信息搜集
1 子域名
参照:http://www.51testing.com/html/87/n-3722587.html
1.1 搜索引擎
linux工具,包含了Google, Yahoo, Bing, Baidu, Ask,Netcraft, VirusTotal, ThreatCrowd, DNSdumpster, PassiveDNS。
- Google或Bing的高级搜索
1 2
site:wikimedia.org site:wikimedia.org-www-store-jobs-uk(减号)
1.2 查域名证书
自动化工具bugcrowd-levelup-subdomain-enumeration
https://crt.sh/
https://censys.io/certificates?q=
https://developers.facebook.com/tools/ct/
https://google.com/transparencyreport/https/ct/
1.3 字典枚举
FuzzScanner 信息搜集工具集
subDomainsBrute 高并发爆破
- dnsrecon
python dnsrecon.py -n ns1.insecuredns.com –d insecuredns.com -D subdomains-top1mil-20000.txt -t brt
- altdns 排列组合爆破
python altdns.py -i icann.domains -o data_output -w icann.words -r -s results_output.txt
- BroDomain 兄弟域名
1.2 真实ip
1.2
2 扫目录
2.0 爬取目录
https://github.com/saucer-man/UrlCrawler
2.1 基于爬虫
dirhunt
2.2 基于字典
https://github.com/blackye/webdirdig
This post is licensed under CC BY 4.0 by the author.