V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
V2EX 提问指南
mantianyu
V2EX  ›  问与答

有哪些方法判断一个网站的架构?

  •  
  •   mantianyu · 2014-03-01 18:23:40 +08:00 · 4380 次点击
    这是一个创建于 3947 天前的主题,其中的信息可能已经有所发展或是发生改变。
    服务器版本啊, 框架啊, 后台语言啊, 数据库啊啥的
    15 条回复    1970-01-01 08:00:00 +08:00
    yangg
        1
    yangg  
       2014-03-01 18:44:19 +08:00
    You are looking for "BuiltWith Technology Profiler"?
    Mutoo
        2
    Mutoo  
       2014-03-01 18:47:00 +08:00
    chrome有个插件可以做一些基本的识别
    https://chrome.google.com/webstore/detail/chrome-sniffer/homgcnaoacgigpkkljjjekpignblkeae

    高级的技巧可以参考 《google hacking 技术手册》通过检索一些报错页发现一些蛛丝马迹
    Ever
        3
    Ever  
       2014-03-01 18:49:22 +08:00
    招聘信息.
    miniwade514
        4
    miniwade514  
       2014-03-01 19:42:41 +08:00 via Android
    @Ever 哈哈,想法很独特
    mantianyu
        5
    mantianyu  
    OP
       2014-03-01 19:45:02 +08:00
    @Mutoo
    @yangg 我的意思就是 builtwith 用了哪些技术呢?
    sarices
        6
    sarices  
       2014-03-01 19:46:24 +08:00
    curl -I 如果没做限制的话可以看到服务器系统、开发语言、有些还能在powerby中看到开发框架,例如ThinkPHP
    chairuosen
        7
    chairuosen  
       2014-03-01 20:34:31 +08:00 via Android
    黑了自己看…
    arbipher
        8
    arbipher  
       2014-03-01 20:45:20 +08:00
    @sarices
    $ curl -I http://www.v2ex.com

    HTTP/1.1 200 OK
    Date: Sat, 01 Mar 2014 12:42:37 GMT
    Content-Type: text/html; charset=UTF-8
    Content-Length: 79344
    Connection: keep-alive
    Vary: Accept-Encoding
    Expires: -1
    Server: Galaxy/3.2.0
    Etag: "2566f8422168b9485e45c64ecd3fa5153152d0b8"
    Set-Cookie: PB3_SESSION="djJleDoyMy4yNTEuMTAwLjEzMjo1NjcyNjMzNA==|1393677757|dedb43aacb9fb1a7b4a6679fa4a68e49ae8ba0ce"; expires=Thu, 06 Mar 2014 12:42:37 GMT; Path=/
    Set-Cookie: V2EX_TAB="dGVjaA==|1393677757|d5622dff67e53292d5d91bb3d95d8a8be1386de4"; expires=Sat, 15 Mar 2014 12:42:37 GMT; Path=/
    Set-Cookie: V2EX_LANG=zhcn; Path=/
    X-V2EX-Jobs: https://www.v2edge.com/jobs/cn
    X-V2EX-CDN: https://www.v2edge.com/
    X-ORCA-Accelerator: MISS from 002.mul.sjc01.us.krill.c3edge.net

    没看到Python
    mantianyu
        9
    mantianyu  
    OP
       2014-03-01 20:59:25 +08:00
    @sarices
    @arbipher

    HTTP 响应头返回的东西和 web 服务器的配置有关系, 这些信息确实挺局限
    atom
        10
    atom  
       2014-03-01 21:08:57 +08:00
    http响应只能看到粗略的web层的系统,一个好的网站至少是SOA化的。背后庞大的core系统,只能看相关的slide分享。
    sarices
        11
    sarices  
       2014-03-01 21:12:11 +08:00
    @arbipher 看看如果XXX的话 XXX就是限定条件
    arbipher
        12
    arbipher  
       2014-03-01 21:24:26 +08:00
    @sarices 我看漏了。。。
    yingluck
        13
    yingluck  
       2014-03-01 21:37:13 +08:00
    @Ever
    @miniwade514
    黑客与画家
    Lax
        14
    Lax  
       2014-03-01 23:12:40 +08:00
    已经养成了查看招聘信息的习惯,比较准确。
    网站本身不提供招聘信息的,差异比较大,有的不值得关注,有的却会是big thing,可以搜索一下该网站的招聘,往往在一些小众的论坛有讨论。

    技术方式,如果你恰好接触过类似的技术,通过报错页和页面的源码也能分析出一些
    leafonsword
        15
    leafonsword  
       2014-03-02 11:21:53 +08:00
    相信这个是你需要的:
    *nikto -h www.baidu.com*

    - Nikto v2.1.5
    ---------------------------------------------------------------------------
    + Target IP: 115.239.210.26
    + Target Hostname: www.baidu.com
    + Target Port: 80
    + Start Time: 2014-03-02 11:20:23 (GMT8)
    ---------------------------------------------------------------------------
    + Server: BWS/1.1
    + The anti-clickjacking X-Frame-Options header is not present.
    + Uncommon header 'bduserid' found, with contents: 0
    + Uncommon header 'bdqid' found, with contents: 0xa74533af93c66ee2
    + Uncommon header 'bdpagetype' found, with contents: 1
    + Cookie BAIDUID created without the httponly flag
    + Cookie BDSVRTM created without the httponly flag
    + Cookie H_PS_PSSID created without the httponly flag
    + Server banner has changed from 'BWS/1.1' to 'Apache' which may suggest a WAF, load balancer or proxy is in place
    + No CGI Directories found (use '-C all' to force check all possible dirs)
    Use of each() on hash after insertion without resetting hash iterator results in undefined behavior, Perl interpreter: 0xfa7010 at /usr/share/nikto/plugins/LW2.pm line 1013.
    + Server leaks inodes via ETags, header found with file /robots.txt, fields: 0x767 0x4e78206ff4500
    + File/dir '/shifen/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
    + File/dir '/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
    + "robots.txt" contains 78 entries which should be manually viewed.
    + OSVDB-5737: WebLogic may reveal its internal IP or hostname in the Location header. The value is "http://www.baidu.com/search/error.html".
    + Multiple index files found: index.html, index.htm, index.php
    ...................以下省略..............................
    关于   ·   帮助文档   ·   博客   ·   API   ·   FAQ   ·   实用小工具   ·   2897 人在线   最高记录 6679   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 · 30ms · UTC 08:54 · PVG 16:54 · LAX 00:54 · JFK 03:54
    Developed with CodeLauncher
    ♥ Do have faith in what you're doing.