Vulnerability information collection-detection of primary and secondary domain names

Primary and secondary domain name detection (overall summary)

Domain name detection

	要对一个站点进行渗透测试之前，一般常见是直接通过漏洞扫描器来对指定站点渗透，当无漏洞之后，就需要才有信息收集工作完成后期渗透
		AWVS/APPSCAN/NETSPARK/WEBINSPECT/NMAP/NESSUS/天镜/明鉴/WVSS/RSAS

Subdomain detection

	根据子域名可以获取二级域名三级域名

Subdomain acquisition method

DNS domain transfer vulnerability

If the other party has this vulnerability,
the purpose of dnsenum is to collect information about a domain as much as possible. It can guess the domain name that may exist through Google or dictionary files, and perform reverse query on a network segment. It can query the website's host address information, domain name server, mx
record (mail exchange record), execute the axfr request on the domain name server, get extended domain name information (google
hacking) through Google script , extract it from the domain name and query, and calculate the class C address And execute whois query, perform reverse query, write the address segment to the file
with kail dnsenum + domain name-f / dns.txt --dnserver

Parameter description:
-h View tool usage help
-dnsserver Specify domain name server
-enum shortcut option, equivalent to "–threads 5 -s 15 -w"
-noreverse Skip reverse query operation
-nocolor No color output
-private display and display in "" domain_ips.txt "at the end of the file save private ips
-subfile write all valid subdomains to the specified file
-t, --timeout tcp or udp connection timeout time, the default is 10s (time unit: seconds)
-threads query the number of threads
-v, --verbose display all progress and error messages
-o, --output output options, save the output information to the specified file
-e, --exclude reverse query option, exclude and regular expressions from the reverse query results Matching PTR
records, very useful in troubleshooting invalid hosts
-w, --whois provide whois query in a C segment network address range
-f dns.txt Specify dictionary file, which can be replaced by dns-big.txt or custom dictionary

https://wenku.baidu.com/view/d2d597b669dc5022aaea0030.html
you

Record Number Query

				通过查询系统域名备案号，再反查备案号相关域名
					网站备案查询地址：http://www.beianbeian.com 
						反查

Search engine bing> baidu

SSL certificate

				查询网址: https://myssl.com/ssl.html
				 https://www.chinassl.net/ssltools/ssl-checker.html

Associated domain name

Brute force enumeration

DNS history analysis

Third-party website collection

google search C side