Question

Now that you’ve conducted extensive reconnaissance, what should you do with the data you’ve collected? Plan your attacks by using the information you’ve gathered! Prioritize your tests based on the functionality of the application and its technology.

既然你已经进行了广泛的侦察，那么你应该如何处理收集到的数据呢？利用你所收集的信息来规划攻击计划吧！根据应用程序的功能和技术优先安排测试。

For example, if you find a feature that processes credit card numbers, you could first look for vulnerabilities that might leak the credit card numbers, such as IDORs ( Chapter 10 ). Focus on sensitive features such as credit cards and passwords, because these features are more likely to contain critical vulnerabilities. During your recon, you should be able to get a good idea of what the company cares about and the sensitive data it’s protecting. Go after those specific pieces of information throughout your bug-hunting process to maximize the business impact of the issues you discover. You can also focus your search on bugs or vulnerabilities that affect that particular tech stack you uncovered, or on elements of the source code you were able to find.

例如，如果您找到一个处理信用卡号码的功能，您可以首先寻找可能泄露信用卡号码的漏洞，比如 IDOR（第 10 章）。专注于敏感特性，如信用卡和密码，因为这些特性更有可能包含关键漏洞。在您的侦查过程中，您应该能够了解公司关心什么以及它正在保护的敏感数据。在您的漏洞测试过程中，专注于这些特定的信息，以最大化您发现问题的业务影响。您还可以将搜索重点放在影响您发现的特定技术堆栈的漏洞或漏洞，或者源代码的某些元素上。

And don’t forget, recon isn’t a one-time activity. You should continue to monitor your targets for changes. Organizations modify their system, technologies, and codebase constantly, so continuous recon will ensure that you always know what the attack surface looks like. Using a combination of bash, scheduling tools, and alerting tools, build a recon engine that does most of the work for you.

不要忘了，侦察不是一次性活动。您应该继续监视您的目标以便发现变化。组织会不断修改其系统、技术和代码库，所以持续性的侦察可以确保您始终知道攻击面的情况。使用一系列的 bash、调度工具和警报工具，构建一个侦察引擎，它可以为您完成大部分工作。