I. Summary
Two, whois
whois query: used to query whether the domain name has been registered, as well as detailed information on registering domain names (such as the domain name owner, domain registrar, domain name registration and expiration dates, DNS, etc.). A domain name Whois query server, you can query domain belonger Information, as well as registration and expiration time.
Webmaster Tools: http://tool.chinaz.com/
Love Station: https://www.aizhan.com/
Ministry of Industry and Information Technology: http://www.beian.miit.gov.cn/publish/query/indexFirst.action
Third, the real IP
IP reverse lookup: https://dnslytics.com/
google、firefox插件:IP Address and Domain Information
Reference article: https://mp.weixin.qq.com/s/_qHGB3l58KU01tBOki5uag
Fourth, subdomain
Subdomains: subdomain is secondary domain name refers to the domain names under the top-level domain. Primary domain name are generally key protection area, more difficult to start, so the first general gathering subdomain break from the subdomain, then think of ways roundabout close to the real target
Website:
Query network: https: //site.ip138.com/
hackertarget: https: //hackertarget.com/
t1h2ua:https://www.t1h2ua.cn/tools/
phpinfo:https://phpinfo.me/domain/
dnsdumpster: https: //dnsdumpster.com/
TScan:https://scan.top15.cn/web/
Tools enumeration:
OneForAll、Layer、Sublist3r、subDomainsBrute......
These tools can be found at Github
search engine:
Google, Baidu, Bing
V. Certificate Transparency logs enumeration
Certificate Transparency: a certificate authority (CA) of a project, will be the certificate authority SSL / TLS certificate issued to the public each log. A SSL / TLS certificate usually contains a domain, subdomain and e-mail address
Website:
crt.sh: https://crt.sh
censys: https://censys.io
myssl: https: //myssl.com
Tools enumeration:
Six, C segment inquiry
Tools: nmap, masscan, K8_C segment marginalia tools 6.0, IISPutScanner, small Mifan WEB Finder
Network assets scan engine: Fofa, Shodan, ZoomEye
Seven, fingerprint recognition
Vulnerabilities in mining, the target server fingerprinting is quite necessary, because only identify the appropriate Web container or CMS, to find these related vulnerabilities before the corresponding infiltration operation.
Website:
Yun noted: http: //www.yunsee.cn/
TideFinger:http://finger.tidesec.net/
BugScaner:http://whatweb.bugscaner.com/look/
Digital Stargazing: https: //fp.shuziguanxing.com/#/
Tool identifies:
Sword Web fingerprinting, WhatWeb, Test404 lightweight CMS fingerprint + v2.1, coconut, etc.
Github:
https://github.com/Tuhinshubhra/CMSeeK
https://github.com/Dionach/CMSmap
https://github.com/aedoo/ACMSDiscovery
https://github.com/TideSec/TideFinger
https://github.com/Lucifer1993/AngelSword
Eight, the source code leak
github project
.git source code leak: https://github.com/lijiejie/GitHack
.DS_Store leak: https://github.com/lijiejie/ds_store_exp
.bzr, CVS, .svn, .hg source code leak: https://github.com/kost/dvcs-ripper
Code hosting platforms:
Github:https://github.com/
gitee: https://gitee.com/
Nine, directory and background scanning
7kbscan-WebPathBrute:https://github.com/7kbstorm/7kbscan-WebPathBrute
DirMap: https: //github.com/H4ckForJob/dirmap
dirsearch: https: //github.com/maurosoria/dirsearch
Fuzz-gobuster:https://github.com/OJ/gobuster
Fuzz-wfuzz:https://github.com/xmendez/wfuzz
Test404 lightweight background scanner + v2.0
Fuzz-dirbuster OWASP kali own 带
Sword
Ten, WAF recognition
https://github.com/EnableSecurity/wafw00f
XI identification soft kill
https://github.com/r00tSe7en/get_AV/blob/master/av.json
XII mailbox information inquiry
Insert: https://github.com/m4ll0k/Infoga.git
Google Grammar
Thirteen, business information search
Enterprise Basic Information
Charles eye in the sky: https://www.tianyancha.com/
Enterprises look: https://www.qichacha.com/
Government website database of basic information: http://114.55.181.28/databaseInfo/index
Credit information inquiry
State enterprise credit information publicity system: http: //www.gsxt.gov.cn
National Business Information inquiry: http: //company.xizhi.com/
Personal credit search query - Corporate Information search query - Unified Social Credit Code Lookup - Credit China: https: //www.creditchina.gov.cn/
Fourth, history loophole
Clouds vulnerability database: https://github.com/hanc00l/wooyun_public
Exploit-db:https://www.exploit-db.com/
Securityfocus:https://www.securityfocus.com/bid
Cxsecurity:https://cxsecurity.com/exploit/
National Information Security Vulnerability Database: http://www.cnnvd.org.cn/
Seebug:https://www.seebug.org/