马上注册,结交更多好友,享用更多功能,让你轻松玩转社区。
您需要 登录 才可以下载或查看,没有账号?立即注册
x
红队信息收集&移动安全从0-1
企业信息
- 天眼查、企查查、企业信用信息公示系统、企业组织架构
- 企业邮箱收集,企业架构画像、人员统计、人员职责、部门、WiFi、常用部门密码、人员是否泄露过密码、人员平时爱逛的站点、OA/erp/crm/sso/mail/等入口、网络安全设备(waf,ips,ids,router等统计)、内部使用的代码托管平台(gitlab、daocloud等),bug管理平台、服务器域名资产统计
- 注册公司、基金会、校友会、出版社、校医院、
- site:xxx 直属单位/site:xxx 机构设置
- FOFA https://fofa.so (已关闭)
- Quake https://quake.360.cn/quake/#/index
- Hunter https://hunter.qianxin.com
- Censys https://search.censys.io/
- Shadon https://www.shodan.io
- ZoomEye https://www.zoomeye.org
- Sumap https://sumap.dbappsecurity.com.cn/
- Soall https://soall.org/login
常用语法
- title="目标中文名" && country=CN
- title="目标中文名" && region="xx省"
- title="目标中文名" && city="xx市"
- header="目标中文名" && country=CN
- header="目标中文名" && region="xx省"
- header="目标中文名" && city="xx市"
- domain="目标域名"
- host="目标域名"
- cert="目标域名或者证书关键字" && country=CN cert="目标域名或者证书关键字" && region="xx省" cert="目标域名或者证书关键字" && city="xx市" ="目标中文名或者目标域名
- cert="China Merchants Bank" or cert="xx银行" or cert="xxx.com" or cert="xxx"
- icon==""
- #Google
- site:xxx.com "shen份证号"
- site:xxx.com "shen份证号"
- filetype:doc site:xxx.com "shen份证号"
- filetype:xls site:xxx.com "工号"
- site:xxx.com inurl:login
- site:xxx.com inurl:upload
- #Github
- "xxx.com" "shen份证号"
- "xxx.com" "username"
- "xxx.com" "password"
站点注册人注册过的其他网站(对注册人、邮箱、电话的反查),对查到的站点的深入
- 站长之家 http://whois.chinaz.com
- Bugscanner http://whois.bugscaner.com
- 国外BGP https://bgp.he.net
- who.is https://who.is/
一级域名
- 企查查 https://www.qichacha.com
- 天眼查 https://www.tianyancha.com
- 爱企查 https://aiqicha.baidu.com
子域名
- 老站、同样架构或同源码的子站
- 爆破,接口查询
- https://phpinfo.me/domain/
- https://d.chinacycc.com/index.php?m=Login&a=index
- subDomainBrute、knockpy
- OWA发现、dig adfs、dig mail
- https://dns.bufferover.run/dns?q=baidu.com
- http://api.hackertarget.com/reversedns/?q=target.com
- Amass https://github.com/OWASP/Amass
- OneForAll https://github.com/shmilylty/OneForAll
- ksubdomain https://github.com/knownsec/ksubdomain
- subDomainsBrute https://github.com/lijiejie/subDomainsBrute
- Sonar https://omnisint.io/
- 查子域 https://chaziyu.com/ (在线)
- 笨米 https://www.benmi.com/ 挂了
HOST碰撞
- https://github.com/cckuailong/hostscan
- https://github.com/fofapro/Hosts_scan
同站
旁站
- 在线 http://stool.chinaz.com/same
- 在线 https://site.ip138.com
B、C段信息
- Banner、是否存在目标的后台或其他入口/其他业务系统
- ASN BGP路由协议
- 1-64511 公有AS
- 64512-65535 私有AS
- https://www.cidr-report.org/cgi-bin/as-report?as=china&view=2.0
- Ping
- 多地Ping
- 国外Ping
- 查找老域名
- 查找关联域名
- 信息泄露/配置文件
- Phpinfo
- 网页源码
- Svn
- Github
- Shodan/fofa/zoomeye/hunter/360quake/censys
- SSL证书记录
- https://crt.sh/
- https://developers.facebook.com/tools/ct
- https://ui.ctsearch.entrust.com/ui/ctsearchui
- 设置xff/x-remote-ip/x-remote-addr为127.0.0.1/或ipv6地址
- RSS订阅/邮件头
- APP反编译搜索/截取APP的请求信息
- 修改hosts文件指向
- DNS db https://dnsdb.io/zh-cn/
- dns检测 https://tools.ipip.net/dns.php
- Xcdn https://github.com/3xp10it/xcdn
- 在线 https://ipchaxun.com
- DNSdumpster https://dnsdumpster.com/
IP定位
- https://www.opengps.cn/Default.aspx
- https://www.chaipip.com/aiwen.html
- https://cz88.net/
- 网页源代码
- 请求头/响应头
- 网站底部,顶部,左上角右上角
- 网站报错信息
- 域名/install
- CMS漏洞
- 定位版本对应已知漏洞检查
- CMS未知漏洞挖掘
- Web容器已知漏洞(解析漏洞这种)
- 中间件、组件
- Weblogic、tomcat、zabbix、struts、axis等
- WhatWeb https://github.com/urbanadventurer/WhatWeb
- Builtwith https://builtwith.com/zh/
- FortyNorthSecurity https://github.com/FortyNorthSecurity/EyeWitness
- 云悉 https://www.yunsee.cn/
- Wappalyzer https://www.wappalyzer.com/?utm_source=popup&utm_medium=extension&utm_campaign=wappalyzer
- EHole https://github.com/EdgeSecurityTeam/EHole
- TideFinger https://github.com/TideSec/TideFinger
- ObserverWard https://github.com/0x727/ObserverWard
- ShuiZe https://github.com/0x727/ShuiZe_0x727
- AlliN https://github.com/P1-Team/AlliN
- Bufferfly https://github.com/dr0op/bufferfly(初步处理资产小工具)
目录扫描
- Dirmap https://github.com/H4ckForJob/dirmap
- dirsearch https://github.com/maurosoria/dirsearch
JS
- JSFinder https://github.com/Threezh1/JSFinder
- LinkFinder https://github.com/GerbenJavado/LinkFinder
- Packer-Fuzzer https://github.com/rtcatc/Packer-Fuzzer (webpack)
- 搜索关键接口
- 1. config/api
- 2. method:"get"
- 3. http.get("
- 4. method:"post"
- 5. http.post("
- 6. $.ajax
- 7. service.httppost
- 8. service.httpget
- http://www.bulkdachecker.com/url-extractor/
- wafw00f https://github.com/EnableSecurity/wafw00f
蜜罐识别
- https://honeyscore.shodan.io/
- hunter也有
- https://github.com/cnrstar/anti-honeypot 浏览器插件(误报还是挺多的,虚拟机+代理)
- 单引号
- admin/123456
- admin/admin
- 万能密码
- 电话、邮箱,姓名
- 目录遍历
- 网盘文件
- https://www.chaonengsou.com/
- 备份文件
- (www.zip,xx.com.zip,www.xx.com.zip,wwwroot.zip)
- .svn/.git/sql/robots/crossdomin.xml/DS_Store
- 论坛ID=1通常为管理员
- 网页上客服的QQ(先判断是企业的还是个人,用处有时不太大,看怎么用,搞个鱼叉什么的)
- https://default-password.info/
- https://www.routerpasswords.com/
- 国内的百度&日常积累
- http://www.cachedpages.com/
- https://web.archive.org/
- 百度识图、googleimage、tineye
- 原图查询坐标
- QQ、weibo、支付宝、脉脉、知乎、领英、咸鱼、短视频、人人、贴吧、论坛、推特、ins、脸书等
- 手机加入通讯录匹配各个APP用户信息,用户名之类的方便做字典
- Sms
- https://www.materialtools.com/
- http://receivefreesms.com/
- Email
- https://10minutemail.net/
- http://24mail.chacuo.net/
- https://zh.mytrashmailer.com/
- http://24mail.chacuo.net/enus
- https://www.linshiyouxiang.net/
- Fake id
- https://www.fakenamegenerator.com/
- http://www.haoweichi.com/
- https://www.fakeaddressgenerator.com/
- https://hunter.io/
- http://www.veryvp.com/
- https://www.email-format.com/
- https://www.yingyanso.cn/
- https://verifyemailaddress.com/ 邮箱有效确认
- theHarvester
- 企查查
- github
- 脉脉
- 库
- snov.io插件
- 库
- https://haveibeenpwned.com/
- https://github.com/dxa4481/truffleHog
- https://github.com/lijiejie/GitHack
- https://github.com/MiSecurity/x-patrol
- https://github.com/az0ne/Github_Nuggests
- http://zone-h.org/archive
- 乌云镜像: https://wooyun.x10sec.org
- Seebug: https://www.seebug.org
- Exploit Database: https://www.exploit-db.com
- Vulners: https://vulners.com
- Sploitus: https://sploitus.com
- 小蓝本 https://www.xiaolanben.com/pc
- 七麦 https://www.qimai.cn
- AppStore https://www.apple.com/app-store
- 点点 https://www.diandian.com/
- url、js、osskey、api等信息查找
- 搜集到接口进行FUZZ
- https://github.com/TheKingOfDuck/ApkAnalyser
- https://github.com/kelvinBen/AppInfoScanner
- 幸运破解器(慎用)https://nalankang.lanzouo.com/b00u06nfa
- 核心破解(慎用)
- BlackDex https://nalankang.lanzoui.com/b00um84kf
- fdex2 https://nalankang.lanzoui.com/iBdENqkpmng
- 微脱壳 https://nalankang.lanzoui.com/iFfamqkpmoh
- 反射大师 https://nalankang.lanzoui.com/b00v2j5ud
- APK Editor https://nalankang.lanzoui.com/b00u06q0d
- Apktool https://nalankang.lanzoui.com/b00uud6kf
- NP管理器 https://nalankang.lanzoui.com/b00u7565e
- Android Killer
- 以上的下载暗码:ojbk
绕过限制抓包
- HttpCanary(小黄鸟) https://nalankang.lanzoui.com/b00usn91c(可不ROOT)
- Wicap https://nalankang.lanzoui.com/b00usn8te (安卓抓包用处不是很大)
- Packet Capture https://nalankang.lanzoui.com/b00usn8yj (免ROOT抓包)
- JustTrustMe++ https://github.com/JunGe-Y/JustTrustMePP (目前测试效果最好的)
- Fildder + BP (主流) 会有https的题目
- Mitmproxy 配合py脚本做流量处理,或者单纯的脱一下https
- Charles(使用比较少)
公众号
- https://weixin.sogou.com
- 微信搜索
- https://www.xiaolanben.com/pc
- 微信直接搜索
- 小程序的更多信息
- Nuclei https://github.com/projectdiscovery/nuclei
- Spiderfoot https://github.com/smicallef/spiderfoot
免责声明:如果侵犯了您的权益,请联系站长,我们会及时删除侵权内容,谢谢合作!更多信息从访问主页:qidao123.com:ToB企服之家,中国第一个企服评测及商务社交产业平台。 |
