ç§ãã¡ã®åå
ããã«ã¯ Burp Suite ãå«ãŸããŠããŸããããããšãã®äŸ¿å©ãªãã©ã°ã€ã³ã«ã€ããŠã¯å¥ã®åºçç©ãããããšã«æ³šæããŠãã ããã
å 容ïŒ
-
ã¢ã㺠-
代æ¿DNS -
ã¢ã¯ã¢ããŒã³ -
MassDNS -
nsec3map -
äŒç€Ÿã®Acunetix -
ãã£ã¬ã¯ããªæ€çŽ¢ -
ãã㌠-
ãµãµãµ -
ãŽãã¹ã¿ãŒ -
ã¢ã«ãžã¥ã³ -
ãªã³ã¯ãã¡ã€ã³ã㌠-
JSParser -
sqlmap -
NoSQLããã -
oxml_xxe -
tplmap -
CeWL -
ãŠã£ãŒã¯ãã¹ -
AEM_ããã«ãŒ -
ãžã§ãŒã ã¹ãã£ã³ -
WPScan
ã¢ããº
çžäºæ¥ç¶ããããããã¯ãŒã¯ ã»ã°ã¡ã³ããšèªåŸã·ã¹ãã çªå·ãæ€åºããããã«ãAmass ã¯éçšäžã«ååŸãã IP ã¢ãã¬ã¹ã䜿çšããŸãã èŠã€ãã£ããã¹ãŠã®æ å ±ã¯ããããã¯ãŒã¯ ãããã®æ§ç¯ã«äœ¿çšãããŸãã
é·æïŒ
- æ
å ±åéææ³ã«ã¯æ¬¡ã®ãããªãã®ããããŸãã
* DNS - ãµããã¡ã€ã³ã®èŸæžæ€çŽ¢ããã«ãŒããã©ãŒã¹ ãµããã¡ã€ã³ãèŠã€ãã£ããµããã¡ã€ã³ã«åºã¥ãçªç¶å€ç°ã䜿çšããã¹ããŒãæ€çŽ¢ããªããŒã¹ DNS ã¯ãšãªããŸãŒã³è»¢éãªã¯ãšã¹ã (AXFR) ãå¯èœãª DNS ãµãŒããŒã®æ€çŽ¢ã* ãªãŒãã³ãœãŒã¹æ€çŽ¢ - AskãBaiduãBingãCommonCrawlãDNSNDBãDNSDumpsterãDNSTableãDogpileãExaleadãFindSubdomainsãGoogleãIPv4InfoãNetcraftãPTRArchiveãRidddlerãSiteDossierãThreatCrowdãVirusTotalãYahoo;
* TLS 蚌ææžããŒã¿ããŒã¹ãæ€çŽ¢ - CensysãCertDBãCertSpotterãCrtshãEntrust;
* æ€çŽ¢ãšã³ãžã³ API ã®äœ¿çš - BinaryEdgeãBufferOverãCIRCLãHackerTargetãPassiveTotalãRobtexãSecurityTrailsãShodanãTwitterãUmbrellaãURLScan;
* ã€ã³ã¿ãŒããã Web ã¢ãŒã«ã€ãã®æ€çŽ¢: ArchiveItãArchiveTodayãArquivoãLoCArchiveãOpenUKArchiveãUKGovArchiveãWayback;
- Maltego ãšã®çµ±åã
- DNS ãµããã¡ã€ã³ãæ€çŽ¢ããã¿ã¹ã¯ãæãå®å šã«ã«ããŒããŸãã
çæïŒ
- amass.netdomains ã«ã¯æ³šæããŠãã ãããamass.netdomains ã¯ãèå¥ãããã€ã³ãã©ã¹ãã©ã¯ãã£å ã®ãã¹ãŠã® IP ã¢ãã¬ã¹ã«æ¥ç¶ããDNS éåŒãæ€çŽ¢ãš TLS 蚌ææžãããã¡ã€ã³åãååŸããããšããŸãã ããã¯ã泚ç®ãéãããææ³ã§ãããææ»å¯Ÿè±¡ã®çµç¹ã«ãããè«å ±æŽ»åãæããã«ããå¯èœæ§ããããŸãã
- ã¡ã¢ãªæ¶è²»éãé«ããããŸããŸãªèšå®ã§æ倧 2 GB ã® RAM ãæ¶è²»ããå¯èœæ§ããããããå®äŸ¡ãª VDS äžã®ã¯ã©ãŠãã§ãã®ããŒã«ãå®è¡ããããšã¯ã§ããŸããã
代æ¿DNS
é·æïŒ
- 倧èŠæš¡ãªããŒã¿ã»ããã§ããŸãæ©èœããŸãã
ã¢ã¯ã¢ããŒã³
é·æïŒ
- åºåã«ãããä»ã®ããŒã«ãããã«äœ¿çšãããšãã«äœ¿çšãããšäŸ¿å©ãªãã¡ã€ã«ãšãã©ã«ããŒã®ã°ã«ãŒããäœæãããŸãã
* åéãããã¹ã¯ãªãŒã³ã·ã§ãããšé¡äŒŒåºŠå¥ã«ã°ã«ãŒãåãããåçã¿ã€ãã«ãå«ã HTML ã¬ããŒãã* Web ãµã€ããèŠã€ãã£ããã¹ãŠã® URL ãå«ããã¡ã€ã«ã
* çµ±èšãšããŒãžããŒã¿ãå«ããã¡ã€ã«;
* èŠã€ãã£ãã¿ãŒã²ããããã®å¿çããããŒãå«ããã¡ã€ã«ãå«ãŸãããã©ã«ããŒã
* èŠã€ãã£ãã¿ãŒã²ããããã®å¿çã®æ¬æãå«ããã¡ã€ã«ãå«ãŸãããã©ã«ããŒã
* èŠã€ãã£ã Web ãµã€ãã®ã¹ã¯ãªãŒã³ã·ã§ãã;
- Nmap ããã³ Masscan ããã® XML ã¬ããŒãã®æäœããµããŒãããŸãã
- ãããã¬ã¹ Chrome/Chromium ã䜿çšããŠã¹ã¯ãªãŒã³ã·ã§ãããã¬ã³ããªã³ã°ããŸãã
çæïŒ
- äŸµå ¥æ€ç¥ã·ã¹ãã ã®æ³šç®ãéããå¯èœæ§ããããããèšå®ãå¿ èŠã§ãã
ãã®ã¹ã¯ãªãŒã³ã·ã§ããã¯ãDNS ãµããã¡ã€ã³æ€çŽ¢ãå®è£
ãããŠãã aquatone ã®å€ãããŒãžã§ã³ (v0.5.0) ã® XNUMX ã€ã§æ®åœ±ããããã®ã§ãã å€ãããŒãžã§ã³ã¯æ¬¡ã®å Žæã«ãããŸãã
MassDNS
é·æïŒ
- é«é - 350 ç§ããã XNUMX äžä»¶ä»¥äžã®ååã解決ã§ããŸãã
çæïŒ
- MassDNS ã¯ã䜿çšäžã® DNS ãªãŸã«ããŒã«é倧ãªè² è·ãåŒãèµ·ããå¯èœæ§ãããããã®çµæããããã®ãµãŒããŒã®çŠæ¢ã ISP ãžã®èŠæ ã«ã€ãªããå¯èœæ§ããããŸãã ããã«ãäŒç€Ÿã® DNS ãµãŒããŒãååšãã解決ããããšããŠãããã¡ã€ã³ãæ åœããŠããå Žåã¯ãäŒç€Ÿã«å€§ããªè² è·ãããããŸãã
- ãªãŸã«ããŒã®ãªã¹ãã¯çŸåšå€ããã®ã§ãããå£ãã DNS ãªãŸã«ããŒãéžæããæ°ããæ¢ç¥ã®ãªãŸã«ããŒãè¿œå ããã°ããã¹ãŠåé¡ãªãåäœããŸãã
ã¢ã¯ã¢ããŒã³ v0.5.0 ã®ã¹ã¯ãªãŒã³ã·ã§ãã
nsec3map
é·æïŒ
- DNSSEC ãµããŒãããŸãŒã³ã§æå¹ã«ãªã£ãŠããå Žåãæå°éã®ã¯ãšãªã§ DNS ãŸãŒã³å ã®ãã¹ããè¿ éã«æ€åºããŸãã
- çæããã NSEC3 ããã·ã¥ã解èªããããã«äœ¿çšã§ãã John the Ripper ã®ãã©ã°ã€ã³ãå«ãŸããŠããŸãã
çæïŒ
- å€ãã® DNS ãšã©ãŒã¯æ£ããåŠçãããŸããã
- NSEC ã¬ã³ãŒãã®åŠçã«ã¯èªå䞊ååã¯ãããŸãããåå空éãæåã§åå²ããå¿ èŠããããŸãã
- ã¡ã¢ãªæ¶è²»éãå€ãã
äŒç€Ÿã®Acunetix
é·æïŒ
- äœã¬ãã«ã®èª€æ€ç¥ã
- çµæã¯ã¬ããŒããšããŠãšã¯ã¹ããŒãã§ããŸãã
- ããŸããŸãªè匱æ§ã«ã€ããŠå€æ°ã®ãã§ãã¯ãå®è¡ããŸãã
- è€æ°ã®ãã¹ãã®äžŠè¡ã¹ãã£ã³ã
çæïŒ
- éè€æé€ã¢ã«ãŽãªãºã ã¯ãããŸãã (Acunetix ã¯ãç°ãªã URL ã«èªå°ããããããæ©èœãåäžã®ããŒãžãç°ãªããã®ãšã¿ãªããŸã) ããéçºè ã¯åãçµãã§ããŸãã
- å¥ã® Web ãµãŒããŒã«ã€ã³ã¹ããŒã«ããå¿ èŠããããããVPN æ¥ç¶ã䜿çšããŠã¯ã©ã€ã¢ã³ã ã·ã¹ãã ããã¹ãããããããŒã«ã« ã¯ã©ã€ã¢ã³ã ãããã¯ãŒã¯ã®åé¢ãããã»ã°ã¡ã³ãã§ã¹ãã£ãã䜿çšãããããããšãè€éã«ãªããŸãã
- ç 究äžã®ãµãŒãã¹ã¯ãããšãã°ããµã€ãäžã®åãåãããã©ãŒã ã«å€ãããæ»æãã¯ãã«ãéä¿¡ããããšã§ãã€ãºãçºçãããããã«ãã£ãŠããžãã¹ ããã»ã¹ãå€§å¹ ã«è€éã«ããå¯èœæ§ããããŸãã
- ããã¯ç¬èªã®ãœãªã¥ãŒã·ã§ã³ã§ããããããã£ãŠç¡æã®ãœãªã¥ãŒã·ã§ã³ã§ã¯ãããŸããã
ãã£ã¬ã¯ããªæ€çŽ¢
é·æïŒ
- å®éã®ã200 OKãããŒãžãšã200 OKãããŒãžãåºå¥ã§ããŸããããããŒãžãèŠã€ãããŸããããšããããã¹ãã衚瀺ãããŸãã
- ãµã€ãºãšæ€çŽ¢å¹çã®ãã©ã³ã¹ã«åªãã䟿å©ãªèŸå žãä»å±ã å€ãã® CMS ããã³ãã¯ãããžãŒ ã¹ã¿ãã¯ã«å ±éã®æšæºãã¹ãå«ãŸããŠããŸãã
- ç¬èªã®èŸæžåœ¢åŒã«ããããã¡ã€ã«ãšãã£ã¬ã¯ããªã®åæã«ãããŠåªããå¹çãšæè»æ§ãå®çŸã§ããŸãã
- 䟿å©ãªåºå - ãã¬ãŒã³ããã¹ããJSONã
- ã¹ããããªã³ã° (ãªã¯ãšã¹ãéã®äžæåæ¢) ãè¡ãããšãã§ããŸããããã¯åŒ±ããµãŒãã¹ã«ãšã£ãŠäžå¯æ¬ ã§ãã
çæïŒ
- æ¡åŒµåã¯æååãšããŠæž¡ãå¿ èŠããããŸãããäžåºŠã«å€ãã®æ¡åŒµåãæž¡ãå¿ èŠãããå Žåã«ã¯äžäŸ¿ã§ãã
- èŸæžã䜿çšããã«ã¯ãå¹çãæ倧éã«é«ããããã«ãèŸæžã Dirsearch èŸæžåœ¢åŒã«å°ãå€æŽããå¿ èŠããããŸãã
ãããŒ
é·æïŒ
- å€æ©èœ - ã¢ãžã¥ãŒã«æ§é ãçµã¿ç«ãŠã«ã¯æ°åããããŸãã
- 䟿å©ãªãã£ã«ã¿ãªã³ã°ããã³ãã¡ãžã³ã°ã¡ã«ããºã ã
- HTTP ãªã¯ãšã¹ãå ã®ä»»æã®å Žæã ãã§ãªããä»»æã® HTTP ã¡ãœããã段éçã«å®è¡ã§ããŸãã
çæïŒ
- éçºäžã§ã
ãµãµãµ
é·æïŒ
- ãã£ã«ã¿ãŒã¯ wfuzz ãã£ã«ã¿ãŒã«äŒŒãŠããããã«ãŒã ãã©ãŒã¹ãæè»ã«èšå®ã§ããŸãã
- HTTP ããããŒå€ãPOST ãªã¯ãšã¹ã ããŒã¿ãããã³ GET ãã©ã¡ãŒã¿ãŒã®ååãšå€ãå«ã URL ã®ããŸããŸãªéšåããã¡ãžã³ã°ã§ããŸãã
- ä»»æã® HTTP ã¡ãœãããæå®ã§ããŸãã
çæïŒ
- éçºäžã§ã
ãŽãã¹ã¿ãŒ
é·æïŒ
- DNS ãµããã¡ã€ã³ã®ãã«ãŒã ãã©ãŒã¹æ€çŽ¢ãšãã¡ã€ã«ããã£ã¬ã¯ããªã®ãã«ãŒã ãã©ãŒã¹æ€çŽ¢ã®äž¡æ¹ã§é«éãªæäœãå¯èœã§ãã
çæïŒ
- çŸåšã®ããŒãžã§ã³ã§ã¯ãHTTP ããããŒã®èšå®ã¯ãµããŒããããŠããŸããã
- ããã©ã«ãã§ã¯ãHTTP ã¹ããŒã¿ã¹ ã³ãŒãã®äžéš (200,204,301,302,307ãXNUMXãXNUMXãXNUMXãXNUMX) ã®ã¿ãæå¹ãšã¿ãªãããŸãã
ã¢ã«ãžã¥ã³
é·æïŒ
- äºåæ¢çŽ¢ã«ããé«éæ§ã
- GET/POST ãã©ã¡ãŒã¿ãš JSON 圢åŒã®ãã©ã¡ãŒã¿ã®ãµããŒãã
Burp Suite ã®ãã©ã°ã€ã³ãåæ§ã®åçã§åäœããŸã -
ãªã³ã¯ãã¡ã€ã³ããŒ
é·æïŒ
- éã;
- LinkFinder ãããŒã¹ã«ãã Chrome çšã®ç¹å¥ãªãã©ã°ã€ã³ããããŸãã
.
çæïŒ
- äžéœåãªæçµçµè«ã
- æéããã㊠JavaScript ãåæããŸããã
- ãªã³ã¯ãæ€çŽ¢ããããã®éåžžã«åçŽãªããžãã¯ã§ããJavaScript ãäœããã®çç±ã§é£èªåãããŠããå ŽåããŸãã¯ãªã³ã¯ãæåã«æ¬ èœããŠããŠåçã«çæãããå ŽåãäœãèŠã€ããããšãã§ããŸããã
JSParser
é·æïŒ
- JavaScript ãã¡ã€ã«ã®é«é解æã
sqlmap
é·æïŒ
- å€æ°ã®ç°ãªãæè¡ãšãã¯ãã«ã
- 誀æ€ç¥ã®æ°ãå°ãªãã
- å€ãã®åŸ®èª¿æŽãªãã·ã§ã³ãããŸããŸãªãã¯ããã¯ãã¿ãŒã²ãã ããŒã¿ããŒã¹ãWAF ããã€ãã¹ããããã®æ¹ããã¹ã¯ãªããã
- åºåãã³ããäœæããæ©èœã
- ããšãã°ãäžéšã®ããŒã¿ããŒã¹ã§ã¯ããã¡ã€ã«ã®èªåããŒã/ã¢ã³ããŒããã³ãã³ãå®è¡æ©èœ (RCE) ãªã©ã®ããŸããŸãªæäœæ©èœãæäŸãããŸãã
- æ»æäžã«ååŸãããããŒã¿ã䜿çšããããŒã¿ããŒã¹ãžã®çŽæ¥æ¥ç¶ã®ãµããŒãã
- Burp ã®çµæãå ¥åãšããŠããã¹ã ãã¡ã€ã«ãšããŠéä¿¡ã§ããŸãããã¹ãŠã®ã³ãã³ã ã©ã€ã³å±æ§ãæåã§äœæããå¿ èŠã¯ãããŸããã
çæïŒ
- ããã«é¢ããããã¥ã¡ã³ããäžè¶³ããŠãããããã«ã¹ã¿ãã€ãºããããšãããšãã°ç¬èªã®å°åæãäœæããããšã¯å°é£ã§ãã
- é©åãªèšå®ããªããšãäžå®å šãªãã§ã㯠ã»ãããå®è¡ãããããã誀解ãæãå¯èœæ§ããããŸãã
NoSQLããã
é·æïŒ
- sqlmap ãšåæ§ã«ãæœåšçãªè匱æ§ãèŠã€ããã ãã§ãªããMongoDB ã CouchDB ã«å¯Ÿããæªçšã®å¯èœæ§ããã§ãã¯ããŸãã
çæïŒ
- RedisãCassandra ã® NoSQL ã¯ãµããŒããããŠããŸããããã®æ¹åã§éçºãé²è¡äžã§ãã
oxml_xxe
é·æïŒ
- DOCXãODTãSVGãXML ãªã©ã®å€ãã®äžè¬çãªåœ¢åŒããµããŒãããŸãã
çæïŒ
- PDFãJPEGãGIF ã®ãµããŒãã¯å®å šã«ã¯å®è£ ãããŠããŸããã
- ãã¡ã€ã«ã XNUMX ã€ã ãäœæããŸãã ãã®åé¡ã解決ããã«ã¯ã次ã®ããŒã«ã䜿çšã§ããŸã
ãã»ã ãããŸããŸãªå Žæã«å€æ°ã®ãã€ããŒã ãã¡ã€ã«ãäœæãããå¯èœæ§ããããŸãã
äžèšã®ãŠãŒãã£ãªãã£ã¯ãXML ãå«ãããã¥ã¡ã³ããããŒããããšãã« XXE ããã¹ãããã®ã«åªããä»äºãããŸãã ãã ããXML 圢åŒãã³ãã©ãŒã¯ä»ã®å€ãã®å Žåã«ã䜿çšã§ããããšã«ã泚æããŠãã ãããããšãã°ãJSON ã®ä»£ããã« XML ãããŒã¿åœ¢åŒãšããŠäœ¿çšã§ããŸãã
ãããã£ãŠãå€æ°ã®ç°ãªããã€ããŒããå«ãŸãã次ã®ãªããžããªã«æ³šæããããšããå§ãããŸãã
tplmap
é·æïŒ
- å€æ°ã®ç°ãªãæè¡ãšãã¯ãã«ã
- å€ãã®ãã³ãã¬ãŒã ã¬ã³ããªã³ã° ãšã³ãžã³ããµããŒãããŸãã
- æäœãã¯ããã¯ãè±å¯ã
CeWL
é·æïŒ
- 䜿ããããã
çæïŒ
- äœåãªãã¡ã€ã³ãååŸããªãããã«ãæ€çŽ¢ã®æ·±ãã«æ³šæããå¿ èŠããããŸãã
ãŠã£ãŒã¯ãã¹
é·æïŒ
- ç¹å®ã®èŸæžãšæãäžè¬çãªãã¹ã¯ãŒããå«ãèŸæžã®äž¡æ¹ãå«ãŸããŠããŸããç¬èªã®ããŒãºã«åãããŠç¹å®ã®èŸæžãéžæã§ããŸãã
- èŸæžã¯æŽæ°ãããæ°ãããã¹ã¯ãŒããè£å ãããŸãã
- èŸæžã¯å¹çé ã«äžŠã¹ãããŠããŸãã ãªã³ã©ã€ã³ã§ã®çŽ æ©ãç·åœãæ»æãšãææ°ã®ãªãŒã¯ãå«ãèšå€§ãªèŸæžããã®ãã¹ã¯ãŒãã®è©³çŽ°ãªéžæã®äž¡æ¹ã®ãªãã·ã§ã³ãéžæã§ããŸãã
- æ©åšã®ãã¹ã¯ãŒãããã«ãŒãæ»æããã®ã«ãããæéã瀺ãèšç®ããŒã«ããããŸãã
CMS ãã§ãã¯çšã®ããŒã«ãå¥ã®ã°ã«ãŒãã«å«ããããšèããŠããŸã: WPScanãJoomScanãAEM hackerã
AEM_ããã«ãŒ
é·æïŒ
- å ¥åã«éä¿¡ããã URL ã®ãªã¹ããã AEM ã¢ããªã±ãŒã·ã§ã³ãèå¥ã§ããŸãã
- JSP ã·ã§ã«ãããŒãããã SSRF ãå©çšã㊠RCE ãååŸããããã®ã¹ã¯ãªãããå«ãŸããŠããŸãã
ãžã§ãŒã ã¹ãã£ã³
é·æïŒ
- æ§æäžã®æ¬ é¥ã管çèšå®ã®åé¡ãèŠã€ããããšãã§ããŸãã
- Joomla ã®ããŒãžã§ã³ãšé¢é£ããè匱æ§ããåæ§ã«åã ã®ã³ã³ããŒãã³ãã«ã€ããŠãªã¹ãããŸãã
- Joomla ã³ã³ããŒãã³ãã® 1000 ãè¶ ãããšã¯ã¹ããã€ããå«ãŸããŠããŸãã
- æçµã¬ããŒããããã¹ãããã³ HTML 圢åŒã§åºåããŸãã
WPScan
é·æïŒ
- å®å šã§ãªã WordPress ãã©ã°ã€ã³ãšããŒãããªã¹ãããã ãã§ãªãããŠãŒã¶ãŒãš TimThumb ãã¡ã€ã«ã®ãªã¹ããååŸããããšãã§ããŸãã
- WordPress ãµã€ãã«å¯ŸããŠãã«ãŒã ãã©ãŒã¹æ»æãå®è¡ã§ããã
çæïŒ
- é©åãªèšå®ããªããšãäžå®å šãªãã§ã㯠ã»ãããå®è¡ãããããã誀解ãæãå¯èœæ§ããããŸãã
äžè¬ã«ãäœæ¥ã«äœ¿çšããããŒã«ã¯äººã«ãã£ãŠç°ãªããŸãããããã¯ããããç¬èªã®æ¹æ³ã§åªããŠããããã人ã奜ããã®ãå¥ã®äººã«ã¯ãŸã£ããåããªãå¯èœæ§ããããŸãã ç§ãã¡ãããã€ãã®åªãããŠãŒãã£ãªãã£ãäžåœã«ç¡èŠããŠãããšæãããå Žåã¯ãã³ã¡ã³ãã«ããã«ã€ããŠæžããŠãã ããã
åºæïŒ habr.com