安全——分目录站点

最新推荐文章于 2024-09-02 08:41:59 发布
最新推荐文章于 2024-09-02 08:41:59 发布
阅读量994 收藏
点赞数
分类专栏: 笔记
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/qq_43289307/article/details/106357494
版权
  • 分目录站点

163.com
163.com/bbs
163.com/old

  1. 意义: 网站可能有多个cms,一个cms有一个渗透思路
    2 :可以通过分目录站点的渗透,链接主站点
    目录爬行工具推荐: intellitamper
    一个轻量级目录爬行工具,使用简单,扫完成后罗列出网站结构,一目了然

  2. 分端口站点

  3. Q.cn:8080

  4. Q.cn:8000

Donald duck
关注
专栏目录
网络安全——HTML基础
m0_65129142的博客
12-11 958
通用型:第三方软件、应用、系统对应的漏洞,每个使用这个软件或者应用系统的用户都存在这个漏洞,发现一个 漏洞可以封杀n多个网站 事件型:非通用型漏洞,主要指互联网上一个应用的具体漏洞,如具体到某个站点 协议 主机 端口都相同 3.提交方式method 两种方法 Get :url中直接显示,可直接看到 Post :表单方式提交,嵌套在页面内,起到保密作用 4.windows系统日志中 4624 登陆成功 4625 审核失败 5.Linux日志 最后一次登录的日志 ┌──(root���kali)-[/var/l
目录站点端口站点研究
k0sec的安全路
03-23 324
目录站点: www.xxx.com www.xxx.com/bbs www.xxx.com/old 意义: 网站可能有多个cms或框架组成,那么对于渗透而言,相当于渗透目标是多个(一个cms一个思路) 端口站点: www.zzz.com www.zzz.com:8080 www.zzz.com:8888 意义: 网站可能有多个端口或框架组成,那么对于渗透而言,相当于渗透目标是多个(一个端口一个...
路径与敏感信息发现
huitest的博客
03-10 2786
路径与敏感信息发现概述一般网站主站信息都比较少,我们需要在渗透测试过程的信息搜集阶段,我们可能会自动化工具获得来网站其他路径如:后台、其他未授权访问路径,扫描得到敏感文件的路径,从而找到敏感数据。 根据路径爆破工具进行使用与测评析工具的特点,批量访问发现的路径查找敏感路径。工具爬虫扫描得到敏感文件的路径,找到敏感数据。使用爆破工具进行破解参考工具: dirsearch:https://github.com/maurosoria/dirsearch OneForAll:https://github.com/
intellitamper.exe
08-07
这是一款很不错的扫描器,在学习中可以更好的利用。
IntelliTamper
08-26
网站漏洞扫描工具:主要应用网站漏洞扫描工具,其原理是通过工具通过对网站的代码阅读,发现其可被利用的漏洞进行告示,通过前人收集的漏洞编成数据库,根据其扫描对比做出。
扫网站后台目录工具IntelliTamper
07-29
扫网站后台目录工具IntelliTamper
Apache安全配置——禁止浏览目录列表
在路上的左一
08-09 2752
最近帮朋友维护一个网站安全漏洞,被扫描到http://www.example.com/static目录可以直接浏览,static目录下有css、js、images等静态资源,特别是uploads中有一些文件资料可以直接被访问下载,这就造成了很大的安全漏洞,我们需要想办法限制这种直接访问。...
【网络安全面试题】——文件目录穿越实现特权文件读取
请大家直接把问题写在评论区或留言,不要只说一句"你好 或 在吗",我会尽快回复的。
02-14 1262
4.7. 文件读取 考虑读取可能有敏感信息的文件 用户目录下的敏感文件 .bash_history .zsh_history .profile .bashrc .gitconfig .viminfo passwd 应用的配置文件 /etc/apache2/apache2.conf /etc/nginx/nginx.conf 应用的日志文件 /var/log/apache2/access.log /var/log/nginx/access
无线安全——蓝牙
Mark的博客
09-02 2146
无线安全——蓝牙 基础点:hciconfig hcitool scan Spooftooph是一个牛*的工具,旨在自动欺骗或克隆蓝牙信息(名称,类和地址)。欺骗蓝牙信息对于许多目的是有用的,例如将蓝牙设备隐藏在普通站点中,访问受保护的信息和观察。这是它的特点: 克隆并记录蓝牙设备信息生成随机的新蓝牙配置文件每隔X秒更改蓝牙配置文件指定蓝牙接口的设备信息从扫描日志中选择要克隆的设备注意: 要修改蓝牙适配器,必须以root权限运行spooftooth。Spooftooph提供五种使用模式: 指定NAME,C
IntelliTamper汉化版
12-01
IntelliTamper汉化版
清凉扫描工具
06-12
没有办法还是不tnt的一日l.y8ilkl.iojll;.l
intellitamper
07-26
IntelliTamper v2.0 Beta 7 (Januray-2001) ========================================= Program by Igor Kouzmine (tamper@engineer.com) Homepage : http://www.multimania.com/intellitamper Copyright (c) 1999-2001 by LaCaveProds Note : The following document hasn't been updated since IntelliTamper v2.0 Beta 4 and is quite old about new features. It will be updated soon. Table of content ---------------- 1.1 Introduction 1.2 Important notice 1.3 Legal distribution 1.4 Known limitations 1.5 Translation of program and documentation 1.6 Version history 1.7 Extras for Beta-Testers 1.8 The little ToDo list 1.1 Introduction ---------------- Tired of closing and jumping between multiple popup windows, thousands of stupid links on a single page, sites without real content and only ads, etc... ? IntelliTamper is a simple and easy-to-use program which will tell you what is really behind a website. Just type in the address, let IntelliTamper works and read the dirty pages for you, and you will be able to access the files and browse the folders like if they were on your own hard-disk ! IntelliTamper is also available to scan a website for unlisted and private files and folders with a dictionnary scan. Results are displayed in real time in the window with various informations about progression. Files and folders found are displayed in a friendly mini Windows-Explorer. If you have any suggestion or bug reports, feel free to send them to me ! 1.2 Important notice -------------------- This program has not been designed to be a web site plague tool, but it should not be used blindly on any web site. In anyway the author can not be liable of any misuse of IntelliTamper, of any data lose or any problem that could result of the use of this program. You must be aware that using this program on a web site can overload the server and slow down its normal use by others users. You must be aware that many web sites servers use heavy logs analyzers to check if nobody is trying to "hack" the site. When you use this program your IP is not masked and trying to discover hidden files or folders could be interpreted as a "hacking method"... 1.3 Legal distribution ---------------------- IntelliTamper is a freeware program, feel free to distribute it all around the world as long as the program and its files remain unmodified, apart catalog and documentation files for a translation purpose. 1.4 Known limitations --------------------- * Links in JavaScript, VisualBasicScript, etc... are not parsed at the moment and will be ignored. * Currently, the program only "reads" links in these most popular tags : - <BODY ... BACKGROUND="link"> - <A HREF="link"> - <FRAME ... SRC="link"> - <IMG SRC="link"> - <LINK ... HREF="link"> - <AREA ... HREF="link"> * When trying to discover hidden files and folders on web sites like www.yahoo.com, they will accept every name you give them, without return a 404 error code if the page doesn't exist. So the program will display all files and all folders tried even if they don't really exist on the web site. 1.5 Translation of text catalog and documentation ------------------------------------------------- IntelliTamper uses the "Catalog Concept" from LaCaveProds to allow a direct and easy translation of texts displayed in the program. I recommend you to use CatalogEditor to edit the catalog file, it's available here : http://www.multimania.com/lacave/prods/ If you have translated the catalog file and the documentation, please send them to me so they can be directly downloadable on the official homepage of IntelliTamper. 1.6 Program history ------------------- v2.0 Beta 4 (December-1999) : - Faster internal code. - Better multitasking by using multiple Threads for downloads. v2.0 Beta 3 (December-1999) : - New way to handle website address, using standard defined in HTTP standard RFC (http://www.anysite.com:1234/address/). - Many bugs killed. v2.0 Beta 2 (November-1999) : - Main window can now be resized to full screen. - Many bugs killed. Where are the next ?... v2.0 Beta 1 (September-1999) : - Full program conversion into C language. - Faster and smaller executable (without boring VB DLLs) - Many many bugs to kill... v1.1 (September-1999) : - Various optimization and better list view of found items. v1.0 (January-1999) : - First version of the program in VisualBasic 6. 1.7 Extras for Beta-Testers --------------------------- Beta-Testers should use a special version of the program which generate a detailed log file of internal activity of IntelliTamper in the C:\TEMP folder. This log file is designed to help the author to find the origins of the problems. Please do not send me too big log files without to zip them with WinZip or so on. If the program failed on a precise URL, email me this URL instead of the log file, so I can try it by myself. Thanks for your support and don't forget to join the forum ! 1.8 The little ToDo list ------------------------ Here are some future options, if you have new ideas... - Discover the real name of the default page. - Add files and folders names found in public scan to dictionnaries. - Save a full given folder to local harddisk. - Multi-selection of files to download in the files list. - Handle access to protected website needing an user name and password. ---
IntelliTamper网站目录析工具
04-24
IntelliTamper汉化版,网站目录析工具
IntelliTamper清凉汉化版IntelliTamper网站目录析工具
04-20
最新IntelliTamper清凉汉化版,强大的网站目录析工具,扫描网站源代码软件.
PHP实例开发源码——同IP站点查询代码.zip
11-25
在本资源中,我们拥有一个名为“PHP实例开发源码——同IP站点查询代码.zip”的压缩包,它包含了用于查询同一IP地址下托管的多个网站的PHP源代码。这个工具对于网络管理员、开发者或者需要析网络拓扑的人员来说非常...
网络安全售前入门09安全服务——安全加固服务
最新发布
打工人
09-02 1463
安全加固服务是参照风险评估、等保测评、安全检查等工作的结果,基于科学的安全思维方式、长期的安全服务经验积累、对行业的深刻理解、处理安全事件的最佳实践,为客户提供完善的安全加固方案,并在客户侧反馈完成加固后,提供二次评估服务,从而帮助客户达到修补信息系统脆弱性,提高系统安全性,满足相关政策法规的目的。
浏览器安全——Web页面安全&浏览器网络安全(HTTPS)&浏览器系统安全
weixin_44915595的博客
12-16 6113
一、Web页面安全 同源和跨域: 同源: 页面中最基础、最核心的安全策略:同源策略(Same-origin policy)。浏览器默认两个相同的源之间是可以相互访问资源和操作 DOM 的。 什么是同源?如果两个页面拥有相同的协议、域名和端口,那么这两个页面具有相同的源。 同源政策:是浏览器提供的一个安全功能。是为了保证用户信息的安全,防止恶意的网站窃取数据。 同源策略主要表现在 DOM、Web 数据和网络这三个层面。 第一个,DOM 层面。同源策略限制了来自不同源的 JavaScript 脚本对当前 DOM
配置Web站点与虚拟目录:从基础到安全
6. Web站点安全性:确保Web站点安全性是至关重要的。这涉及到身份验证和访问控制,比如设置IP地址和域名的访问限制,以及配置日志记录以监控和析潜在的安全问题。 7. 实际操作案例:文档中给出了一家名为DHTJT...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值