to get more benefits from using the network , The use scale of network cards must reach a certain number , That is, the value of the network depends on the number of network connection servers and the number of network users . The underlying principle is : The cost of network usage is related to the number of network cards used ; Or say , The value of the network is directly proportional to the square of the number of network users . This kind of network effect based on the number of network users , Called network assets .
How do we collect ?
When we get the site that needs to be tested , We need to collect as much information about network assets as possible in the following ways .
Using plug-ins
Google plug-in unit Wappalyzer
Here we use the webmaster's home as a test website
We can see the server after the plug-in is installed 、web frame 、js The library and other information are displayed , This is how we use this plug-in . Through this plug-in, we can know the version of the website and find some version vulnerabilities for verification .
Using the website
lookup ip
2.What's that site running? | Netcraft
Bypass cdn Inquire about ip
c Segment query
Subdomain query
whois Inquire about
Webmaster Tools - Home of stationmaster
fofa Website information collection
grammar :
title="beijing"
Search for... From the title “ Beijing ”
header="elastic"
from http Search in the head “elastic”
body=" Cyberspace mapping "
from html Search the text for “ Cyberspace mapping ”
fid="sSXXGNUO2FefBTcCLIT/2Q=="
Find the same website fingerprint
Search site type assets
domain="qq.com"
Search the root domain with qq.com Website .
icp=" Beijing ICP Prove 030173 Number "
Find the record No “ Beijing ICP Prove 030173 Number ” Website
Search site type assets
js_name="js/jquery.js"
Find sites that contain js/jquery.js The assets of the
Search site type assets
js_md5="82ac3f14327a8b7ba49baa208d4eaa15"
lookup js The source code matches the asset
cname="ap21.inst.siteforce.com"
lookup cname by "ap21.inst.siteforce.com" Website
cname_domain="siteforce.com"
lookup cname contain “siteforce.com” Website
icon_hash="-247388890"
Search using this icon The assets of the
Limited to FOFA Senior members use
host=".gov.cn"
from url Mid search ”.gov.cn”
Search with host As name
port="6379"
Find corresponding “6379” Port assets
ip="1.1.1.1"
from ip Search in contains “1.1.1.1” Website
Search with ip As name
ip="220.181.111.1/24"
Inquire about IP by “220.181.111.1” Of C Segment assets
status_code="402"
The query server status is “402” The assets of the
Query website type data
protocol="quic"
Inquire about quic Agreement assets
Search for the specified protocol type ( Valid when port scanning is turned on )
country="CN"
Search for specific countries ( code ) The assets of the .
region="Xinjiang"
Search for assets in a specified Administrative Region .
city="Ürümqi"
Search for assets in a specified city .
cert="baidu"
Search for certificates (https perhaps imaps etc. ) With medium baidu The assets of the .
cert.subject="Oracle Corporation"
The search certificate holder is Oracle Corporation The assets of the
cert.issuer="DigiCert"
The search certificate issuer is DigiCert Inc The assets of the
cert.is_valid=true
Verify that the certificate is valid ,true It works ,false Invalid
Limited to FOFA Senior members use
jarm="2ad...83e81"
Search for JARM The fingerprint
banner="users" && protocol="ftp"
Search for FTP Agreement with users Assets of text .
type="service"
Search all agreement assets , Support subdomain and service Two kinds of
Search all agreement assets
os="centos"
Search for CentOS assets .
server=="Microsoft-IIS/10"
Search for IIS 10 The server .
app="Microsoft-Exchange"
Search for Microsoft-Exchange equipment
after="2017" && before="2017-10-01"
Time range search
asn="19551"
Search assignments asn The assets of the .
org="LLC Baxet"
Search assignments org( organization ) The assets of the .
base_protocol="udp"
Search assignments udp The assets of the agreement .
-
is_fraud=falsenew
Exclude counterfeiting / Fraud data
-
is_honeypot=false
Exclude honeypot data
Limited to FOFA Senior members use
is_ipv6=true
Search for ipv6 The assets of the
Search for ipv6 The assets of the , We only accept true and false.
is_domain=true
Search for domain name assets
Search for domain name assets , We only accept true and false.
port_size="6"
Query the number of open ports equal to "6" The assets of the
Limited to FOFA Member use
port_size_gt="6"
The number of open ports queried is greater than "6" The assets of the
Limited to FOFA Member use
port_size_lt="12"
The number of query open ports is less than "12" The assets of the
Limited to FOFA Member use
ip_ports="80,161"
Search open at the same time 80 and 161 Port of ip
Search open at the same time 80 and 161 Port of ip assets ( With ip Asset data in units )
ip_country="CN"
Search for Chinese ip assets ( With ip Asset data in units ).
Search for Chinese ip assets
ip_region="Zhejiang"
Search for ip assets ( With ip Asset data in units ).
Search for assets in a specified Administrative Region
ip_city="Hangzhou"
Search for the ip assets ( With ip Asset data in units ).
Search for assets in a specified city
ip_after="2021-03-18"
Search for 2021-03-18 After the ip assets ( With ip Asset data in units ).
Search for 2021-03-18 After the ip assets
ip_before="2019-09-09"
Search for 2019-09-09 Former ip assets ( With ip Asset data in units ).
Search for 2019-09-09 Former ip assets
shodan Network information collection
grammar :
port port
product The software or product used
os Type of operating system
version: Search for the specified software version , for example version:"1.3.2"
net: Search for the specified IP Address or subnet , for example net:"110.43.140.0/24"
html.title Webpage title
http.html Web content
http.server http Request returned server The type of
http.status http The status of the request return response code
hostname Host type
http.favicon.hash icon Corresponding hash
vuln CVE Hole number , for example :vuln:CVE-2014-0723
country: Search for a specific country , for example country:"CN"
city: Search for a specific city , for example city:"Beijing"
org: Search for a specific organization or company , for example org:"google"
isp: Search for the specified ISP supplier , for example isp:"China Telecom"
zoomeye Zhong Kui's eyes
Logical operations
Location
Certificate search
IP And domain name information related search
Fingerprint related search
Time node interval search
Other searches
utilize Google grammar
Google grammar
1、site: Specify domain name
2、inurl: Search the URL you need
3、allintext: A character in the body is a keyword search
4、allintitle: Title Search
5、define: words
6、filetype: File in specified format
7、info: Basic information of the website
8、link: View connections
utilize an instrument
Subdomain excavator
Mitsurugi
Polar bear scanner
Summary
The breadth of information collection represents the depth in the whole process of network detection , Information collection is the most important preparation
边栏推荐
- Facing the challenge of "lack of core", how can Feiling provide a stable and strong guarantee for customers' production capacity?
- 党史纪实主题公益数字文创产品正式上线
- 工程师评测 | RK3568开发板上手测试
- How to avoid 7 common problems in mobile and network availability testing
- Bing. Com website
- Tidb cross data center deployment topology
- Case introduction and problem analysis of microservice
- FPGA - clock-03-clock management module (CMT) of internal structure of 7 Series FPGA
- How to find a sense of career direction
- Common English abbreviations for data analysis (I)
猜你喜欢
Application and practice of Jenkins pipeline
04_ Stack
微信支付宝账户体系和支付接口业务流程
飞凌嵌入式RZ/G2L处理器核心板及开发板上手评测
Leetcode skimming -- sum of two integers 371 medium
19_ Redis_ Manually configure the host after downtime
Bing. Com website
How to intercept the value of a key from the JSON string returned by wechat?
6.12 企业内部upp平台(Unified Process Platform)的关键一刻
LeetCode刷题——去除重复字母#316#Medium
随机推荐
2022 年辽宁省大学生数学建模A、B、C题(相关论文及模型程序代码网盘下载)
Custom exception
16_ Redis_ Redis persistence
高考录取分数线爬取
13_ Redis_ affair
13_Redis_事务
19_ Redis_ Manually configure the host after downtime
Storage read-write speed and network measurement based on rz/g2l | ok-g2ld-c development board
Facing the challenge of "lack of core", how can Feiling provide a stable and strong guarantee for customers' production capacity?
06_ Stack and queue conversion
Learn the method code example of converting timestamp to uppercase date using PHP
Pytorch 保存tensor到.mat文件
提前批院校名称
彻底弄懂浏览器强缓存和协商缓存
02. After containerization, you must face golang
Libcurl Lesson 13 static library introduces OpenSSL compilation dependency
Tidb hybrid deployment topology
03_ Linear table_ Linked list
08_ strand
密码学基础知识