一.网站信息收集
1.多地ping找ip
![](https://img-blog.csdnimg.cn/direct/440792c1c4f148a7a6c2590eda9d156c.png)
2.fofa
![](https://img-blog.csdnimg.cn/direct/9fa661fd6db240cf9d1eacedc1253d5a.png)
3.域名解析
![](https://img-blog.csdnimg.cn/direct/7454a555f03e4a8e80846590cfd59d04.png)
4.子域名查询
![](https://img-blog.csdnimg.cn/direct/b1ed3268368f42c3bd688416f8d50fee.png)
5.真实 ip寻找
![](https://img-blog.csdnimg.cn/direct/49413278ef32497da71409bf4f2c28f6.png)
6.查找网站信息
![](https://img-blog.csdnimg.cn/direct/9320e3fbceaa42d39bf34caec2aaddf5.png)
7.网站whois
![](https://img-blog.csdnimg.cn/direct/72f53a495a9d402faeee3c06bc5a37e0.png)
二.搜索引擎语法
![](https://img-blog.csdnimg.cn/direct/7a2a27da52874d26816feac68965be9e.png)
![](https://img-blog.csdnimg.cn/direct/00f41303d1264f4cb4f6210d04274816.png)
三.windows/kali工具
1.信息收集
cmd命令行:
![](https://img-blog.csdnimg.cn/direct/825576cbe3a44bcf877958f81bb1b9f6.png)
2.端口扫描
nmap:
nmap -A -p- +ip/域名
![](https://img-blog.csdnimg.cn/direct/f2c1a6ad954c4876b61aa6b9963221b9.png)
图形化nmap:
![](https://img-blog.csdnimg.cn/direct/f2d485a607114b7f8fda67bacc421f91.png)
masscan:
masscan -p- +ip
![](https://img-blog.csdnimg.cn/direct/121a90c26a854333943b54282761420e.png)
3.敏感目录扫描
gobuster:
gobuster dir -u +url -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x jpg,php,txt(字典)
![](https://img-blog.csdnimg.cn/direct/a24af4239afc4770b8b3ea14929d5df1.png)
drib:
dirb +url +/usr/share/wordlists/dirb/big.txt(字典)
![](https://img-blog.csdnimg.cn/direct/26272b05eb534a17b14ce5d9468b50d5.png)