一、不需要登录的扫描
第一步:点击WEB Scanner,输入目标域名或者IP地址,其余默认,点开start开始
![在这里插入图片描述](/article/UploadPic/2023-7/2023713172537117.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3dlaXhpbl80MDQxMjAzNw==,size_16,color_FFFFFF,t_70)
第二步:等待结果即可
![在这里插入图片描述](/article/UploadPic/2023-7/2023713172537157.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3dlaXhpbl80MDQxMjAzNw==,size_16,color_FFFFFF,t_70)
二、需要登陆的扫描
有的时候,需要登陆进去扫描网站内容
第一步:新建扫描
![在这里插入图片描述](/article/UploadPic/2023-7/2023713172537963.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3dlaXhpbl80MDQxMjAzNw==,size_16,color_FFFFFF,t_70)
第二步:输入目标IP地址,点击next
![在这里插入图片描述](/article/UploadPic/2023-7/2023713172537589.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3dlaXhpbl80MDQxMjAzNw==,size_16,color_FFFFFF,t_70)
第三步:很多模块的漏洞测试,选择默认(默认是所有漏洞都检测),点击next
![在这里插入图片描述](/article/UploadPic/2023-7/2023713172538887.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3dlaXhpbl80MDQxMjAzNw==,size_16,color_FFFFFF,t_70)
![在这里插入图片描述](/article/UploadPic/2023-7/2023713172538722.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3dlaXhpbl80MDQxMjAzNw==,size_16,color_FFFFFF,t_70)
第四步:点击录制用户名密码
![在这里插入图片描述](/article/UploadPic/2023-7/2023713172539527.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3dlaXhpbl80MDQxMjAzNw==,size_16,color_FFFFFF,t_70)
打开之后界面如下图所示,输入用户名密码,验证码
![在这里插入图片描述](/article/UploadPic/2023-7/2023713172539484.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3dlaXhpbl80MDQxMjAzNw==,size_16,color_FFFFFF,t_70)
![在这里插入图片描述](/article/UploadPic/2023-7/2023713172539573.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3dlaXhpbl80MDQxMjAzNw==,size_16,color_FFFFFF,t_70)
![在这里插入图片描述](/article/UploadPic/2023-7/2023713172540693.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3dlaXhpbl80MDQxMjAzNw==,size_16,color_FFFFFF,t_70)
点击完成
![在这里插入图片描述](/article/UploadPic/2023-7/2023713172540923.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3dlaXhpbl80MDQxMjAzNw==,size_16,color_FFFFFF,t_70)
输入用户名保存
![在这里插入图片描述](/article/UploadPic/2023-7/2023713172540969.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3dlaXhpbl80MDQxMjAzNw==,size_16,color_FFFFFF,t_70)
点击next
![在这里插入图片描述](/article/UploadPic/2023-7/2023713172540992.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3dlaXhpbl80MDQxMjAzNw==,size_16,color_FFFFFF,t_70)
正在进行登陆测试
![在这里插入图片描述](/article/UploadPic/2023-7/2023713172540131.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3dlaXhpbl80MDQxMjAzNw==,size_16,color_FFFFFF,t_70)
登陆成功如下图所示(不成功重新录制用户名、密码、验证码),点击finish完成
![在这里插入图片描述](/article/UploadPic/2023-7/2023713172540744.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3dlaXhpbl80MDQxMjAzNw==,size_16,color_FFFFFF,t_70)
完成之后,就会开始漏洞扫描,稍等片刻,便会出现扫描结果。如下图所示
![在这里插入图片描述](/article/UploadPic/2023-7/2023713172540207.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3dlaXhpbl80MDQxMjAzNw==,size_16,color_FFFFFF,t_70)
三、需要登陆扫描——用Cookie信息
原因:每次登录的时候,验证码都会更新一次,这样用第二种方法录制的验证码就不正确,登录不成功,也就扫描不了登陆后的网站存在的漏洞
第一步:登陆进后台,获取Cookie信息
![在这里插入图片描述](/article/UploadPic/2023-7/2023713172541516.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3dlaXhpbl80MDQxMjAzNw==,size_16,color_FFFFFF,t_70)
![在这里插入图片描述](/article/UploadPic/2023-7/2023713172541369.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3dlaXhpbl80MDQxMjAzNw==,size_16,color_FFFFFF,t_70)
第二步:点击NEW Scan
![在这里插入图片描述](/article/UploadPic/2023-7/2023713172541576.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3dlaXhpbl80MDQxMjAzNw==,size_16,color_FFFFFF,t_70)
第三步:写上目标IP地址
![在这里插入图片描述](/article/UploadPic/2023-7/2023713172541142.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3dlaXhpbl80MDQxMjAzNw==,size_16,color_FFFFFF,t_70)
第三步:点击Customize
![在这里插入图片描述](/article/UploadPic/2023-7/2023713172541863.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3dlaXhpbl80MDQxMjAzNw==,size_16,color_FFFFFF,t_70)
选择Custom Cookie再点击+Add Cookie
![在这里插入图片描述](/article/UploadPic/2023-7/2023713172541772.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3dlaXhpbl80MDQxMjAzNw==,size_16,color_FFFFFF,t_70)
双击填写URL与Cookie的值
![在这里插入图片描述](/article/UploadPic/2023-7/2023713172541279.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3dlaXhpbl80MDQxMjAzNw==,size_16,color_FFFFFF,t_70)
之后一路next直到flash,开始扫描,扫描结果如下图所示
![在这里插入图片描述](/article/UploadPic/2023-7/2023713172541635.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3dlaXhpbl80MDQxMjAzNw==,size_16,color_FFFFFF,t_70)
注意:
对于登录页面有验证码的,AWVS扫描的时候带入成功登录网站后的COOKIE信息进行扫描
![在这里插入图片描述](/article/UploadPic/2023-7/2023713172542504.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3dlaXhpbl80MDQxMjAzNw==,size_16,color_FFFFFF,t_70#pic_center)
对于登录页面没有验证码的,输入账号、密码进行扫描
![在这里插入图片描述](/article/UploadPic/2023-7/2023713172542959.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3dlaXhpbl80MDQxMjAzNw==,size_16,color_FFFFFF,t_70#pic_center)
更多资源:
1、web安全工具、渗透测试工具
2、存在漏洞的网站源码与代码审计+漏洞复现教程、
3、渗透测试学习视频、应急响应学习视频、代码审计学习视频、都是2019-2021年期间的较新视频
4、应急响应真实案例复现靶场与应急响应教程
|