当前位置:网站首页>[network security] network asset collection
[network security] network asset collection
2022-07-02 15:33:00 【Penguin jumping stairs】
What are network assets ?
Network assets are mainly computers ( Or communication ) Various devices used in the network . It mainly includes the host 、 Network devices ( Router 、 Switches etc. ) And safety equipment ( Firewall, etc ).
origin
The term "network assets" comes from Robert, an American information technology pioneer · Metcalf invented the Ethernet .1973 year , Robert · Metcalf invented a standard for information connection , So that computers at different distances can connect with each other , This kind of network was called Ethernet ( Now the World Wide Web ). When using this network , Customers must buy network cards . Network owners want to get more benefits from using the network , The use scale of network cards must reach a certain number , That is, the value of the network depends on the number of network connection servers and the number of network users . The underlying principle is : The cost of network usage is related to the number of network cards used ; Or say , The value of the network is directly proportional to the square of the number of network users . This kind of network effect based on the number of network users , Called network assets .
How do we collect ?
When we get the site that needs to be tested , We need to collect as much information about network assets as possible in the following ways .
Using plug-ins
Google plug-in unit Wappalyzer
Here we use the webmaster's home as a test website
We can see the server after the plug-in is installed 、web frame 、js The library and other information are displayed , This is how we use this plug-in . Through this plug-in, we can know the version of the website and find some version vulnerabilities for verification .
Using the website
lookup ip
2.What's that site running? | Netcraft
Bypass cdn Inquire about ip
c Segment query
Subdomain query
whois Inquire about
Webmaster Tools - Home of stationmaster
fofa Website information collection
grammar :
title="beijing"
Search for... From the title “ Beijing ”
header="elastic"
from http Search in the head “elastic”
body=" Cyberspace mapping "
from html Search the text for “ Cyberspace mapping ”
fid="sSXXGNUO2FefBTcCLIT/2Q=="
Find the same website fingerprint
Search site type assets
domain="qq.com"
Search the root domain with qq.com Website .
icp=" Beijing ICP Prove 030173 Number "
Find the record No “ Beijing ICP Prove 030173 Number ” Website
Search site type assets
js_name="js/jquery.js"
Find sites that contain js/jquery.js The assets of the
Search site type assets
js_md5="82ac3f14327a8b7ba49baa208d4eaa15"
lookup js The source code matches the asset
cname="ap21.inst.siteforce.com"
lookup cname by "ap21.inst.siteforce.com" Website
cname_domain="siteforce.com"
lookup cname contain “siteforce.com” Website
icon_hash="-247388890"
Search using this icon The assets of the
Limited to FOFA Senior members use
host=".gov.cn"
from url Mid search ”.gov.cn”
Search with host As name
port="6379"
Find corresponding “6379” Port assets
ip="1.1.1.1"
from ip Search in contains “1.1.1.1” Website
Search with ip As name
ip="220.181.111.1/24"
Inquire about IP by “220.181.111.1” Of C Segment assets
status_code="402"
The query server status is “402” The assets of the
Query website type data
protocol="quic"
Inquire about quic Agreement assets
Search for the specified protocol type ( Valid when port scanning is turned on )
country="CN"
Search for specific countries ( code ) The assets of the .
region="Xinjiang"
Search for assets in a specified Administrative Region .
city="Ürümqi"
Search for assets in a specified city .
cert="baidu"
Search for certificates (https perhaps imaps etc. ) With medium baidu The assets of the .
cert.subject="Oracle Corporation"
The search certificate holder is Oracle Corporation The assets of the
cert.issuer="DigiCert"
The search certificate issuer is DigiCert Inc The assets of the
cert.is_valid=true
Verify that the certificate is valid ,true It works ,false Invalid
Limited to FOFA Senior members use
jarm="2ad...83e81"
Search for JARM The fingerprint
banner="users" && protocol="ftp"
Search for FTP Agreement with users Assets of text .
type="service"
Search all agreement assets , Support subdomain and service Two kinds of
Search all agreement assets
os="centos"
Search for CentOS assets .
server=="Microsoft-IIS/10"
Search for IIS 10 The server .
app="Microsoft-Exchange"
Search for Microsoft-Exchange equipment
after="2017" && before="2017-10-01"
Time range search
asn="19551"
Search assignments asn The assets of the .
org="LLC Baxet"
Search assignments org( organization ) The assets of the .
base_protocol="udp"
Search assignments udp The assets of the agreement .
-
is_fraud=falsenew
Exclude counterfeiting / Fraud data
-
is_honeypot=false
Exclude honeypot data
Limited to FOFA Senior members use
is_ipv6=true
Search for ipv6 The assets of the
Search for ipv6 The assets of the , We only accept true and false.
is_domain=true
Search for domain name assets
Search for domain name assets , We only accept true and false.
port_size="6"
Query the number of open ports equal to "6" The assets of the
Limited to FOFA Member use
port_size_gt="6"
The number of open ports queried is greater than "6" The assets of the
Limited to FOFA Member use
port_size_lt="12"
The number of query open ports is less than "12" The assets of the
Limited to FOFA Member use
ip_ports="80,161"
Search open at the same time 80 and 161 Port of ip
Search open at the same time 80 and 161 Port of ip assets ( With ip Asset data in units )
ip_country="CN"
Search for Chinese ip assets ( With ip Asset data in units ).
Search for Chinese ip assets
ip_region="Zhejiang"
Search for ip assets ( With ip Asset data in units ).
Search for assets in a specified Administrative Region
ip_city="Hangzhou"
Search for the ip assets ( With ip Asset data in units ).
Search for assets in a specified city
ip_after="2021-03-18"
Search for 2021-03-18 After the ip assets ( With ip Asset data in units ).
Search for 2021-03-18 After the ip assets
ip_before="2019-09-09"
Search for 2019-09-09 Former ip assets ( With ip Asset data in units ).
Search for 2019-09-09 Former ip assets
shodan Network information collection
grammar :
port port
product The software or product used
os Type of operating system
version: Search for the specified software version , for example version:"1.3.2"
net: Search for the specified IP Address or subnet , for example net:"110.43.140.0/24"
html.title Webpage title
http.html Web content
http.server http Request returned server The type of
http.status http The status of the request return response code
hostname Host type
http.favicon.hash icon Corresponding hash
vuln CVE Hole number , for example :vuln:CVE-2014-0723
country: Search for a specific country , for example country:"CN"
city: Search for a specific city , for example city:"Beijing"
org: Search for a specific organization or company , for example org:"google"
isp: Search for the specified ISP supplier , for example isp:"China Telecom"
zoomeye Zhong Kui's eyes
Logical operations
Location
Certificate search
IP And domain name information related search
Fingerprint related search
Time node interval search
Other searches
utilize Google grammar
Google grammar
1、site: Specify domain name
2、inurl: Search the URL you need
3、allintext: A character in the body is a keyword search
4、allintitle: Title Search
5、define: words
6、filetype: File in specified format
7、info: Basic information of the website
8、link: View connections
utilize an instrument
Subdomain excavator
Mitsurugi
Polar bear scanner
Summary
The breadth of information collection represents the depth in the whole process of network detection , Information collection is the most important preparation
边栏推荐
- 04_ 栈
- 【LeetCode】876-链表的中间结点
- Recommended configuration of tidb software and hardware environment
- Markdown tutorial
- There are 7 seats with great variety, Wuling Jiachen has outstanding product power, large humanized space, and the key price is really fragrant
- Semantic segmentation learning notes (1)
- Practice of compiling principle course -- implementing an interpreter or compiler of elementary function operation language
- [solution] educational codeforces round 82
- How to find a sense of career direction
- 6.12 critical moment of Unified Process Platform
猜你喜欢
How to find a sense of career direction
2022 年辽宁省大学生数学建模A、B、C题(相关论文及模型程序代码网盘下载)
6.12 critical moment of Unified Process Platform
LeetCode刷题——验证二叉树的前序序列化#331#Medium
Map introduction
06_栈和队列转换
Mavn builds nexus private server
Solve the problem of frequent interruption of mobaxterm remote connection
05_ queue
Tidb data migration tool overview
随机推荐
Kibana basic operation
SQL stored procedure
MySQL calculate n-day retention rate
03_ Linear table_ Linked list
How to choose a third-party software testing organization for automated acceptance testing of mobile applications
List set & UML diagram
Bing. Com website
folium,确诊和密接轨迹上图
党史纪实主题公益数字文创产品正式上线
Solve the problem of frequent interruption of mobaxterm remote connection
Common English abbreviations for data analysis (I)
folium地图无法显示的问题,临时性解决方案如下
10_Redis_geospatial_命令
Leetcode question brushing - parity linked list 328 medium
Case introduction and problem analysis of microservice
Tidb hybrid deployment topology
16_Redis_Redis持久化
JVM architecture, classloader, parental delegation mechanism
07_ Hash
Data analysis thinking analysis methods and business knowledge - business indicators