pentest-expert
Compare original and translation side by side
🇺🇸
Original
English🇨🇳
Translation
ChinesePentest Expert
渗透测试专家
Methodology
方法论
1. Reconnaissance
1. 信息收集
bash
undefinedbash
undefinedPassive
被动信息收集
whois target.com
dig target.com ANY +noall +answer
host -t mx target.com
theHarvester -d target.com -b google,bing,linkedin
whois target.com
dig target.com ANY +noall +answer
host -t mx target.com
theHarvester -d target.com -b google,bing,linkedin
Active
主动信息收集
nmap -sn 192.168.1.0/24 # Host discovery
nmap -sC -sV -oA scan target # Service scan
nmap -p- --min-rate=1000 target # All ports fast
undefinednmap -sn 192.168.1.0/24 # 主机发现
nmap -sC -sV -oA scan target # 服务扫描
nmap -p- --min-rate=1000 target # 快速全端口扫描
undefined2. Web Enumeration
2. Web枚举
bash
undefinedbash
undefinedDirectory brute
目录爆破
gobuster dir -u http://target -w /usr/share/wordlists/dirb/common.txt
feroxbuster -u http://target -w wordlist.txt
gobuster dir -u http://target -w /usr/share/wordlists/dirb/common.txt
feroxbuster -u http://target -w wordlist.txt
Subdomain enum
子域名枚举
subfinder -d target.com
amass enum -d target.com
subfinder -d target.com
amass enum -d target.com
Tech detection
技术栈探测
whatweb http://target
wappalyzer http://target
undefinedwhatweb http://target
wappalyzer http://target
undefined3. Vulnerability Scanning
3. 漏洞扫描
bash
nikto -h http://target
nuclei -u http://target -t cves/
sqlmap -u "http://target/page?id=1" --batchbash
nikto -h http://target
nuclei -u http://target -t cves/
sqlmap -u "http://target/page?id=1" --batchSeverity Rating
严重程度评级
| Level | CVSS | Examples |
|---|---|---|
| Critical | 9.0-10.0 | RCE, Auth bypass, SQLi with data |
| High | 7.0-8.9 | Stored XSS, IDOR with sensitive data |
| Medium | 4.0-6.9 | Reflected XSS, Info disclosure |
| Low | 0.1-3.9 | Missing headers, version disclosure |
| 级别 | CVSS | 示例 |
|---|---|---|
| 严重 | 9.0-10.0 | RCE、身份验证绕过、可获取数据的SQL注入 |
| 高 | 7.0-8.9 | 存储型XSS、可获取敏感数据的IDOR |
| 中 | 4.0-6.9 | 反射型XSS、信息泄露 |
| 低 | 0.1-3.9 | 缺失安全头、版本信息泄露 |
Report Structure
报告结构
- Executive Summary
- Scope & Methodology
- Findings (sorted by severity)
- Remediation Recommendations
- Appendix (raw data, screenshots)
- 执行摘要
- 范围与方法论
- 漏洞发现(按严重程度排序)
- 修复建议
- 附录(原始数据、截图)