About contact.sh
contact.sh is a public resource intelligence tool specially used for security vulnerability reporting. With the help of this tool, researchers can scan enterprise domain names and search for user accounts in the enterprise, and send security vulnerability reports according to the level of security threats.
tool installation
GNU/Linux
Before downloading the tool, please ensure that the whois and jq packages have been installed and configured on the local device. Next, we can use the following command to clone the project source code locally, and provide executable permissions to the tool script: $ git clone https://github.com/EdOverflow/contact.sh.git$ cd contact.sh/$ chmod u+x contact.sh$ ./contact.sh -d google.com -c google
macOS$ brew install gnu-sed --with-default-names$ brew install jq$ git clone https://github.com/EdOverflow/contact.sh.git$ cd contact.sh/$ chmod u+x contact.sh$ ./contact.sh -d google.com -c google
工具使用$ ./contact.sh __ __ | __ |_ |( ()| | |(|(|_ o _> | |—by EdOverflow [i] Description: An OSINT tool to find contacts in order to report security vulnerabilities.[i] Usage: ./contact.sh [Options] use -d for hostnames (-d example.com), -c for vendor name (-c example), and -f for a list of hostnames in a file (-f domains.txt)[i] Example: ./contact.sh -d google.com -c google
parameter explanation
-d: Specify the target host name, such as -d example.com;
-c: Specify the manufacturer name, such as -c example
-f: specifies the file containing the hostname, for example -f domains.txt;
Example of use./contact.sh -d google.com -c google
Detailed explanation of tool use
You can use the -d parameter to tell contact.sh to return a "confidence level" based on the information it retrieves when trying to find an address associated with a target domain name . The security.txt file on the target domain will have higher priority than the Twitter account on the company website: $ ./contact.sh -d google.com
The -c option allows us to specify the company name: $ ./contact.sh -c google
If the company name contains spaces, make sure to enclose the company name in double quotes: $ ./contact.sh -c “keeper security”
We can also use the -f option to detect a list of domain names: $ ./contact.sh -f domains.txt
For the most detailed results, the -d and -c options can be used together: $ ./contact.sh -d google.com -c google
工具运行结果$ ./contact.sh -d linkedin.com __ __ | __ |_ |( ()| | |(|(|_ o _> | |—by EdOverflow [+] Finding security.txt files | Confidence level: ★ ★ ★[!] The robots.txt file does not permit crawling this hostname. [+] Checking HackerOne’s directory for hostname | Confidence level: ★ ★ ★https://hackerone.com/linkedin
tool screenshot
at last
Share a quick way to learn [Network Security], "maybe" the most comprehensive learning method:
1. Theoretical knowledge of network security (2 days)
①Understand the industry-related background, prospects, and determine the development direction.
②Learn laws and regulations related to network security.
③The concept of network security operation.
④Multiple guarantee introduction, guarantee regulations, procedures and norms. (Very important)
2. Penetration testing basics (one week)
①Penetration testing process, classification, standards
②Information collection technology: active/passive information collection, Nmap tools, Google Hacking
③Vulnerability scanning, vulnerability utilization, principles, utilization methods, tools (MSF), Bypass IDS and anti-virus reconnaissance
④ Host attack and defense drill: MS17-010, MS08-067, MS10-046, MS12-20, etc.
3. Operating system basics (one week)
①Common functions and commands of Windows system
②Common functions and commands of Kali Linux system
③Operating system security (system intrusion troubleshooting/system reinforcement basis)
4. Computer network foundation (one week)
①Computer network foundation, protocol and architecture
②Network communication principle, OSI model, data forwarding process
③Common protocol analysis (HTTP, TCP/IP, ARP, etc.)
④Network attack technology and network security defense technology
⑤Web vulnerability principle and defense: active/passive attack, DDOS attack, CVE vulnerability recurrence
5. Basic database operations (2 days)
①Database basics
②SQL language basics
③Database security reinforcement
6. Web penetration (1 week)
①Introduction to HTML, CSS and JavaScript
②OWASP Top10
③Web vulnerability scanning tools
④Web penetration tools: Nmap, BurpSuite, SQLMap, others (chopper, missing scan, etc.)
Congratulations, if you learn this, you can basically work in a job related to network security, such as penetration testing, web penetration, security services, security analysis and other positions; if you learn the security module well, you can also work as a security engineer. The salary range is 6k-15k.
So far, about a month. You've become a "script kiddie". So do you still want to explore further?
Friends who want to get involved in hacking & network security, I have prepared a copy for everyone: 282G, the most complete network security data package on the entire network, for free!
Click [Card at the end of the article] to get it for free
With these foundations, if you want to study in depth, you can refer to the super-detailed learning roadmap below. Learning according to this route is enough to support you to become an excellent intermediate and senior network security engineer:
[High-definition learning roadmap or XMIND file (click the card at the end of the article to get it)]
There are also some video and document resources collected in the study, which can be taken by yourself if necessary:
supporting videos for each growth path corresponding to the section:
of course, in addition to supporting videos, various documents, books, materials & tools are also organized for you , and has helped everyone to classify.
Due to the limited space, only part of the information is displayed. If you need it, you can [click the card below to get it for free]