{"id":13796846,"url":"https://github.com/7dog7/bottleneckosmosis","last_synced_at":"2025-05-13T00:31:10.512Z","repository":{"id":39170569,"uuid":"189933243","full_name":"7dog7/bottleneckOsmosis","owner":"7dog7","description":"瓶颈渗透,web渗透,red红队,fuzz param,注释,js字典,ctf","archived":false,"fork":false,"pushed_at":"2022-07-20T01:49:00.000Z","size":319,"stargazers_count":700,"open_issues_count":0,"forks_count":89,"subscribers_count":17,"default_branch":"master","last_synced_at":"2024-10-26T11:31:53.323Z","etag":null,"topics":["ctf","dict","fuzz","scan","scanner"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/7dog7.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2019-06-03T04:16:06.000Z","updated_at":"2024-10-23T13:48:25.000Z","dependencies_parsed_at":"2022-07-12T17:45:08.503Z","dependency_job_id":null,"html_url":"https://github.com/7dog7/bottleneckOsmosis","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/7dog7%2FbottleneckOsmosis","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/7dog7%2FbottleneckOsmosis/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/7dog7%2FbottleneckOsmosis/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/7dog7%2FbottleneckOsmosis/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/7dog7","download_url":"https://codeload.github.com/7dog7/bottleneckOsmosis/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225159882,"owners_count":17430204,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ctf","dict","fuzz","scan","scanner"],"created_at":"2024-08-03T23:01:16.591Z","updated_at":"2024-11-18T10:31:40.471Z","avatar_url":"https://github.com/7dog7.png","language":"Python","funding_links":[],"categories":["\u003ca id=\"8c5a692b5d26527ef346687e047c5c21\"\u003e\u003c/a\u003e收集"],"sub_categories":[],"readme":"# 瓶颈渗透\r\n\r\n## 1.JS文件字典 (持续压迫前端工程师给我提供)\r\n\r\n使用技巧:\r\n\u003e 比如我们渗透一个后台系统，查看源码，分析公共js目录，后台管理js目录。  \r\n\u003e 当得到路径就可以进行爆破探测文件是否存在，如果存在快速捕获接口进行测试SQLI,未授权访问  \r\n\u003e 当毫无思路得情况下，根据js文件分析网站后台大概结构，根据变量名，文件名进行深度猜测。  \r\n\r\n## 2.FUZZ参数字典  \r\n\r\n使用技巧:\r\n\u003e初始化字典地址:https://github.com/TheKingOfDuck/fuzzDicts/edit/master/paramDict/parameter.txt  \r\n\u003e如http://127.0.0.1/1.php ,视为可疑文件，进行fuzz param 选择GET,POST AND (POST JSON) AND (GET Route) AND cookie param\r\n\r\n## 3.ScanAnnotation注释扫描谷歌插件 \r\n\r\n使用技巧:\r\n\u003e谷歌浏览器，进入扩展程序开启开发者模式，选择加载已解压的扩展程序  \r\n\u003e谷歌应用商店: https://chrome.google.com/webstore/detail/scanannotation/gejiegnodfccfhagbeaopeffcdbcgfef?hl=zh-CN (切换账户上架谷歌平台)  \r\n\u003e后续更新支持webpack注释扫描(__随缘更新__)\r\n\r\n\u003e通过注释可以发现一些利用的内容，有的程序员喜欢写上这个是什么功能,你就可以猜出后台或者隐藏的功能，有的还会贴上后台地址啥，配置文件内网域名各种吧。ctf也可以辅助一下哦！\r\n\r\n## 4.js,jq,vue,react,angluar 快速提取api and param\r\n\u003e 正在研究\r\n\u003e 参考资料:https://github.com/GerbenJavado/LinkFinder （基本是同个功能还有谷歌插件）  \r\n\u003e 参考资料:https://github.com/p1g3/JSINFO-SCAN （递归式寻找域名和api）  \r\n\u003e 近期发现Vue.js devtools,Augury,React Developer Tools等谷歌插件,如js代码没有进行变态处理，可以直接使用获取路由  \r\n\r\n## 5.WEB前端的渲染艺术 \r\n\u003e 参考资料:https://mp.weixin.qq.com/s/AfGkqO0O087W24wHgUVs-g  \r\n\r\n## 6.manifest遍历JS文件\r\n\u003e 通过manifest.xxx.js 自动猜测 app.xxx.js  \r\n\u003e 使用方式: manifest_find_js.py https://xxxx.com/pc/js/manifest.e90b779b12a4f25606f0.js app  \r\n\u003e app是文件名可自定义  \r\n\r\n## 7.chunk加载\r\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F7dog7%2Fbottleneckosmosis","html_url":"https://awesome.ecosyste.ms/projects/github.com%2F7dog7%2Fbottleneckosmosis","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F7dog7%2Fbottleneckosmosis/lists"}