The collection method of penetration test, and which methods can be used to find the real IP

Rain bamboo shoots education Xiaobian today teaches you how to find common in infiltration and collection work ip Methods ,11 There's always a trick for you .

One 、 Verify that... Exists CDN

No bypass CDN Penetration , It is highly possible that there are various cloud shields to block .

test method ： Super Ping

Related websites ：

Home of stationmaster

BOCE

explain ：

There are many similar sites , The above two are very accurate and easy to use .

If there are multiple results IP There is CDN, On the contrary, there is no .

Two 、 From subdomain

principle ： The main station did CDN, But the sub station does not

evaluation ： This method is effective , The cost is not high

Tools ： Online sub domain name mining

//z.zcjun.com/

https://phpinfo.me/domain

explain ：

Since the focus of this article is not sub domain name collection , Therefore, only a few convenient .

3、 ... and 、 From address location

principle ： The webmaster didn't do it in the city where the server is located CDN

evaluation ： The method of hearsay , I haven't tried

Four 、 Abroad Ping

principle ： The goal is not done for foreign users CDN, direct Ping Can get real IP

Tools ：

https://check-host.net/check-ping?

http://port.ping.pe/

evaluation ： The effect of this method is not very good , But the cost is low

Case study ： See a lot of foreign servers go Ping, obtain IP Are all the same , The maximum probability is true IP

5、 ... and 、 history DNS Record

Tools ：

https://viewdns.info/iphistory/?domain=

http://www.jsons.cn/nslookup/

https://securitytrails.com/domain

https://dnsdumpster.com/

https://securitytrails.com/domain/baidu.com/history/a

evaluation ： This method has good effect , But it takes time to find it

Case study ： Test domain name and 【 6、 ... and 】 identical

Can see , Latest records and 【 6、 ... and 】 The results are consistent .

6、 ... and 、 Get rid of 3W Dafa

evaluation ： This method is effective , And no cost

Case study ：https://www.xxx.com

1. Super Ping give the result as follows , There is CDN

2. When removing www when , You can get the truth IP

7、 ... and 、 Try your luck

Tools ：

https://get-site-ip.com/

evaluation ： The effect of this method is general , But no cost

Case study ： Test domain name and 【 6、 ... and 】 identical

Can see , The results are consistent .

8、 ... and 、 adopt ICO Icon hash

principle ： The picture has a unique hash , Cyberspace mapping engine will collect the whole network IP Sort and collect the information , So the information of these icons , It will naturally be collected in the target of Surveying and mapping analysis .

Tools ：FOFA

evaluation ： This method is effective

Case study ： And 【 11、 ... and 】 It's the same domain name

1. Find the ICO route

2. Fofa You can input URL, You can also upload ico picture , Convert automatically icon_hash

3. Shodan

xxxx yes icon_hash

Search syntax ：http.favicon.hash:xxxx

Nine 、 Through the mail

Take advantage of the location of useful messages in the website , For example, register to send e-mail 、 Retrieve password, send email, etc , Check the original email to find the truth IP.

Ten 、 adopt APP End

Grab through the bag grabbing tool APP Request package for , Finding truth IP.

11、 ... and 、 Pass site certificate

Case study ：

1. The required site is https Of

2. Copy serial number

3. The serial number is 16 Base number , We need to convert to 10 Base number

Online conversion tools

4. Search syntax ：cert=”xxxx”

Twelve 、SSL Certificate query

Tools ：https://censys.io/certificates?q=

evaluation ： This method has high accuracy

Case study ： domain name www.xxx.com

1. Input Syntax ： parsed.names: www.xxx.com and tags.raw: trusted

2. find IPv4 Hosts, Click in

3. You can see the first one

summary

It needs to be tried in many ways , Guarantee accuracy .

Today's penetration practice is shared here , There are many loopholes that will be shared later , Pay more attention to rain bamboo shoots Education .

source : Li tanran