# 信息搜集

a. 服务器的相关信息（真实ip，系统类型，版本，开放端口，WAF等）

b. 网站指纹识别（包括，cms，cdn，证书等），dns记录

c. whois信息，姓名，备案，邮箱，电话反查（邮箱丢社工库，社工准备等）

d. 子域名收集，旁站查询(有授权可渗透)，C段等

e. google hacking针对化搜索，pdf文件，中间件版本，弱口令扫描等

f. 扫描网站目录结构，爆后台，网站banner，测试文件，备份等敏感文件泄漏等

i. 传输协议，通用漏洞，exp，github源码等


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://ctfbook.ph0en1x.com/web/xin-xi-sou-ji.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.