fix format

fofapro · Nov 19, 2021 · 1d84e35 · 1d84e35
1 parent e71bff8
commit 1d84e35
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 1 deletion.
diff --git a/howto/howto_2.md b/howto/howto_2.md
@@ -49,11 +49,15 @@ The table above shows that most of the data is concentrated under port 10000. Po
 Search for [port:27017](https://faweb.fofa.so/result/?word=port%3A27017), you can see more than 2000 results, 27017 is a common port of MongoDB, so various Internet scanners are also paying attention.
 
 Let's take a look at the IP that cares about port 27017, which ports will also be concerned:
+
 ![related 27017](./port_27017_result.jpg)
+
 It is a common service port that Internet scanners will focus on it.
 
 Lets take a look one of them's details:
+
 ![27017 detail ip](./port_27017_ip.jpg)
+
 It is a Recyber scanner. Let's look at the behavior of several other IPs that are also scanners.
 
 Let us focus [port:49152](https://faweb.fofa.so/result/?word=port%3A49152) again, choose an IP:
@@ -267,8 +271,10 @@ Finally, we switch to  [clickhouse](https://clickhouse.com/), a database special
 
 ## Visualization of results
 
-After collecting all the IP information and categorizing it into the new analysis database, you can perform higher-level analysis of IP information, such as using Faweb to view [45.146.164.110](https://faweb.fofa.so/ip_detail/? ip=45.146.164.110):
+After collecting all the IP information and categorizing it into the new analysis database, you can perform higher-level analysis of IP information, such as using Faweb to view [45.146.164.110](https://faweb.fofa.so/ip_detail/?ip=45.146.164.110):
+
 ![45.146.164.110](45.146.164.110.png)
+
 The data shows that 45.146.164.110 accessed multiple protocols without port scan, so it is speculated that it may be a protocol analysis tool. From the ports and protocol line charts, the number of protocol identification accesses increases as the detected ports increases. From the http_url list, it tries to identify several web applications.
 
 Let’s look at another IP [220.174.25.172](https://faweb.fofa.so/ip_detail/?ip=220.174.25.172):

diff --git a/howto/howto_CN_2.md b/howto/howto_CN_2.md
@@ -49,17 +49,22 @@
 
 在[faweb中搜索port:27017](https://faweb.fofa.so/result/?word=port%3A27017),能看到有2000多条结果，
 27017是mongodb的常用端口，因此各家的互联网扫描引擎也比较关注。
+
 再看看关心27017端口的ip还会关心哪些端口:
+
 ![related 27017](./port_27017_result.jpg)
 
 基本上是互联网扫描器会关心的常见服务端口。
 
 来看下其中的一个ip:
 ![27017 detail ip](./port_27017_ip.jpg)
+
 它是recyber的一个扫描器。再看其它几个ip也是扫描器的行为。
 
 再看看[port:49152](https://faweb.fofa.so/result/?word=port%3A49152), 其中一个ip:
+
 ![167.248.133.18](./167.248.133.18.png)
+
 看rdns信息，应该是censys的ip地址，再看看它关心的端口列表，找几个端口,比如50995, 20201, 40000, 17777, 47001, 49152,来看看各个互联网扫描平台上有多少条独立ip的收录:
 
 | 端口/平台      |     50995 |     20201 | 40000     |   17777 |     47001 | 49152     |