# 授权验证样例

> `LAB ONLY` | `AUTHORIZED TARGETS ONLY`

以下命令仅用于自有资产、测试环境或已明确授权的目标。

## HTTP 注入最小化验证

```bash
python3 /Users/x/websafe/01-sql-injection/tools/sqli-scanner.py \
  -u "https://owned-lab.example.test/search?id=1"
```

## XSS 上下文与回显验证

```bash
python3 /Users/x/websafe/02-xss/tools/xss-fuzzer.py \
  -u "https://owned-lab.example.test/search?q=test"
```

## TLS 与头部检查

```bash
python3 /Users/x/websafe/04-server-security/tls/tools/tls-scanner.py \
  -u https://owned-lab.example.test
```

## 最小端口暴露验证

```bash
python3 /Users/x/websafe/04-server-security/scanning/tools/port-scanner.py \
  -H owned-lab.example.test --top-ports 20
```

## 同 IP / 同证书关联分析

```bash
python3 /Users/x/websafe/04-server-security/infrastructure/tools/site-scope-mapper.py \
  --target owned-lab.example.test --ack-authorized
```

## 手工检查 CSP / 响应头

```bash
curl -I https://owned-lab.example.test
```

## 记录要求

- 每次公网验证都应回填 [测试记录模板](/Users/x/websafe/09-scope-and-targeting/test-record-template.md)
- 每个目标都应登记在 [资产清单模板](/Users/x/websafe/09-scope-and-targeting/asset-inventory-template.md)