网络资产识别主要有设备组件识别、应用组件识别、业务类型推断3个方面,常用的技术手段是资产指纹比对。网络资产在协议实现、网络应用等方面存在差异,如开放的端口/服务信息、banner信息、Web网页数据等,对这些差异进行特征提取可得到该资产的特征指纹,网络资产指纹库积累了大量网络资产指纹。资产指纹比对是将目标主机的特征指纹和指纹库进行匹配,从而实现资产属性识别。
那么我们可以做什么达到我们想要的服务呢?
- 举例,我要搜索某个厂商的视频监控的设备在互联网上有多少,通过测绘空间搜索出来的资产设备可以统计IP,设备ID等等信息
- 而这个时候我正好发现了这个厂商的漏洞,那可以瞬间通过测绘收集到的所有设备IP进行妙用
国内比较大的测绘平台
国外的测绘平台好像都要企业认证,国内这三个其实覆盖的范围也很广了
注意
FOFA和Zoomeye的多关键词是用
&& 连接,而360是用 AND扫描TAG订阅
可以观察到TAG的订阅链接都是如 huaikhwang.central-world.org/api/v1/trails/bolster?token=xxx 这类型的:
那我们就可以打开 https://fofa.info/ 搜索以下字段:
1"trails/bolster?token="
运气好的话就能扫出来一些端点:
比如这位冤大头大哥,怎么能把订阅链接放导航站上去呢
扫描JMS订阅
JMS的订阅形如 jmssub.net/members/getsub.php?service=xxx,那么就可以搜索以下关键字:
1"getsub.php?service="
其他玩法
比如 SSRDOG 机场订阅链接如下格式:https://no1-svip.urlapi-dodo.sbs/s?t=
所以你懂该搜什么关键字了吧:
1sbs/s?t=
又或者搜索以下关键字:
1"client-fingerprint: chrome" && "type:"
1"alterId: 0," && "port:"
随随便便就能出来很多clash或者Base64的订阅链接,进去网页可以查看源码快速寻找订阅链接哦 ~
1http://8.138.135.231:8090/api/v1/client/subscribe?token=cfa4bb997b9c9f7249497ce49cd44c7c
2http://106.75.134.95:3389/api/v1/client/subscribe?token=de53d9350b23fe5b5d404edd642f5175
3https://pool.cfip.nyc.mn/
又或者搜索以下关键字:
1"sub?target=clash&url="
1https://suc.784857.xyz/sub?target=clash&url=https%3A%2F%2Fshutiaojichang.784857.xyz%7Chttps%3A%2F%2Fbywave.784857.xyz%7Chttps%3A%2F%2Fgist.githubusercontent.com%2FMicroactive%2F0b4191e842344f062da4fbbfe76a2916%2Fraw%2FAmerica&insert=false&config=https%3A%2F%2Fraw.githubusercontent.com%2FMicroactive%2Fclash_config%2Fmaster%2Fhezu_shutiao&emoji=true&list=false&tfo=false&scv=true&fdn=false&sort=false&new_name=true
2https://api.2c.lol/sub?target=clash&url=https://raw.githubusercontent.com/go4sharing/sub/main/sub.yaml&insert=false
3https://api.wcc.best/sub?target=clash&url=https%3A%2F%2Fapi.xmancdn.com%2Fosubscribe.php%3Fsid%3D194286%26token%3DucqGqIT2WThX%26sip002%3D1&insert=false&config=https%3A%2F%2Fwww.zhangyu.zone%2Fclash%2Fconfig%2Fconfig-full.ini&exclude=Expire%7CTraffic%7C%E5%AE%9E%E9%AA%8C%7C%E6%97%A5%E7%94%A8&filename=Clash&emoji=true&list=false&tfo=false&scv=true&fdn=false&sort=false&new_name=true
4https://psub.888005.xyz/sub?target=clash&url=vless%3A%2F%2F13bea624-a52a-4f29-c5cd-9788f3d0c254%40nf.784787.xyz%3A443%3Ftype%3Dws%26security%3Dtls%26path%3D%252F%26sni%3Dnf.784787.xyz%23%25E5%258F%25B0%25E6%25B9%25BE&insert=false
5https://subscribe.jiapan.me/sub?target=clash&url=https%3A%2F%2Fmorning-surf-7cc4.panmax.workers.dev%7Chttps%3A%2F%2Fjmssub.net%2Fmembers%2Fgetsub.php%3Fservice%3D25928%26id%3Dd244607b-91ac-4755-8481-0deb03f89e97%7Chttps%3A%2F%2Fdoata.net%2Flink%2FlZj8Pqe3MvcMTe4l%3Fclash%3D1&insert=false&config=https%3A%2F%2Fraw.githubusercontent.com%2FACL4SSR%2FACL4SSR%2Fmaster%2FClash%2Fconfig%2FACL4SSR_Online_Full.ini&emoji=true&list=false&tfo=false&scv=false&fdn=false&sort=false&new_name=true
6https://url.v1.mk/sub?target=clash&url=ss%3A%2F%2FYWVzLTI1Ni1nY206OUpLWldrcDVZVlZkaGZ3TkAxMDcuMTgyLjE4OS4xMToxMDA3NQ%23JMS-1090597%40c26s1.portablesubmarines.com%3A10075%7Css%3A%2F%2FYWVzLTI1Ni1nY206OUpLWldrcDVZVlZkaGZ3TkA5Ni40NS4xOTEuMTU6MTAwNzU%23JMS-1090597%40c26s2.portablesubmarines.com%3A10075%7Cvmess%3A%2F%2FeyJwcyI6IkpNUy0xMDkwNTk3QGMyNnMzLnBvcnRhYmxlc3VibWFyaW5lcy5jb206MTAwNzUiLCJwb3J0IjoiMTAwNzUiLCJpZCI6ImY2N2NkMmY5LTRlMTAtNGU5OC1hZTA5LTNjNGFmYjExODg0NSIsImFpZCI6MCwibmV0IjoidGNwIiwidHlwZSI6Im5vbmUiLCJ0bHMiOiJub25lIiwiYWRkIjoiMTk4LjE4MS4zNy4xNzMifQ%7Cvmess%3A%2F%2FeyJwcyI6IkpNUy0xMDkwNTk3QGMyNnM0LnBvcnRhYmxlc3VibWFyaW5lcy5jb206MTAwNzUiLCJwb3J0IjoiMTAwNzUiLCJpZCI6ImY2N2NkMmY5LTRlMTAtNGU5OC1hZTA5LTNjNGFmYjExODg0NSIsImFpZCI6MCwibmV0IjoidGNwIiwidHlwZSI6Im5vbmUiLCJ0bHMiOiJub25lIiwiYWRkIjoiMjMuMTA2LjEyOS4yMzEifQ%7Cvmess%3A%2F%2FeyJwcyI6IkpNUy0xMDkwNTk3QGMyNnM1LnBvcnRhYmxlc3VibWFyaW5lcy5jb206MTAwNzUiLCJwb3J0IjoiMTAwNzUiLCJpZCI6ImY2N2NkMmY5LTRlMTAtNGU5OC1hZTA5LTNjNGFmYjExODg0NSIsImFpZCI6MCwibmV0IjoidGNwIiwidHlwZSI6Im5vbmUiLCJ0bHMiOiJub25lIiwiYWRkIjoiMTA0LjI0NS4xMDEuMTMxIn0%7Cvmess%3A%2F%2FeyJwcyI6IkpNUy0xMDkwNTk3QGMyNnM4MDEucG9ydGFibGVzdWJtYXJpbmVzLmNvbToxMDA3NSIsInBvcnQiOiIxMDA3NSIsImlkIjoiZjY3Y2QyZjktNGUxMC00ZTk4LWFlMDktM2M0YWZiMTE4ODQ1IiwiYWlkIjowLCJuZXQiOiJ0Y3AiLCJ0eXBlIjoibm9uZSIsInRscyI6Im5vbmUiLCJhZGQiOiIyMy44My4yMjkuNCJ9%7Css%3A%2F%2FYWVzLTI1Ni1nY206OUpLWldrcDVZVlZkaGZ3TkAxMDcuMTgyLjE4OS4xMToxMDA3NQ%23JMS-1090597%40c26s1.portablesubmarines.com%3A10075%7Css%3A%2F%2FYWVzLTI1Ni1nY206OUpLWldrcDVZVlZkaGZ3TkA5Ni40NS4xOTEuMTU6MTAwNzU%23JMS-1090597%40c26s2.portablesubmarines.com%3A10075%7Cvmess%3A%2F%2FeyJwcyI6IkpNUy0xMDkwNTk3QGMyNnMzLnBvcnRhYmxlc3VibWFyaW5lcy5jb206MTAwNzUiLCJwb3J0IjoiMTAwNzUiLCJpZCI6ImY2N2NkMmY5LTRlMTAtNGU5OC1hZTA5LTNjNGFmYjExODg0NSIsImFpZCI6MCwibmV0IjoidGNwIiwidHlwZSI6Im5vbmUiLCJ0bHMiOiJub25lIiwiYWRkIjoiMTk4LjE4MS4zNy4xNzMifQ%7Cvmess%3A%2F%2FeyJwcyI6IkpNUy0xMDkwNTk3QGMyNnM0LnBvcnRhYmxlc3VibWFyaW5lcy5jb206MTAwNzUiLCJwb3J0IjoiMTAwNzUiLCJpZCI6ImY2N2NkMmY5LTRlMTAtNGU5OC1hZTA5LTNjNGFmYjExODg0NSIsImFpZCI6MCwibmV0IjoidGNwIiwidHlwZSI6Im5vbmUiLCJ0bHMiOiJub25lIiwiYWRkIjoiMjMuMTA2LjEyOS4yMzEifQ%7Cvmess%3A%2F%2FeyJwcyI6IkpNUy0xMDkwNTk3QGMyNnM1LnBvcnRhYmxlc3VibWFyaW5lcy5jb206MTAwNzUiLCJwb3J0IjoiMTAwNzUiLCJpZCI6ImY2N2NkMmY5LTRlMTAtNGU5OC1hZTA5LTNjNGFmYjExODg0NSIsImFpZCI6MCwibmV0IjoidGNwIiwidHlwZSI6Im5vbmUiLCJ0bHMiOiJub25lIiwiYWRkIjoiMTA0LjI0NS4xMDEuMTMxIn0%7Cvmess%3A%2F%2FeyJwcyI6IkpNUy0xMDkwNTk3QGMyNnM4MDEucG9ydGFibGVzdWJtYXJpbmVzLmNvbToxMDA3NSIsInBvcnQiOiIxMDA3NSIsImlkIjoiZjY3Y2QyZjktNGUxMC00ZTk4LWFlMDktM2M0YWZiMTE4ODQ1IiwiYWlkIjowLCJuZXQiOiJ0Y3AiLCJ0eXBlIjoibm9uZSIsInRscyI6Im5vbmUiLCJhZGQiOiIyMy44My4yMjkuNCJ9&insert=false&config=https%3A%2F%2Fraw.githubusercontent.com%2FACL4SSR%2FACL4SSR%2Fmaster%2FClash%2Fconfig%2FACL4SSR_Online_Full_NoAuto.ini&emoji=true&list=false&xudp=false&udp=false&tfo=false&expand=true&scv=false&fdn=false&new_name=true
又或者搜索以下关键字:
1"api/v1/client/subscribe?token="
1https://kaochang.best/api/v1/client/subscribe?token=0f1b556ca850578819910658cee70115
2http://64.181.242.230/api/v1/client/subscribe?token=73e997b680c5d9fdcf49f90aab395341
3https://mojie.info/api/v1/client/subscribe?token=0f679c0566ccfa8548bf1ac7b993a5cf
4https://www.okanc.net/api/v1/client/subscribe?token=6d81be48d10877494ca82902ebecd4eb
5https://api.911tg3rs.com/api/verify?token=b973d46aa42ba38e0ba569e0810c68b3
最后最后提示一下:GitHub也能搜索公开的资源哦
那我们是不是可以去GitHub上面搜索某一个机场的订阅链接,比如关键词:
1TAG AND 订阅
搜到订阅链接之后就可以通过链接规则继续深入搜索咯
这个只是一个抛砖引玉,网络空间的测绘各种方法可以有各种妙用的哦
结语
最近这几天墙太厉害了,甚至把我主页、博客等等的全墙掉了。节点也是惨不忍睹,不飘红的实际感觉延迟都能有数秒往上。随着大家的防范意识越来越强,网上那些fofa扫clash订阅的,一搜一个不出声。然后我发现了这个蠢方法,照着订阅的格式去平台上搜,简单粗暴,反正总有些二百五不重视这个东西。当然我还在找有没有更好的方法,可惜这段时间脑子有点不够用,以后再仔细研究研究咯