红队资产信息收集
1.自动化漏洞扫描
1.1 批量漏洞扫描工具
拿到域名和IP后先批量跑一下漏洞,批量工具如下:
工具名称 | 访问地址 |
---|---|
goby | |
AWVS | https://www.acunetix.com/ |
xray | https://github.com/chaitin/xray |
fscan扫描工具 | https://github.com/shadow1ng/fscan |
ServerScan | https://github.com/Adminisme/ServerScan |
K8CScan | https://github.com/k8gege/K8CScan |
nikto | https://github.com/sullo/nikto |
nuclei | https://github.com/projectdiscovery/nuclei |
openvas-scanner | https://github.com/greenbone/openvas-scanner |
wpscan | https://github.com/wpscanteam/wpscan |
nessus | https://www.tenable.com/products/nessus |
AppScan | http://www.encoreconsulting.com/3-10-AppSc |