信息收集 ======================================== Whois ---------------------------------------- - `who.is `_ - `万网WHOIS `_ - `腾讯云WHOIS `_ - `站长之家WHOIS `_ 网站备案 ---------------------------------------- - `天眼查 `_ - `ICP备案查询 `_ - `爱站备案查询 `_ CDN查询 ---------------------------------------- - `多地Ping `_ - `CDN服务商查询 `_ 子域爆破 ---------------------------------------- - `subDomainsBrute `_ - `wydomain `_ - `broDomain `_ - `ESD `_ - `aiodnsbrute `_ - `OneForAll `_ - `subfinder `_ - `altdns `_ Generates permutations, alterations and mutations of subdomains and then resolves them 域名获取 ---------------------------------------- - `the art of subdomain enumeration `_ - `sslScrape `_ - `aquatone `_ A Tool for Domain Flyovers - `teemo `_ A Domain Name & Email Address Collection Tool - `DNS DB 历史记录 `_ 弱密码爆破 ---------------------------------------- - `hydra `_ - `medusa `_ is a high-speed network authentication cracking tool - `Ncrack `_ - `htpwdScan `_ - `patator `_ Git信息泄漏 ---------------------------------------- - `GitHack By lijiejie `_ - `GitHack By BugScan `_ - `GitTools `_ - `Zen `_ - `dig github history `_ - `gitrob Reconnaissance tool for GitHub organizations `_ - `git secrets `_ - `shhgit `_ Find GitHub secrets in real time - `GitHound `_ GitHound pinpoints exposed API keys on GitHub using pattern matching, commit history searching, and a unique result scoring system. A batch-catching, pattern-matching, patch-attacking secret snatcher - `x patrol `_ Github leaked patrol - `GitDorker `_ scrape secrets from GitHub through usage of a large repository of dorks Github监控 ---------------------------------------- - `Github Monitor `_ Github Sensitive Information Leakage Monitor - `Github Dorks `_ - `GSIL `_ - `Hawkeye `_ - `gshark `_ - `GitGot `_ - `gitGraber `_ monitor GitHub to search and find sensitive data in real time for different online services 路径及文件扫描 ---------------------------------------- - `weakfilescan `_ - `DirBrute `_ - `dirsearch `_ - `bfac `_ - `ds_store_exp `_ 路径爬虫 ---------------------------------------- - `crawlergo `_ A powerful dynamic crawler for web vulnerability scanners 指纹识别 ---------------------------------------- - `Wappalyzer `_ - `whatweb `_ - `Wordpress Finger Print `_ - `CMS指纹识别 `_ - `JA3 `_ is a standard for creating SSL client fingerprints in an easy to produce and shareable way - `TideFinger `_ - `JARM `_ active Transport Layer Security (TLS) server fingerprinting tool - `fingerprintjs `_ Browser fingerprinting library with the highest accuracy and stability Waf指纹 ---------------------------------------- - `identywaf `_ - `wafw00f `_ - `WhatWaf `_ 端口扫描 ---------------------------------------- - `nmap `_ - `zmap `_ - `masscan `_ - `ShodanHat `_ - `lzr `_ LZR quickly detects and fingerprints unexpected services running on unexpected ports - `ZGrab2 `_ Fast Go Application Scanner - `RustScan `_ The Modern Port Scanner - DNS ``dnsenum nslookup dig fierce`` - SNMP ``snmpwalk`` DNS数据查询 ---------------------------------------- - `VirusTotal `_ - `PassiveTotal `_ - `DNSDB `_ - `sitedossier `_ DNS关联 ---------------------------------------- - `Cloudflare Enumeration Tool `_ - `amass `_ - `Certificate Search `_ 云服务 ---------------------------------------- - `Find aws s3 buckets `_ - `CloudScraper `_ - `AWS Bucket Dump `_ 数据查询 ---------------------------------------- - `Censys `_ - `Shodan `_ - `Zoomeye `_ - `fofa `_ - `scans `_ - `Just Metadata `_ - `publicwww - Find Web Pages via Snippet `_ Password ---------------------------------------- - `Probable Wordlists `_ Wordlists sorted by probability originally created for password generation and testing - `Common User Passwords Profiler `_ - `chrome password grabber `_ - `DefaultCreds cheat sheet `_ One place for all the default credentials to assist the pentesters during an engagement - `SuperWordlist `_ CI信息泄露 ---------------------------------------- - `secretz `_ minimizing the large attack surface of Travis CI 个人数据画像 ---------------------------------------- - `GHunt `_ Investigate Google Accounts with emails 邮箱收集 ---------------------------------------- - `EmailHarvester `_ 其他 ---------------------------------------- - `datasploit `_ - `watchdog `_ - `archive `_ - `HTTPLeaks `_ - `htrace `_ - `Quake Command-Line Application `_ 360网络空间测绘系统