kb: expand authorized lab coverage and intel automation

08-threat-intel/config-examples/authorized-verification-playbook.md

@@ -0,0 +1,51 @@
+# 授权验证样例
+
+> `LAB ONLY` | `AUTHORIZED TARGETS ONLY`
+
+以下命令仅用于自有资产、测试环境或已明确授权的目标。
+
+## HTTP 注入最小化验证
+
+```bash
+python3 /Users/x/websafe/01-sql-injection/tools/sqli-scanner.py \
+  -u "https://owned-lab.example.test/search?id=1"
+```
+
+## XSS 上下文与回显验证
+
+```bash
+python3 /Users/x/websafe/02-xss/tools/xss-fuzzer.py \
+  -u "https://owned-lab.example.test/search?q=test"
+```
+
+## TLS 与头部检查
+
+```bash
+python3 /Users/x/websafe/04-server-security/tls/tools/tls-scanner.py \
+  -u https://owned-lab.example.test
+```
+
+## 最小端口暴露验证
+
+```bash
+python3 /Users/x/websafe/04-server-security/scanning/tools/port-scanner.py \
+  -H owned-lab.example.test --top-ports 20
+```
+
+## 同 IP / 同证书关联分析
+
+```bash
+python3 /Users/x/websafe/04-server-security/infrastructure/tools/site-scope-mapper.py \
+  --target owned-lab.example.test --ack-authorized
+```
+
+## 手工检查 CSP / 响应头
+
+```bash
+curl -I https://owned-lab.example.test
+```
+
+## 记录要求
+
+- 每次公网验证都应回填 [测试记录模板](/Users/x/websafe/09-scope-and-targeting/test-record-template.md)
+- 每个目标都应登记在 [资产清单模板](/Users/x/websafe/09-scope-and-targeting/asset-inventory-template.md)