友链
导航
These are the good times in your life,
so put on a smile and it'll be alright
友链
导航
Set-Cookie: QINGCLOUDELB=d334b8ab0a713149235f07da34c40471ab7e48fb3972913efd95d72fe838c4fb|WbeHH|WbeHH; path=/ Set-Cookie: QINGCLOUDELB=165e4274d6090771b096025ed82d52a1ab7e48fb3972913efd95d72fe838c4fb|WbeHG|WbeHG; path=/
User-agent: * Disallow: /
nmap 192.168.1.100 –PN –sT –sV –p0-65535
要注意线上前端代码压缩时去除 注释、console.log
就是抓包,观察的意思
可以用 zaproxy/zaproxy 扫一遍
类似 OTG-INFO-002。可以根据以下方法测试:
工具的话 chrome 的 Wappalyzer - Identify technologies on websites 好用
查到框架后,查框架的漏洞可以用:CVE security vulnerability database. Security vulnerabilities, exploits, references and more