子域名,旁站
一
https://tools.ipip.net/ipdomain.php?ip=x.x.x.x
https://cn.bing.com/search?q=ip:x.x.x.x Bing搜索
https://api.hackertarget.com/reverseiplookup/?q=xxx.com
https://securitytrails.com/dns-trails 比较常用的一个
https://www.robtex.com/cidr/x.x.x.x-x
https://fofa.so/
https://x.threatbook.cn
二
https://site.ip138.com/
http://ti.qianxin.com
http://www.dnsscan.cn/
https://censys.io/
https://www.shodan.io/
http://www.crimeflare.org:82/cfs.html
https://viewdns.info
https://bgp.he.net
http://sbd.ximcx.cn
http://www.nsoad.com/Security-tools/20181218/tools-1228.html
三.Google镜像的收集站,定期更新
https://www.uedbox.com/post/54776/ Google镜像的收集站,定期更新
四
https://dnsdumpster.com/
https://www.virustotal.com/gui/home/search
https://findsubdomains.com/
在线网址太多了
https://dns.bufferover.run/dns?q=baidu.com
五.子域名爆破
kali fierce -dns 域名 -threads 10 (需要翻墙,国外优先)
site:test.com #百度,必应,google
例子: site:test.com -www -app #搜索test.com 域名,去掉www,app开头的
https://d.chinacycc.com #在线子域名扫描
https://urlscan.io #在线爬去子域名超级快
https://phpinfo.me/domain/?from=lu4n.com 子域名爆破
http://i.links.cn/subdomain/ #在线子域名查询
https://x.threatbook.cn/partner 微步情报分析 (子域名whois,ip都OK)
https://www.virustotal.com/#/domain/ #域名分析
http://ce.baidu.com/index/getRelatedSites?site_address= 利用百度云监测
subDomainsBrute-master 爆破,SubDomainizer爆破, 运行环境#python2.7 #效率高,但是总体感觉没有 子域名挖掘机好
https://api.hackertarget.com/reverseiplookup/?q=jxcia.com
其他子域名爆破
JSFinder(https://github.com/Threezh1/JSFinder)
Sublist3r(https://github.com/aboul3la/Sublist3r)