做的很不好的网站/网站自动提交收录
目录
- 3.1、工具简介
- 3.2、后端实现代码
- 3.3、前端实现代码
3.1、工具简介
在对「靶标资产」进行渗透测试的前期,通常需要对「靶标资产」进行相关的信息收集,而对「靶标资产」进行Web指纹信息扫描也是信息收集当中很关键的一部分。
能否有效识别出「靶标资产」的Web指纹信息,主要还是取决于扫描脚本&工具内置的「指纹信息特征库」,而今天介绍的这几款常用的CMS识别「Web指纹识别」扫描脚本&工具,它们的指纹库的覆盖情况也是相对比较OK的。但在一些特殊的渗透测试环境中,还是需要根据测试情况对指纹库进行优化&规整,从而提升指纹识别的效率。
表格中列出的是一些能够在线对「靶标资产」进行Web指纹信息识别的网站,在对「单个目标」进行检测的情况下,相对工具扫描会方便快捷很多。
3.2、后端实现代码
package com.sducsrp.csrp.controller.ToolsController;import com.sducsrp.csrp.common.Constants;
import com.sducsrp.csrp.common.Result;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.bind.annotation.RestController;import java.io.BufferedReader;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.net.HttpURLConnection;
import java.net.URL;@RestController
public class CMSController {@RequestMapping("/tools/cms")public @ResponseBodyResult CMSInfo(@RequestParam("param") String param) {//传入的参数String url="http://whatweb.bugscaner.com/what.go";//post请求,返回jsonString data=sendPostRequest(url,param);//请求回来的数据System.out.println(data);Result res=new Result(Constants.CODE_200,null,data);return res;}//提交post请求,返回json数据public static String sendPostRequest(String url,String param){HttpURLConnection httpURLConnection = null;OutputStream out = null; //写InputStream in = null; //读int responseCode = 0; //远程主机响应的HTTP状态码String result="";try{URL sendUrl = new URL(url);httpURLConnection = (HttpURLConnection)sendUrl.openConnection();//post方式请求httpURLConnection.setRequestMethod("POST");//设置头部信息//一定要设置 Content-Type 要不然服务端接收不到参数httpURLConnection.setRequestProperty("Content-Type", "application/x-www-form-urlencoded; charset=UTF-8");httpURLConnection.setRequestProperty("User-Agent","Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Edg/101.0.1210.32");httpURLConnection.setRequestProperty("Referer","http://whatweb.bugscaner.com/look/");//指示应用程序要将数据写入URL连接,其值默认为false(是否传参)httpURLConnection.setDoOutput(true);httpURLConnection.setDoInput(true);//httpURLConnection.setUseCaches(false);//ttpURLConnection.setConnectTimeout(30000); //30秒连接超时//httpURLConnection.setReadTimeout(30000); //30秒读取超时//获取输出流out = httpURLConnection.getOutputStream();//输出流里写入POST参数out.write(param.getBytes());out.flush();out.close();responseCode = httpURLConnection.getResponseCode();System.out.println(responseCode);BufferedReader br = new BufferedReader(new InputStreamReader(httpURLConnection.getInputStream(),"UTF-8"));result =br.readLine();}catch(Exception e) {e.printStackTrace();}return result;}
}
3.3、前端实现代码
<template><div style="margin-top: 100px"><el-input v-model="param" style="width: 250px;margin-right: 50px" placeholder="url"></el-input><el-button @click="getCMSInfo" type="primary">Query</el-button></div><el-card style="width: 40%;height: 500px;margin-left: 30%;margin-top: 5%"><p>返回结果:</p><p>{{ myresult }}</p></el-card>
</template><script>
import request from "@/utils/request";export default {data(){return{param:'',myresult:''}},methods:{getCMSInfo(){request.get("/tools/cms",{params:{param:this.param}}).then(res =>{this.myresult=res.data})}}
}
</script>