信息广度收集:
Whois信息
- 站长之家:http://whois.chinaz.com
- Bugscaner:http://whois.bugscaner.com
- 国外在线:https://bgp.he.net
一级域名
子域名
- OneForAll:https://github.com/shmilylty/OneForAll
- ksubdomain:https://github.com/knownsec/ksubdomain
- subDomainsBrute:https://github.com/lijiejie/subDomainsBrute
- Sublist3r:https://github.com/aboul3la/Sublist3r
- RappidDns:Subdomain - RapidDNS Rapid DNS Information Collection (在线)
- 查子域:ip地址查询 ip查询 查ip 公网ip地址归属地查询 网站ip查询 同ip网站查询 iP反查域名 iP查域名 同ip域名 (在线)
旁站
真实ip
- 全球ping:https://www.wepcc.com
- dns检测:DNS查询_专业的 IP 地址库_IPIP.NET
- Xcdn:https://github.com/3xp10it/xcdn
- 在线:https://ipchaxun.com
端口+C段
- Nmap:https://nmap.org
- Fscan:https://github.com/shadow1ng/fscan
- Txportmap:https://github.com/4dogs-cn/TXPortMap
- Masscan:https://github.com/robertdavidgraham/masscan
敏感信息
Googlehack语法
- 后台地址
- site:xxx.com intitle:管理|后台|登陆|管理员|系统|内部
- site:xxx.com inurl:login|admin|system|guanli|denglu|manage|admin_login|auth|dev
- 敏感文件
- site:xxx.com (filetype:doc OR filetype:ppt OR filetype:pps OR filetype:xls OR filetype:docx OR filetype:pptx OR filetype:ppsx OR filetype:xlsx OR filetype:odt OR filetype:ods OR filetype:odg OR filetype:odp OR filetype:pdf OR filetype:wpd OR filetype:svg OR filetype:svgz OR filetype:indd OR filetype:rdp OR filetype:sql OR filetype:xml OR filetype:db OR filetype:mdb OR filetype:sqlite OR filetype:log OR filetype:conf)
- 测试环境
- site:xxx.com inurl:test|ceshi
- site:xxx.com intitle:测试
- 邮箱
- site:xxx.com (intitle:"Outlook Web App" OR intitle:"邮件" OR inurl:"email" OR inurl:"webmail")
- 其他
- site:xxx.com inurl:api|uid=|id=|userid=|token|session
- site:xxx.com intitle:index.of "server at"
Github
- @xxx.com password/secret/credentials/token/config/pass/login/ftp/ssh/pwd
- @xxx.com security_credentials/connetionstring/JDBC/ssh2_auth_password/send_keys
网盘引擎
空间引擎搜索
- FOFA:https://fofa.so
- Quake:360网络空间测绘 — 因为看见,所以安全
- Hunter:https://hunter.qianxin.com
- Shadon:https://www.shodan.io
- ZoomEye:https://www.zoomeye.org
历史漏洞
- 乌云镜像:https://wooyun.x10sec.org
- Seebug:https://www.seebug.org
- Exploit Database:https://www.exploit-db.com
- Vulners:https://vulners.com
- Sploitus:https://sploitus.com
APP
- 小蓝本:小蓝本-商业信息搜索
- 七麦:https://www.qimai.cn
- AppStore:App Store - Apple
公众号
- 微信直接搜索
- 搜狗:https://weixin.sogou.com
小程序
- 微信直接搜索
- 小蓝本:小蓝本-商业信息搜索
信息深度收集:
指纹识别
- 火狐插件:Wappalyzer
- 云悉:http://www.yunsee.cn
- TideFinger:https://github.com/TideSec/TideFinger
- ObserverWard:https://github.com/0x727/ObserverWard_0x727
Title识别
- WebBatchRequest:https://github.com/ScriptKid-Beta/WebBatchRequest
- Bscan:https://github.com/broken5/bscan
目录扫描
JS接口
- JSFinder:https://github.com/Threezh1/JSFinder
- LinkFinder:https://github.com/GerbenJavado/LinkFinder
- Packer-Fuzzer:https://github.com/rtcatc/Packer-Fuzzer (webpack)
- 搜索关键接口
- config/api
- method:"get"
- http.get("
- method:"post"
- http.post("
- $.ajax
- service.httppost
- service.httpget
WAF识别
综合利用工具
- Goby:https://gobies.org
- Xray:https://github.com/chaitin/xray
- Nuclei:https://github.com/projectdiscovery/nuclei
扫码加我拉你进入渗透测试交流群,备注:csdn