diff --git a/README.md b/README.md index 1cdc1f0..94e7a08 100644 --- a/README.md +++ b/README.md @@ -36,6 +36,7 @@ Web安全相关的知识比较杂,在这里完成了一个简单的整理, ### Generate HTML ```shell -$ sudo pip install sphinx sphinx-rtd-theme +$ sudo pip install sphinx +$ sudo pip install sphinx-rtd-theme $ make html ``` \ No newline at end of file diff --git a/make.bat b/make.bat index 6d16131..937e3a4 100644 --- a/make.bat +++ b/make.bat @@ -13,7 +13,6 @@ set SPHINXPROJ=pdoc if "%1" == "" goto help -%SPHINXBUILD% >NUL 2>NUL if errorlevel 9009 ( echo. echo.The Sphinx module was not found. Make sure you have Sphinx installed, diff --git a/source/basic/info/linux.rst b/source/basic/info/linux.rst index 7d64cf1..77e2774 100644 --- a/source/basic/info/linux.rst +++ b/source/basic/info/linux.rst @@ -13,7 +13,7 @@ uname -n 系统主机名字 uname -m Linux内核架构 cat /proc/version 内核信息 cat /proc/cpuinfo CPU信息 -cat /etc/*-release 发布信息 +cat /etc/\*-release 发布信息 cat /etc/issue 发布信息 hostname 主机名 df -a 文件系统信息 @@ -90,15 +90,15 @@ ls -la /etc/cron* 计划任务 网络、路由和通信 -------------------------------- -===================== ===================== -命令 作用 -===================== ===================== -/sbin/ifconfig -a 列出网络接口信息 -cat /etc/network/interfaces 列出网络接口信息 -arp -a 查看系统arp表 -route 打印路由信息 -cat /etc/resolv.conf 查看dns配置信息 -netstat -an 打印本地端口开放信息 -iptables -L 列出iptable的配置规则 -cat /etc/services 查看端口服务映射 -===================== ===================== \ No newline at end of file +============================= ===================== +命令 作用 +============================= ===================== +/sbin/ifconfig -a 列出网络接口信息 +cat /etc/network/interfaces 列出网络接口信息 +arp -a 查看系统arp表 +route 打印路由信息 +cat /etc/resolv.conf 查看dns配置信息 +netstat -an 打印本地端口开放信息 +iptables -L 列出iptable的配置规则 +cat /etc/services 查看端口服务映射 +============================= ===================== \ No newline at end of file diff --git a/source/basic/tools/download.rst b/source/basic/tools/download.rst index b5fa02e..7bd8406 100644 --- a/source/basic/tools/download.rst +++ b/source/basic/tools/download.rst @@ -43,4 +43,4 @@ curl 正则 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - 文件名 ``curl ftp://example.com/file[1-100].txt`` -- 域名 ``curl http://site.{one,two,three}.com`` \ No newline at end of file +- 域名 ``curl http://site.{one,two,three}.com`` diff --git a/source/basic/tools/index.rst b/source/basic/tools/index.rst index 85b67f3..624daaa 100644 --- a/source/basic/tools/index.rst +++ b/source/basic/tools/index.rst @@ -7,4 +7,5 @@ download traffic + sniffing list \ No newline at end of file diff --git a/source/basic/tools/list.rst b/source/basic/tools/list.rst index 61de99c..2a3fd03 100644 --- a/source/basic/tools/list.rst +++ b/source/basic/tools/list.rst @@ -22,6 +22,7 @@ - `BeEF `_ - `XSS Reciver `_ - `Brute XSS `_ + - `DSXS `_ - 社工 - `theHarvester `_ diff --git a/source/basic/tools/sniffing.rst b/source/basic/tools/sniffing.rst new file mode 100644 index 0000000..e624d39 --- /dev/null +++ b/source/basic/tools/sniffing.rst @@ -0,0 +1,13 @@ +嗅探工具 +================================ + +Nmap +-------------------------------- + +- ``-sL`` List Scan - simply list targets to scan +- ``-sn/-sP`` Ping Scan - disable port scan +- ``-Pn`` Treat all hosts as online -- skip host discovery +- ``-sS/sT/sA/sW/sM`` TCP SYN/Connect()/ACK/Window/Maimon scans +- ``-sU`` UDP Scan +- ``-sN/sF/sX`` TCP Null, FIN, and Xmas scans +- ``-sV`` Probe open ports to determine service/version info \ No newline at end of file diff --git a/source/vuln/csrf.rst b/source/vuln/csrf.rst index 6a8d978..0d54bfe 100644 --- a/source/vuln/csrf.rst +++ b/source/vuln/csrf.rst @@ -36,17 +36,16 @@ XMLHttpRequest 防御 -------------------------------- -- 通过referer、token或者验证码来检测用户提交 -- 尽量不要在页面的链接中暴露用户隐私信息 -- 对于用户修改删除等操作最好都使用post操作 +- 通过CSRF-token或者验证码来检测用户提交 +- 验证Referer/Content-Type +- 对于用户修改删除等操作最好都使用POST操作 - 避免全站通用的cookie,严格设置cookie的域 -ref - +参考链接 -------------------------------- - `demo `_ -- `Wiping Out CSRF `_ - +- `Wiping Out CSRF `_ +- `Neat tricks to bypass CSRF protection `_