渗透测试信息收集思路&工具分享

1. 企查查-爱企查-天眼查

  • 域名
  • 小程序
  • 微信公众号
  • APP
  • 微博
  • 邮箱
  • 生活

    https://github.com/cqkenuo/appinfoscanner
    https://www.qcc.com/
    https://www.tianyancha.com/
    https://aiqicha.baidu.com/
    google.com \ baidu.com \ bing.cn

2. 收集子域名

收集目标子域名信息

https://x.threatbook.cn/
https://github.com/shmilylty/OneForAll
Layer子域名挖掘机
https://github.com/lijiejie/subDomainsBrute
https://github.com/Jewel591/SubDomainFinder
https://github.com/aboul3la/Sublist3r
https://github.com/knownsec/ksubdomain
https://github.com/Threezh1/JSFinder
google.com \ baidu.com \ bing.cn
http://tool.chinaz.com/dns
https://www.dnsdb.io
https://fofa.so/
https://www.zoomeye.org/
https://www.shodan.io/
https://censys.io/
DNSenum
nslookup
https://www.isc.org/download/
https://code.google.com/archive/p/dnsmap/
https://github.com/0x727/ShuiZe_0x727

3. 域名指纹识别

对上面收集到的域名进行识别

https://github.com/EdgeSecurityTeam/EHole
https://github.com/al0ne/Vxscan
https://github.com/EASY233/Finger
https://github.com/TideSec/TideFinger
https://github.com/urbanadventurer/WhatWeb
https://gobies.org/
https://www.yunsee.cn/
https://github.com/s7ckTeam/Glass
https://github.com/TideSec/TideFinger
https://scan.dyboy.cn/web/
https://fp.shuziguanxing.com/#/
https://builtwith.com/zh/
https://github.com/FortyNorthSecurity/EyeWitness
https://www.yunsee.cn/
https://www.wappalyzer.com/
https://github.com/0x727/ObserverWard
https://github.com/0x727/ShuiZe_0x727
https://github.com/P1-Team/AlliN
https://github.com/dr0op/bufferfly

4. IP收集、C段收集、端口

根据域名收集对应的IP
如果遇到CDN可以考虑以下方法:

  • 查看dns解析记录

    https://dnsdb.io/zh-cn/ ###DNS查询
    https://x.threatbook.cn/ ###微步在线
    http://toolbar.netcraft.com/site_report?url= ###在线域名信息查询
    http://viewdns.info/ ###DNS、IP等查询
    https://tools.ipip.net/cdn.php ###CDN查询IP

    SecurityTrails平台

  • 找子域名的IP

    • xxxx.com.cn type:A
  • google
  • 子域名扫描器
    网络空间搜索引擎

    • shodan
    • fofa
    • zoomeye
    • 全球鹰
    • quake
  • SSL证书
  • HTTP头
  • 利用网站返回内容特征搜索
  • 国外主机访问
  • 网站漏洞

    • phpinfo
    • xss
    • ssrf
  • 邮件订阅(RSS)
  • zmap
  • F5 LTM

如果没有CDN就直接扫

nmap
masscan
https://github.com/EdgeSecurityTeam/Eeyes
https://github.com/shadow1ng/fscan
https://github.com/Adminisme/ServerScan
https://github.com/EdgeSecurityTeam/EHole

5. 目录扫描

https://github.com/maurosoria/dirsearch
dirbuster
gobuster
dirb
https://github.com/xmendez/wfuzz
https://github.com/foryujian/yjdirscan
https://github.com/H4ckForJob/dirmap

6. 漏洞扫描

nessus
wavs
https://github.com/H4ckForJob/dirmap
https://github.com/chaitin/xray
https://github.com/wgpsec/DBJ
https://github.com/sullo/nikto
https://github.com/zhzyker/vulmap/
https://github.com/projectdiscovery/nuclei
https://github.com/greenbone/openvas-scanner
https://github.com/wpscanteam/wpscan
http://www.encoreconsulting.com/3-10-AppScan.html
https://github.com/78778443/QingScan

7. 微信小程序信息收集

8. 微信公众号信息收集

9. 支付宝小程序信息收集

10. APP信息收集

https://github.com/projectdiscovery/nuclei/blob/master/README_CN.md
https://github.com/smicallef/spiderfoot

11. 网站JS信息收集

https://github.com/Threezh1/JSFinder
https://github.com/GerbenJavado/LinkFinder
https://github.com/rtcatc/Packer-Fuzzer (webpack)
https://github.com/momosecurity/FindSomething

12. 其他信息收集

  • 用户名
  • 密码
  • GitHub
  • 网盘
  • 钉钉
  • 语雀
  • 码云
  • gitree
  • 微信
  • 邮箱
  • 备份文件
  • 知乎
  • 贴吧
  • 社工库


评论区

评论一下~


1+15=?

暂无评论,要不来一发?

回到顶部