*Disclaimer: All materials provided on this blog are for educational purposes only. The author and owner of these articles is not subject to any legal liability for third-party malicious use of all the content posted*

  Step 1: decide scope of activities

Security vulnerabilities are usually identifiable directly from the cource code of the organization's webpage. By identifying the domain, e.g. victim.com, and reading its source code, you may witness some security settings explicitly put on the organization's webpages in comment. [source request] After identifying the domain name, go fetch the subsidiaries, which are usually poorly-guarded and poses potential security threats to the mother site.

  Step2: network enumeration

Firstly, identify domain name & associated networks relating to particular organization. This could be easily achieved with the help of InterNIC database (https://www.internic.net/whois.html), and ARIN. We can see from the example below, we acquire all the information about the target domain's registry.

-----

  Example of a InterNIC search:

Domain Name:
Registrar:
Sponsoring Registrar IANA ID:
Whois Server:
Referral URL:
Name Server:
Name Server:
Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Updated Date:
Creation Date:
Expiration Date:

-----

...to be continue

By performing Whois seach in Kali Linux, open the terminal and type in "whois xxx.com", which initiates 'whois' search. However, many details could be hidden by WhoisGuard protected. Refer to the definition of WhoisGuard from wiki.

WhoisGuard is a privacy protection service that prevents people from seeing your name, address, phone number and email when they do a Whois search on your domain. It puts its address information to the public Whois instead of yours to protect you from potential spam and even identity theft.

The next move would definitely be how to break such privacy protection. Otherwise, we may better circumvence this by targetting the next victim.

  • solution 1: visit GxDxdxy to acquire info about real owner of that web
  • solution 2: use DomainToos (paid) to review the entire domain registry history. In case a domain has been registered as public previously, all info would be revealed. A free alternative would be Webboar.com or https://www.whois.com/whois/ [failed: domain details still not revealed]

最痛苦的是,他的privacy settings 還不能破。只好轉移到其他target shotting approaches. 在 Google dock 上暫時沒有什麼特別的發現。在轉移到Acunetix之前,先使用linux kali 本身就有的scan web vulnerabilities tools. 試試linux kali 地下的uniscan.

Linux Kali Uniscan

Syntax: # uniscan -u xxx.com(complete website address) -ds

https://en.wikipedia.org/wiki/Penetration_test

Then, follow the following commands to fetch back the report file:

~# cd/usr/share/uniscan/report
ls
xdg-open xxx.com.html

白帽子之路首章:Footprinting, TARGET ACQUISITION的更多相关文章

  1. 【阿里聚安全·安全周刊】双十一背后的“霸下-七层流量清洗”系统| 大疆 VS “白帽子”,到底谁威胁了谁?

    关键词:霸下-七层流量清洗系统丨大疆 VS "白帽子"丨抢购软件 "第一案"丨企业安全建设丨Aadhaar 数据泄漏丨朝鲜APT组织Lazarus丨31款违规A ...

  2. 读>>>>白帽子讲Web安全<<<<摘要→我推荐的一本书→1

      <白帽子讲Web安全>吴翰清著 刚开始看这本书就被这本书吸引,感觉挺不错,给大家推荐下,最近读这本书,感觉不错的精华就记录下, 俗话说>>>好脑袋不如一个烂笔头< ...

  3. 《白帽子讲Web安全》- 学习笔记

    一.为何要了解Web安全 最近加入新公司后,公司的官网突然被Google标记为了不安全的诈骗网站,一时间我们信息技术部门成为了众矢之的,虽然老官网并不是我们开发的(因为开发老官网的前辈们全都跑路了). ...

  4. 白帽子讲web安全——认证与会话管理

    在看白帽子讲web安全,刚好看到认证与会话管理:也就是我们在平常渗透测试中遇到最多的登录页面,也即是用户名和密码认证方式,这是最常见的认证方式. 了解两个概念:认证和授权 1):认证的目的是为了认出用 ...

  5. 白帽子讲web安全读后感

    又是厚厚的一本书,为了不弄虚做假,只得变更计划,这一次调整为读前三章,安全世界观,浏览器安全和xss.其它待用到时再专门深入学习. 吴翰清是本书作者,icon是一个刺字,圈内人称道哥.曾供职于阿里,后 ...

  6. 参加:白帽子活动-赠三星(SAMSUNG) PRO....

    参加:白帽子活动-—赠三星(SAMSUNG) PRO.... Everybody~小i在这里提前祝大家国庆假期愉快,咱们期待已久的国庆活动终于开始拉,下面进入正题,恩,很正的题! 活动地址:http: ...

  7. C蛮的全栈之路-序章 技术栈选择与全栈工程师

    目录 C蛮的全栈之路-序章 技术栈选择与全栈工程师C蛮的全栈之路-node篇(一) 环境布置C蛮的全栈之路-node篇(二) 实战一:自动发博客 博主背景 985院校毕业,至今十年C++开发工作经验, ...

  8. 白帽子讲web安全——一个安全解决方案的诞生细节

    1.白帽子:做安全的人.主要做的事,防御,是制定一套解决攻击的方案.而不是只是解决某个漏洞. 2.黑帽子:现在说的黑客.让web变的不安全的人.利用漏洞获取特权.主要做的事,攻击,组合各种方法利用漏洞 ...

  9. python白帽子/黑客/实战编程教程

    Python搜索爬虫抓取超高清视频教程_第一期Python搜索爬虫抓取超高清视频教程_第二期Python搜索爬虫抓取视频教程_第三期Python搜索爬虫抓取视频教程_第四期Python搜索引擎爬虫抓取 ...

随机推荐

  1. 【翻译】旧技术成就新勒索软件,Petya添加蠕虫特性

    原文链接:https://blogs.technet.microsoft.com/mmpc/2017/06/27/new-ransomware-old-techniques-petya-adds-wo ...

  2. java数组中取出最大值

    class Demo{ public static void main(String []args){ int[] arr={3,54,456,342,2798}; int max=getMax(ar ...

  3. Linux搭建SVN服务器(服务端)

    Linux搭建SVN服务器(服务端) 1 安装SVN SVN客户端:TortoiseSVN,官网下载:https://tortoisesvn.net/downloads.html(客户端) # yum ...

  4. PHP数组按引用传递

    <?php /**PHP数组按引用传递**/ $arr = array( array('id' => 1, 'name' => 'name1'), array('id' => ...

  5. 如何用VMware打开vmdk文件

    vmdk文件是一个虚拟机备份文件!你可以在vmware新建一个任何类型的虚拟机,命名为“test”,在“我的文档”找到vmware的虚拟机目录“test”,在"test"目录中可以 ...

  6. JAVA程序员成长历程(二)

    提几个方向可以去尝试下: 1.订阅一些牛人的博客,这里面包括技术,学习,生活等等.不一定学技术,他们的经验都会让人受益匪浅. 我经常看的: 唐巧,IOS程序员.http://blog.devtang. ...

  7. 如何使用LIBSVM,从安装到基本实例使用

    1.在eclipse上安装libsvm 下载libsvm压缩包解压到本地目录,下载地址http://www.csie.ntu.edu.tw/~cjlin/libsvm/index.html 如图: 2 ...

  8. (cljs/run-at (JSVM. :all) "一起实现柯里化")

    前言  习惯了Ramda.js就会潜意识地认为函数均已柯里化,然后就可以随心所欲的用函数生成函数,或者使用compose组合多个函数来生成一个新函数.如下 const f = a => b =& ...

  9. OSX MacVim + vim-lldb配置和使用心得

    Mac里面默认的编译器是clang/clang++ 所以debugger就选择了lldb 想搭配MacVim一起使用,于是就找到了vim-lldb这个插件,相当强大   这个插件支持Vundle,所以 ...

  10. 一款好用的绘图软件gnuplot

    漂亮的图片在一篇报告中是必不可少的.这里推荐一款绘图软件Gnuplot. Gnuplot是一种免费分发的绘图工具,可以移植到各种主流平台,无论是在Linux还是在Windows都易于安装使用.最新的版 ...