信息收集记录

信息收集记录

QQ群：397745473

环境准备

执行一键RDP

# 安装RDP
source <(curl -sL https://git.io/Jqfs7)

# 安装GO环境
curl -O https://dl.google.com/go/go1.16.3.linux-amd64.tar.gz
sudo tar -C /usr/local -xzf go1.16.3.linux-amd64.tar.gz
mkdir -p ~/go; echo "export GOPATH=$HOME/go" >> ~/.bashrc
echo "export PATH=$PATH:$HOME/go/bin:/usr/local/go/bin" >> ~/.bashrc
source ~/.bashrc

wpscan

# 安装
https://vksec.com/2020/12/17/142_debian%E5%AE%89%E8%A3%85wpscan/

# 扫描
wpscan --url https://target.com/

ffuf

git clone https://github.com/ffuf/ffuf ; cd ffuf ; go get ; go build
/home/debian/ffuf/ffuf -mc 200 -t 100 -w /home/debian/AboutSecurity/Dic/Web/File_Backup/Fuzz_bak.txt -u https://www.xxx.net:FUZZ1 
/home/debian/ffuf/ffuf -mc 200 -t 100 -w /home/debian/Filenames_or_Directories_All.txt -u https://www.xxx.net/:FUZZ1



ffuf -c -mc 200,301,302,403 -t 50 -u http://www.xxx.net/FUZZ -w dic.txt
ffuf -c -mc 200,301,302,403 -t 50 -u http://www.xxx.net/FUZZ -b "NAME1=VALUE1; NAME2=VALUE2" -w dic.txt # Cookie
  

字典: https://github.com/ffffffff0x/AboutSecurity/blob/master/README.zh-cn.md
更多参考: https://github.com/possib1e/ffuf  ffuf的一些辅助脚本
参考: https://ffffffff0x.gitbook.io/1earn/1earn/security/redteam/xin-xi-shou-ji/xin-xi-shou-ji

dirsearch

sudo apt-get install python3-pip
pip3 install dirsearch
git clone https://github.com/maurosoria/dirsearch.git

# 使用说明: 
https://vk9-sec.com/dirsearch-how-to/		
https://www.whbwiki.com/316.html

python3 dirsearch.py -u http://url.com/ -e php -x 403,301,302,500 -r -R 3 -w common.txt
python3 dirsearch.py --random-agent -r -u https://url.com/ -e php -x 403,301,302,500 -t 20
python3 dirsearch.py --random-agent -r -e php,txt,zip -u https://url.com/ -x 403,301,302,500 -t 20
python3 dirsearch.py --random-agent -r -e php,txt,zip -u http://url.com/ -x 403,301,302,500 -t 50
python3 dirsearch.py --random-agent -r -e php,txt,zip -u http://url.com/ -x 403,301,302,500 -t 50

QQ群：397745473