快速定位内网web资产进行安全检查

一般情况下去做检查,客户可能资产不全甚至没有的时候。一般时间比较急的情况下,不急可以忽略。

一般漏洞扫描设备或者虚拟机扫描(铱迅或者绿盟漏扫等)的同时手工进行web测试。

  1. 使用 webfinder 3.2 (范世强博客有)(这个优先,很方便找出内网web资产)

2 使用 masscantonmap (这个慢点,但可以提取web和识别服务)

常见端口:这个是在内网扫描到的保存的端口。

10003,10050,10051,10061,10080,10081,10086,1010,10443,1080,10801,10802,1090,1099,10999,110,111,11211,1158,11931,12056,12292,123,12443,1246,12945,13,1311,13256,13306,135,1352,13529,1354,137,139,14005,14161,143,1433,1443,15040,1521,16010,16080,161,1648,16672,17,17000,17020,17024,17061,1720,17201,1721,1722,1726,17443,17536,17961,17999,18002,18003,18006,18007,1801,18023,18024,18025,18041,18051,18052,18053,18054,18055,18056,18057,18058,18062,18071,18080,18081,18082,18086,18088,18092,18225,18264,1883,19,1905,1908,19089,1922,1935,1936,1937,19694,1999,2001,2004,20048,2012,20124,2013,2014,2015,20160,20164,20180,20181,2019,2020,2049,20720,2082,2087,2095,2096,21,2103,2105,2107,2122,21378,21422,21808,2181,2182,21878,21999,22,22022,2222,22222,23,2323,2324,2325,2326,2327,2328,2329,2331,2334,2375,2379,23792,2380,2383,23943,2480,25,25774,264,2669,27001,27002,27003,27004,27005,27006,27007,27008,27009,27017,28001,28017,28080,28081,28082,28110,28111,2888,28883,28884,28899,29001,300,3000,30001,3128,31695,32306,32812,3306,3333,33344,3389,33899,34037,350,38080,38081,3888,389,39788,39950,39951,39952,39953,3999,4000,4009,4040,4100,42,4201,4243,43832,441,44122,442,443,4430,4431,4433,444,4443,449,4505,4567,465,47001,4711,4712,48080,48081,48443,4848,4888,49152,49153,49154,49155,49156,49157,49158,49159,49160,49161,49162,49163,49164,49165,49166,49167,49168,49169,49170,49172,49173,49174,49175,49177,49179,49388,49555,4993,5000,50010,50022,50223,51001,5104,5108,51111,512,513,514,51593,5222,52273,5239,52667,53,53316,53503,5432,5520,555,5555,55580,5601,5632,5656,57533,5800,58080,58226,58422,5900,59000,5901,591,593,59551,5985,5986,6000,60001,60002,6001,60010,6002,6004,60088,60089,60443,60446,6060,6080,61111,61591,61623,61624,61680,61681,6200,62131,62133,62170,62171,62173,62200,62251,63426,63513,6379,64059,6443,65328,6543,67,68,6802,6886,69,6999,7,7000,7001,7002,7003,7005,7006,7008,7010,7011,7012,7020,7021,7050,7051,7053,7054,7070,7071,7080,7171,7272,7322,7396,7443,7474,7480,7530,7630,7777,80,8000,8001,8003,8006,8008,8009,801,8010,8014,8016,8019,8020,8021,8033,8037,8041,8043,8060,8065,8069,8070,8075,808,8080,8081,8082,8083,8084,8085,8086,8087,8088,8089,8090,8091,8099,81,8100,8105,8110,8118,8123,8143,8172,8180,8181,8182,82,8201,8207,8222,8243,8280,8281,8282,832,8333,8383,84,843,8443,8444,8445,85,8500,8512,8521,8585,86,8600,8680,8681,87,8719,8720,873,8777,88,8800,8818,8834,886,888,8880,8881,8882,8883,8884,8885,8886,8888,8889,8898,89,8906,8983,8992,8996,8998,90,9000,9001,9002,9003,9004,9005,9006,9007,9008,9043,9060,9066,9080,9081,9090,9091,9092,9093,9094,9100,9115,9127,9191,9200,9203,9300,9443,9445,9500,9643,97,9700,9722,9800,981,993,995,9981,9994,9997,9998

webport:

,443
,48080
,48081
,48443
,4848
,4888
,7000
,7001
,7002
,7003
,7005
,7006
,7008
,7010
,7011
,7012
,7020
,7021
,7050
,7051
,7053
,7054
,7070
,7071
,7080
,7171
,7272
,7322
,7396
,7443
,7474
,7480
,7530
,7630
,7777
,80
,8000
,8001
,8003
,8006
,8008
,8009
,801
,8010
,8014
,8016
,8019
,8020
,8021
,8033
,8037
,8041
,8043
,8060
,8065
,8069
,8070
,8075
,808
,8080
,8081
,8082
,8083
,8084
,8085
,8086
,8087
,8088
,8089
,8090
,8091
,8099
,81
,8100
,8105
,8110
,8118
,8123
,8143
,8172
,8180
,8181
,8182
,82
,8201
,8207
,8222
,8243
,8280
,8281
,8282
,832
,8333
,8383
,84
,843
,8443
,8444
,8445
,85
,8500
,8512
,8521
,8585
,86
,8600
,8680
,8681
,87
,8719
,8720
,873
,8777
,88
,8800
,8818
,8834
,886
,888
,8880
,8881
,8882
,8883
,8884
,8885
,8886
,8888
,8889
,8898
,89
,8906
,8983
,8992
,8996
,8998
,90
,9000
,9001
,9002
,9003
,9004
,9005
,9006
,9007
,9008
,9043
,9060
,9066
,9080
,9081
,9090
,9091
,9092
,9093
,9094
,9100
,9115
,9127
,9191
,9200
,9203
,9300
,9443
,9445
,9500
,9643
,9700
,9722
,9800
,9981
,9994
,9997
,9998

masscantonmap 这个工具可以分享一份吗

https://github.com/7dog7/masscan_to_nmap linux下用,最好识别防火墙可以把开放端口数达到50个值还改小一点。

谢谢师傅

github应该有吧