Question

10.3. 信息收集

10.3.1. Whois

• who.is
• 万网WHOIS
• 腾讯云WHOIS
• 站长之家WHOIS

10.3.2. 网站备案

• 天眼查
• ICP备案查询
• 爱站备案查询

10.3.3. CDN查询

• 多地Ping
• CDN服务商查询

10.3.4. 子域爆破

• Amass In-depth Attack Surface Mapping and Asset Discovery
• subDomainsBrute
• wydomain
• broDomain
• ESD
• aiodnsbrute
• OneForAll
• subfinder
• altdns Generates permutations, alterations and mutations of subdomains and then resolves them

10.3.5. 域名获取

• the art of subdomain enumeration
• sslScrape
• aquatone A Tool for Domain Flyovers
• teemo A Domain Name & Email Address Collection Tool
• DNS DB 历史记录

10.3.6. 弱密码爆破

• hydra
• medusa is a high-speed network authentication cracking tool
• Ncrack
• htpwdScan
• patator

10.3.7. Git信息泄漏

• GitHack By lijiejie
• GitHack By BugScan
• GitTools
• Zen
• dig github history
• gitrob Reconnaissance tool for GitHub organizations
• git secrets
• shhgit Find GitHub secrets in real time
• GitHound GitHound pinpoints exposed API keys on GitHub using pattern matching, commit history searching, and a unique result scoring system. A batch-catching, pattern-matching, patch-attacking secret snatcher
• x patrol Github leaked patrol
• GitDorker scrape secrets from GitHub through usage of a large repository of dorks

10.3.8. Github监控

• Github Monitor Github Sensitive Information Leakage Monitor
• Github Dorks
• GSIL
• Hawkeye
• gshark
• GitGot
• gitGraber monitor GitHub to search and find sensitive data in real time for different online services

10.3.9. 路径及文件扫描

• weakfilescan
• DirBrute
• dirsearch
• bfac
• ds_store_exp

10.3.10. 路径爬虫

• crawlergo A powerful dynamic crawler for web vulnerability scanners

10.3.11. 指纹识别

• Wappalyzer
• whatweb
• Wordpress Finger Print
• CMS指纹识别
• JA3 is a standard for creating SSL client fingerprints in an easy to produce and shareable way
• TideFinger
• JARM active Transport Layer Security (TLS) server fingerprinting tool
• fingerprintjs Browser fingerprinting library with the highest accuracy and stability

10.3.12. Waf指纹

• identywaf
• wafw00f
• WhatWaf

10.3.13. 端口扫描

• nmap
• zmap
• masscan
• ShodanHat
• lzr LZR quickly detects and fingerprints unexpected services running on unexpected ports
• ZGrab2 Fast Go Application Scanner
• RustScan The Modern Port Scanner
• DNS dnsenum nslookup dig fierce
• SNMP snmpwalk

10.3.14. DNS数据查询

• VirusTotal
• PassiveTotal
• DNSDB
• sitedossier

10.3.15. DNS关联

• Cloudflare Enumeration Tool
• Certificate Search

10.3.16. 云服务

• Find aws s3 buckets
• CloudScraper
• AWS Bucket Dump

10.3.17. 数据查询

• Censys
• Shodan
• Zoomeye
• fofa
• scans
• Just Metadata
• publicwww - Find Web Pages via Snippet

10.3.18. Password

• Probable Wordlists Wordlists sorted by probability originally created for password generation and testing
• Common User Passwords Profiler
• chrome password grabber
• DefaultCreds cheat sheet One place for all the default credentials to assist the pentesters during an engagement
• SuperWordlist

10.3.19. CI信息泄露

• secretz minimizing the large attack surface of Travis CI

10.3.20. 个人数据画像

• GHunt Investigate Google Accounts with emails

10.3.21. 邮箱收集

• EmailHarvester

10.3.22. 其他

• datasploit
• watchdog
• archive
• HTTPLeaks
• htrace
• Quake Command-Line Application 360网络空间测绘系统