Subdomain detection
What is segment C
For example, at: 127.127.127.4, there is a website on this IP, 127.4, there is a website on this server,
this is a very large site, and there are almost no vulnerabilities,
but it is in the same C segment as
127.127.127.1 ~ 127.127.127.255. This 1 ~ 255 also has a server and there are also There are vulnerabilities in the website, so
we can infiltrate any site from 1 to 255 and
then increase the power to sniff to get 127.4 the password of this server or even the password of
3389 connection. The password for background login will get a lot of passwords if you are lucky
Segment C does not refer to segment C, intranet address
k8 tool
Prerequisites Remember to register the bing interface (actually, check port 80),
enter the parsing query
API query,
search query
Excavator tools
提取关键字指定URL地址
APP extraction
下载他提供的APP反编译APP
利用Androidkiller反编译
搜索http或者8080端口等关键字
WeChat public account
可以用Burp APP抓包
手机和电脑在同一个wifi
在手机代理设置手动 填写电脑ip地址和端口
电脑端在burp suite代理服务器
代理选项添加
代理截断 本机ip
Dictionary enumeration method brute force to obtain second-level domain name
DNSReconcile
Layer 子域名挖掘机
DirBuster
Open DNS source
Rapid7 下 Sonar 项目发布的: https://scans.io/study/sonar.fdns_v2。
DNS 历史解析: https://dnsdb.io/zh-cn/
Threat intelligence query
华为安全情报查询 https://isecurity.huawei.com