信息收集

1. 企查查-爱企查-天眼查

获取公司及子公司信息

• 域名
• 小程序
• 微信公众号
• APP
• 微博
• 邮箱
• 生活号

https://github.com/cqkenuo/appinfoscanner
https://www.qcc.com/
https://www.tianyancha.com/
https://aiqicha.baidu.com/
Google.com \ baidu.com \ bing.cn

2. 收集子域名

收集目标子域名信息

https://x.threatbook.cn/
https://github.com/shmilylty/OneForAll
Layer子域名挖掘机
https://github.com/lijiejie/subDomainsBrute
https://github.com/Jewel591/SubDomainFinder
https://github.com/aboul3la/Sublist3r
https://github.com/knownsec/ksubdomain
https://github.com/Threezh1/jsFinder
Google.com \ baidu.com \ bing.cn
http://tool.chinaz.com/dns
https://www.dnsdb.io
https://fofa.so/
https://www.zoomeye.org/
https://www.shodan.io/
https://censys.io/
DNSenum
nslookup
https://www.isc.org/download/
https://code.Google.com/archive/p/dnsmap/
https://github.com/0x727/ShuiZe_0x727

3. 域名指纹识别

对上面收集到的域名进行识别

https://github.com/EdgeSecurityTeam/EHole
https://github.com/al0ne/Vxscan
https://github.com/EASY233/Finger
https://github.com/TideSec/TideFinger
https://github.com/urbanadventurer/WhatWeb
https://gobies.org/
https://www.yunsee.cn/
https://github.com/s7ckTeam/Glass
https://github.com/TideSec/TideFinger
https://scan.dyboy.cn/web/
https://fp.shuziguanxing.com/#/
https://builtwith.com/zh/
https://github.com/FortyNorthSecurity/EyeWitness
https://www.yunsee.cn/
https://www.wappalyzer.com/
https://github.com/0x727/ObserverWard
https://github.com/0x727/ShuiZe_0x727
https://github.com/P1-Team/AlliN
https://github.com/dr0op/bufferfly

4. IP收集、C段收集、端口

根据域名收集对应的IP

如果遇到CDN可以考虑以下方法：

• 查看dns解析记录

  1. https://dnsdb.io/zh-cn/ ###DNS查询
     https://x.threatbook.cn/ ###微步在线
     http://toolbar.netcraft.com/site_report?url= ###在线域名信息查询
     http://viewdns.info/ ###DNS、IP等查询
     https://tools.ipip.net/cdn.php ###CDN查询IP
     

• [SecurityTrails](https://securitytrails.com/)平台
• 找子域名的IP
  1. 微步在线
  2. https://dnsdb.io/
     1. xxxx.com.cn type:A
  3. Google
  4. 子域名扫描器
• 网络空间搜索引擎
  1. shodan
  2. fofa
  3. zoomeye
  4. 全球鹰
  5. quake
• SSL证书
• HTTP头
• 利用网站返回内容特征搜索
• 国外主机访问
• 网站漏洞
  1. phpinfo
  2. xss
  3. ssrf
• 邮件订阅（RSS）
• zmap
• F5 LTM

如果没有CDN就直接扫

nmap
masscan
https://github.com/EdgeSecurityTeam/Eeyes
https://github.com/shadow1ng/fscan
https://github.com/Adminisme/ServerScan
https://github.com/EdgeSecurityTeam/EHole

5. 目录扫描

https://github.com/maurosoria/dirsearch
dirbuster
gobuster
dirb
https://github.com/xmendez/wfuzz
https://github.com/foryujian/yjdirscan
https://github.com/H4ckForJob/dirmap

6. 漏洞扫描

nessus
wavs
https://github.com/H4ckForJob/dirmap
https://github.com/chaitin/xray
https://github.com/wgpsec/DBJ
https://github.com/sullo/nikto
https://github.com/zhzyker/vulmap/
https://github.com/projectdiscovery/nuclei
https://github.com/greenbone/openvas-scanner
https://github.com/wpscanteam/wpscan
http://www.encoreconsulting.com/3-10-AppScan.HTML
https://github.com/78778443/QingScan

7. 微信小程序信息收集

8. 微信公众号信息收集

9. 支付宝小程序信息收集

10. APP信息收集

• https://github.com/cqkenuo/appinfoscanner

https://github.com/projectdiscovery/nuclei/blob/master/README_CN.md
https://github.com/smicallef/spiderfoot

11. 网站js信息收集

https://github.com/Threezh1/jsFinder
https://github.com/GerbenJavado/LinkFinder
https://github.com/rtcatc/Packer-Fuzzer (webpack)
https://github.com/momosecurity/FindSomething

12. 其他信息收集

• 用户名
• 密码
• GitHub
• 网盘
• 钉钉
• 语雀
• 码云
• gitree
• 微信
• 邮箱
• 备份文件
• 知乎
• 贴吧
• 社工库
• 等