*Disclaimer: All materials provided on this blog are for educational purposes only. The author and owner of these articles is not subject to any legal liability for third-party malicious use of all the content posted*

  Step 1: decide scope of activities

Security vulnerabilities are usually identifiable directly from the cource code of the organization's webpage. By identifying the domain, e.g. victim.com, and reading its source code, you may witness some security settings explicitly put on the organization's webpages in comment. [source request] After identifying the domain name, go fetch the subsidiaries, which are usually poorly-guarded and poses potential security threats to the mother site.

  Step2: network enumeration

Firstly, identify domain name & associated networks relating to particular organization. This could be easily achieved with the help of InterNIC database (https://www.internic.net/whois.html), and ARIN. We can see from the example below, we acquire all the information about the target domain's registry.

-----

  Example of a InterNIC search:

Domain Name:
Registrar:
Sponsoring Registrar IANA ID:
Whois Server:
Referral URL:
Name Server:
Name Server:
Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Updated Date:
Creation Date:
Expiration Date:

-----

...to be continue

By performing Whois seach in Kali Linux, open the terminal and type in "whois xxx.com", which initiates 'whois' search. However, many details could be hidden by WhoisGuard protected. Refer to the definition of WhoisGuard from wiki.

WhoisGuard is a privacy protection service that prevents people from seeing your name, address, phone number and email when they do a Whois search on your domain. It puts its address information to the public Whois instead of yours to protect you from potential spam and even identity theft.

The next move would definitely be how to break such privacy protection. Otherwise, we may better circumvence this by targetting the next victim.

  • solution 1: visit GxDxdxy to acquire info about real owner of that web
  • solution 2: use DomainToos (paid) to review the entire domain registry history. In case a domain has been registered as public previously, all info would be revealed. A free alternative would be Webboar.com or https://www.whois.com/whois/ [failed: domain details still not revealed]

最痛苦的是,他的privacy settings 還不能破。只好轉移到其他target shotting approaches. 在 Google dock 上暫時沒有什麼特別的發現。在轉移到Acunetix之前,先使用linux kali 本身就有的scan web vulnerabilities tools. 試試linux kali 地下的uniscan.

Linux Kali Uniscan

Syntax: # uniscan -u xxx.com(complete website address) -ds

https://en.wikipedia.org/wiki/Penetration_test

Then, follow the following commands to fetch back the report file:

~# cd/usr/share/uniscan/report
ls
xdg-open xxx.com.html

白帽子之路首章:Footprinting, TARGET ACQUISITION的更多相关文章

  1. 【阿里聚安全·安全周刊】双十一背后的“霸下-七层流量清洗”系统| 大疆 VS “白帽子”,到底谁威胁了谁?

    关键词:霸下-七层流量清洗系统丨大疆 VS "白帽子"丨抢购软件 "第一案"丨企业安全建设丨Aadhaar 数据泄漏丨朝鲜APT组织Lazarus丨31款违规A ...

  2. 读>>>>白帽子讲Web安全<<<<摘要→我推荐的一本书→1

      <白帽子讲Web安全>吴翰清著 刚开始看这本书就被这本书吸引,感觉挺不错,给大家推荐下,最近读这本书,感觉不错的精华就记录下, 俗话说>>>好脑袋不如一个烂笔头< ...

  3. 《白帽子讲Web安全》- 学习笔记

    一.为何要了解Web安全 最近加入新公司后,公司的官网突然被Google标记为了不安全的诈骗网站,一时间我们信息技术部门成为了众矢之的,虽然老官网并不是我们开发的(因为开发老官网的前辈们全都跑路了). ...

  4. 白帽子讲web安全——认证与会话管理

    在看白帽子讲web安全,刚好看到认证与会话管理:也就是我们在平常渗透测试中遇到最多的登录页面,也即是用户名和密码认证方式,这是最常见的认证方式. 了解两个概念:认证和授权 1):认证的目的是为了认出用 ...

  5. 白帽子讲web安全读后感

    又是厚厚的一本书,为了不弄虚做假,只得变更计划,这一次调整为读前三章,安全世界观,浏览器安全和xss.其它待用到时再专门深入学习. 吴翰清是本书作者,icon是一个刺字,圈内人称道哥.曾供职于阿里,后 ...

  6. 参加:白帽子活动-赠三星(SAMSUNG) PRO....

    参加:白帽子活动-—赠三星(SAMSUNG) PRO.... Everybody~小i在这里提前祝大家国庆假期愉快,咱们期待已久的国庆活动终于开始拉,下面进入正题,恩,很正的题! 活动地址:http: ...

  7. C蛮的全栈之路-序章 技术栈选择与全栈工程师

    目录 C蛮的全栈之路-序章 技术栈选择与全栈工程师C蛮的全栈之路-node篇(一) 环境布置C蛮的全栈之路-node篇(二) 实战一:自动发博客 博主背景 985院校毕业,至今十年C++开发工作经验, ...

  8. 白帽子讲web安全——一个安全解决方案的诞生细节

    1.白帽子:做安全的人.主要做的事,防御,是制定一套解决攻击的方案.而不是只是解决某个漏洞. 2.黑帽子:现在说的黑客.让web变的不安全的人.利用漏洞获取特权.主要做的事,攻击,组合各种方法利用漏洞 ...

  9. python白帽子/黑客/实战编程教程

    Python搜索爬虫抓取超高清视频教程_第一期Python搜索爬虫抓取超高清视频教程_第二期Python搜索爬虫抓取视频教程_第三期Python搜索爬虫抓取视频教程_第四期Python搜索引擎爬虫抓取 ...

随机推荐

  1. docker - 启动container时出现 [warning] : ipv4 forwarding is disabled. networking will not work

    起因 今天在一台新的centos宿主机上安装docker,由于关闭了iptables,在此之后启动container的时候会出现警告: WARNING: IPv4 forwarding is disa ...

  2. PHP提取字符串中的所有汉字

    <?php $str = 'aiezu.com 爱E族, baidu.com 百度'; preg_match_all("#[\x{4e00}-\x{9fa5}]#u", $s ...

  3. 【Android Developers Training】 84. 将定期更新的影响最小化

    注:本文翻译自Google官方的Android Developers Training文档,译者技术一般,由于喜爱安卓而产生了翻译的念头,纯属个人兴趣爱好. 原文链接:http://developer ...

  4. Example005控制弹出窗口居中显示

    <!-- 实例005控制弹出窗口居中显示 --> <head> <meta charset="UTF-8"> </head> < ...

  5. MySQL基础语法命令

    1. 建表 创建MySQL数据表需要以下信息: 表名 表字段名 定义每个表字段 通用语法: CREATE TABLE table_name (column_name column_type); 实例: ...

  6. Android studio出现Error:Unable to tunnel through proxy. Proxy returns "HTTP/1.1 400 Bad Reques的解决办法

    最近更新了一下Android Studio,在导入新项目之后出现Error:Unable to tunnel through proxy. Proxy returns "HTTP/1.1 4 ...

  7. python基础(4):条件语句与循环语句

    今天我们看看条件语句与循环语句. 预习: 1.使用while循环输出1 2 3 4 5 6 8 9 10 2.求1-100的所有数的和 3.输出 1-100 内的所有奇数 4.输出 1-100 内的所 ...

  8. JS内置对象学习总结

    日期对象: 创建日期对象: var date=new Date();//创建日期对象 设置/返回年份方法: date.getFullYear(); date.setFullYear(); 返回星期的方 ...

  9. visual studio错误中断处理

    点击将错误黏贴到剪贴板,复制到文本文件中.具体错误原因即可查出.

  10. 怎么在linux Ubuntu上部署nodejs

    今天特别开心,同时也有兴趣把最近的一些工作总结一下. 第一,方便记忆. 第二, 给需要的同学做参考 node.js 在本地的话,比较容易运行,node app.js 命令就搞定,但是当需要部署到生产环 ...