当前位置:首页 > 报告详情

隐藏在显而易见之处——利用注释代码和网页元数据进行网站研究.pdf

上传人: 可*** 编号:991956 2025-12-07 27页 2.18MB

1、Hidden in Plain SiteLeverage Commented Code and Web Metadata for Website ResearchCristopher Uglea,Founder,No Nonsense IntelligenceFebruary 2025Summary1.Hidden website data2.Findings from OSINT research3.Automating data collection4.More findings from OSINT researchNo Nonsense IntelligenceAbout meCris

2、topher Uglea,Founder,No Nonsense Intelligence OSINT FOCUS AREAS:due diligence and corporate investigationsuserOSINT-shell:$whoami JUDISDICTIONS:01 Asia(Chinese speaking)02 EU(particularly Romania)EXPERIENCE:01 4 years investigations firm in Hong Kong02 3 years running IT and due diligence firmNo Non

3、sense IntelligenceI use this term to refer to information about a webpage that isnt visible in the browsers display-and can only be found in the source code.1.Hidden website data Its basically a collection of commented code,metadata and file-based clues.No Nonsense IntelligenceTypes of hidden dataTy

4、pePotential OSINT ApplicationsHTML CommentsCan reveal hidden information,like developer notes,removed content,or comments that expose sensitive details.File namesFile paths and names(e.g.,.pdf,.doc,.xls)may reveal sensitive data like creation dates,authors,or locations.Root filesFiles(/robots.txt,/s

5、itemap.xml,/ads.txt etc.)that give information on the sites structure,security policies,and other technical details.Meta tagsContain page descriptions,keywords,and social media preview data.Outdated tags can reveal abandoned projects or legacy information.HTML attributesProvides metadata about the p

6、age,such as language,framework,software versions,or technologies in use.JavaScript commentsInformation about debugging,old features,or developer notes that reveal functionality or vulnerabilities.Can reveal the background of the developers.JSON-LDDisplays structured data such as the organizations co

word格式文档无特别注明外均可编辑修改,预览文件经过压缩,下载原文更清晰!
三个皮匠报告文库所有资源均是客户上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作商用。
根据报告的内容,全文主要内容概括如下: 1. **隐藏网站数据**:涉及评论代码、元数据和文件线索,如HTML注释、文件名、根文件、元标签、HTML属性、JavaScript注释和JSON-LD。 2. **OSINT研究发现**:通过HTML注释发现前员工信息、关键管理人员、产品广告、公司所有权和合作伙伴关系等。 3. **自动化数据收集**:介绍HTML Inspector(Chrome扩展)等工具。 4. **元数据更多发现**:包括敏感信息、联系信息、所有者域名链接、安全.txt文件等。 5. **元标签和HTML属性**:揭示网站语言、框架、软件版本等技术信息。 6. **JavaScript注释和JSON-LD**:提供开发者背景信息和结构化数据。
"网站隐藏了什么?" 如何挖掘?" "评论代码里的秘密!"
客服
商务合作
小程序
服务号
折叠