- The Guide to Finding and Reporting Web Vulnerabilities
- About the Author
- About the Tech Reviewer
- Foreword
- Introduction
- Who This Book Is For
- What Is In This Book
- Happy Hacking!
- 1 Picking a Bug Bounty Program
- 2 Sustaining Your Success
- 3 How the Internet Works
- 4 Environmental Setup and Traffic Interception
- 5 Web Hacking Reconnaissance
- 6 Cross-Site Scripting
- 7 Open Redirects
- 8 Clickjacking
- 9 Cross-Site Request Forgery
- 10 Insecure Direct Object References
- 11 SQL Injection
- 12 Race Conditions
- 13 Server-Side Request Forgery
- 14 Insecure Deserialization
- 15 XML External Entity
- 16 Template Injection
- 17 Application Logic Errors and Broken Access Control
- 18 Remote Code Execution
- 19 Same-Origin Policy Vulnerabilities
- 20 Single-Sign-On Security Issues
- 21 Information Disclosure
- 22 Conducting Code Reviews
- 23 Hacking Android Apps
- 24 API Hacking
- 25 Automatic Vulnerability Discovery Using Fuzzers
A Note on Recon APIs
Many of the tools mentioned in this chapter have APIs that allow you to integrate their services into your applications and scripts. We’ll talk about APIs more in Chapter 24 , but for now, you can think of APIs as endpoints you can use to query a service’s database. Using these APIs, you can query recon tools from your script and add the results to your recon report without visiting their sites manually.
本章提到的很多工具都有 API,可以让你将它们的服务集成到你的应用和脚本中。我们会在第 24 章更深入地介绍 API,但现在你可以将它们看作是你可以用来查询服务数据库的端点。使用这些 API,你可以从你的脚本中查询反侦察工具,并将结果添加到你的反侦察报告中,而不需要手动访问它们的网站。
For example, Shodan has an API ( https://developer.shodan.io/ ) that allows you to query its database. You can access a host’s scan results by accessing this URL: https://api.shodan.io/shodan/host/{ip}?key={YOUR_API_KEY} . You could configure your bash script to send requests to this URL and parse the results . LinkedIn also has an API ( https://www.linkedin.com/developers/ ) that lets you query its database. For example, you can use this URL to access information about a user on LinkedIn: https://api.linkedin.com/v2/people/{PERSON ID}. The Censys API ( https://censys.io/api ) allows you to access certificates by querying the endpoint https://censys.io/api/v1 .
例如,Shodan 具有 API(https://developer.shodan.io/),可以让您查询其数据库。您可以通过访问此 URL: https://api.shodan.io/shodan/host/{ip}?key={YOUR_API_KEY}来访问主机的扫描结果。您可以配置 Bash 脚本以向此 URL 发送请求并解析结果。 LinkedIn 还具有 API(https://www.linkedin.com/developers/),可让您查询其数据库。例如,您可以使用此 URL 来访问 LinkedIn 上用户的信息:https://api.linkedin.com/v2/people/{PERSON ID}。 Censys API(https://censys.io/api)允许您通过查询端点 https://censys.io/api/v1 来访问证书。
Other tools mentioned in this chapter, like BuiltWith, Google search, and GitHub search, all have their own API services. These APIs can help you discover assets and content more efficiently by integrating third-party tools into your recon script. Note that most API services require you to create an account on their website to obtain an API key , which is how most API services authenticate their users. You can find information about how to obtain the API keys of popular recon services at https://github.com/lanmaster53/recon-ng-marketplace/wiki/API-Keys/ .
本章提到的其他工具,如 BuiltWith、Google 搜索和 GitHub 搜索,都有自己的 API 服务。 这些 API 可以通过将第三方工具集成到您的搜寻脚本中,帮助您更有效地发现资产和内容。请注意,大多数 API 服务都需要您在其网站上创建帐户以获取 API 密钥,这是大多数 API 服务对其用户进行身份验证的方式。您可以在 https://github.com/lanmaster53/recon-ng-marketplace/wiki/API-Keys/中找到有关如何获取流行搜寻服务 API 密钥的信息。
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论