信息收集思路&工具分享
信息收集
1. 企查查-爱企查-天眼查
获取公司及子公司信息
域名
小程序
微信公众号
APP
微博
邮箱
生活号
https://github.com/cqkenuo/appinfoscanner
https://www.qcc.com/
https://www.tianyancha.com/
https://aiqicha.baidu.com/
google.com \ baidu.com \ bing.cn
2. 收集子域名
收集目标子域名信息
https://x.threatbook.cn/
https://github.com/shmilylty/OneForAll
Layer子域名挖掘机
https://github.com/lijiejie/subDomainsBrute
https://github.com/Jewel591/SubDomainFinder
https://github.com/aboul3la/Sublist3r
https://github.com/knownsec/ksubdomain
https://github.com/Threezh1/JSFinder
google.com \ baidu.com \ bing.cn
http://tool.chinaz.com/dns
https://www.dnsdb.io
https://fofa.so/
https://www.zoomeye.org/
https://www.shodan.io/
https://censys.io/
DNSenum
nslookup
https://www.isc.org/download/
https://code.google.com/archive/p/dnsmap/
https://github.com/0x727/ShuiZe_0x727
3. 域名指纹识别
对上面收集到的域名进行识别
https://github.com/EdgeSecurityTeam/EHole
https://github.com/al0ne/Vxscan
https://github.com/EASY233/Finger
https://github.com/TideSec/TideFinger
https://github.com/urbanadventurer/WhatWeb
https://gobies.org/
https://www.yunsee.cn/
https://github.com/s7ckTeam/Glass
https://github.com/TideSec/TideFinger
https://scan.dyboy.cn/web/
https://fp.shuziguanxing.com/#/
https://builtwith.com/zh/
https://github.com/FortyNorthSecurity/EyeWitness
https://www.yunsee.cn/
https://www.wappalyzer.com/
https://github.com/0x727/ObserverWard
https://github.com/0x727/ShuiZe_0x727
https://github.com/P1-Team/AlliN
https://github.com/dr0op/bufferfly
4. IP收集、C段收集、端口
根据域名收集对应的IP
如果遇到CDN可以考虑以下方法:
查看dns解析记录
https://dnsdb.io/zh-cn/ ###DNS查询
https://x.threatbook.cn/ ###微步在线
http://toolbar.netcraft.com/site_report?url= ###在线域名信息查询
http://viewdns.info/ ###DNS、IP等查询
https://tools.ipip.net/cdn.php ###CDN查询IP[SecurityTrails](https://securitytrails.com/)
平台找子域名的IP
xxxx.com.cn type:A
微步在线
https://dnsdb.io/
google
子域名扫描器
网络空间搜索引擎
shodan
fofa
zoomeye
全球鹰
quake
SSL证书
HTTP头
利用网站返回内容特征搜索
国外主机访问
网站漏洞
phpinfo
xss
ssrf
邮件订阅(RSS)
zmap
F5 LTM
如果没有CDN就直接扫
nmap
masscan
https://github.com/EdgeSecurityTeam/Eeyes
https://github.com/shadow1ng/fscan
https://github.com/Adminisme/ServerScan
https://github.com/EdgeSecurityTeam/EHole
5. 目录扫描
https://github.com/maurosoria/dirsearch
dirbuster
gobuster
dirb
https://github.com/xmendez/wfuzz
https://github.com/foryujian/yjdirscan
https://github.com/H4ckForJob/dirmap
6. 微信小程序信息收集
7. 微信公众号信息收集
8. 支付宝小程序信息收集
9. APP信息收集
https://github.com/cqkenuo/appinfoscanner
https://github.com/projectdiscovery/nuclei/blob/master/README_CN.md
https://github.com/smicallef/spiderfoot
10. 网站JS信息收集
https://github.com/Threezh1/JSFinder
https://github.com/GerbenJavado/LinkFinder
https://github.com/rtcatc/Packer-Fuzzer (webpack)
https://github.com/momosecurity/FindSomething
11. 其他信息收集
用户名
密码
GitHub
网盘
钉钉
语雀
码云
gitree
微信
邮箱
备份文件
知乎
贴吧
社工库
等
往期回顾
手把手教你实现tomcat内存马
评论