10.3. 信息收集¶

10.3.1. Whois¶

subDomainsBrute
wydomain
broDomain
ESD
aiodnsbrute
OneForAll
subfinder
altdns Generates permutations, alterations and mutations of subdomains and then resolves them

GitHack By lijiejie
GitHack By BugScan
GitTools
Zen
dig github history
gitrob Reconnaissance tool for GitHub organizations
git secrets
shhgit Find GitHub secrets in real time
GitHound GitHound pinpoints exposed API keys on GitHub using pattern matching, commit history searching, and a unique result scoring system. A batch-catching, pattern-matching, patch-attacking secret snatcher
x patrol Github leaked patrol
GitDorker scrape secrets from GitHub through usage of a large repository of dorks

Github Monitor Github Sensitive Information Leakage Monitor
Github Dorks
GSIL
Hawkeye
gshark
GitGot
gitGraber monitor GitHub to search and find sensitive data in real time for different online services

Wappalyzer
whatweb
Wordpress Finger Print
CMS指纹识别
JA3 is a standard for creating SSL client fingerprints in an easy to produce and shareable way
TideFinger
JARM active Transport Layer Security (TLS) server fingerprinting tool
fingerprintjs Browser fingerprinting library with the highest accuracy and stability

nmap
zmap
masscan
ShodanHat
lzr LZR quickly detects and fingerprints unexpected services running on unexpected ports
ZGrab2 Fast Go Application Scanner
RustScan The Modern Port Scanner
DNS dnsenum nslookup dig fierce
SNMP snmpwalk

Probable Wordlists Wordlists sorted by probability originally created for password generation and testing
Common User Passwords Profiler
chrome password grabber
DefaultCreds cheat sheet One place for all the default credentials to assist the pentesters during an engagement
SuperWordlist