域名收集
<div style="white-space: pre-wrap; text-align: left; line-height: 1.75; font-size: 14px"> </div><div>
<ul style="margin: 0">
<li style="text-align: left; line-height: 1.75; font-size: 16px; list-style-position: inside; white-space: pre-wrap; list-style-type: disc; font-family: "Microsoft YaHei", STXihei; color: rgba(0, 0, 0, 1); font-weight: bold; font-style: normal; text-decoration: none"><span style="font-size: 16px; font-weight: bold">注册信息</span></li>
<li style="text-align: left; line-height: 1.75; font-size: 16px; list-style-position: inside; white-space: pre-wrap; list-style-type: disc; font-family: "Microsoft YaHei", STXihei; color: rgba(0, 0, 0, 1); font-weight: bold; font-style: normal; text-decoration: none"><span style="font-size: 16px; font-weight: bold">域名对应的真实IP</span></li>
<li style="text-align: left; line-height: 1.75; font-size: 16px; list-style-position: inside; white-space: pre-wrap; list-style-type: disc; font-family: "Microsoft YaHei", STXihei; color: rgba(0, 0, 0, 1); font-weight: bold; font-style: normal; text-decoration: none"><span style="font-size: 16px; font-weight: bold">子域名</span></li>
<li style="text-align: left; line-height: 1.75; font-size: 16px; list-style-position: inside; white-space: pre-wrap; list-style-type: disc; font-family: "Microsoft YaHei", STXihei; color: rgba(0, 0, 0, 1); font-weight: bold; font-style: normal; text-decoration: none"><span style="font-size: 16px; font-weight: bold">IP反查</span></li>
<li style="text-align: left; line-height: 1.75; font-size: 16px; list-style-position: inside; white-space: pre-wrap; list-style-type: disc; font-family: "Microsoft YaHei", STXihei; color: rgba(0, 0, 0, 1); font-weight: bold; font-style: normal; text-decoration: none"><span style="font-size: 16px; font-weight: bold">域名服务器</span></li>
<li style="text-align: left; line-height: 1.75; font-size: 16px; list-style-position: inside; white-space: pre-wrap; list-style-type: disc; font-family: "Microsoft YaHei", STXihei; color: rgba(0, 0, 0, 1); font-weight: bold; font-style: normal; text-decoration: none"><span style="font-size: 16px; font-weight: bold">邮件服务器</span></li>
<li style="text-align: left; line-height: 1.75; font-size: 16px; list-style-position: inside; white-space: pre-wrap; list-style-type: disc; font-family: "Microsoft YaHei", STXihei; color: rgba(0, 0, 0, 1); font-weight: bold; font-style: normal; text-decoration: none"><span style="font-size: 16px; font-weight: bold">旁站</span></li>
<li style="text-align: left; line-height: 1.75; font-size: 16px; list-style-position: inside; white-space: pre-wrap; list-style-type: disc; font-family: "Microsoft YaHei", STXihei; color: rgba(0, 0, 0, 1); font-weight: bold; font-style: normal; text-decoration: none"><span style="font-size: 16px; font-weight: bold">C段</span></li>
</ul>
</div>
<div style="white-space: pre-wrap; text-align: left; line-height: 1.75; font-size: 14px"><span style="font-size: 18px; font-weight: bold">1.注册信息</span></div>
<div style="white-space: pre-wrap; text-indent: 28px; text-align: left; line-height: 1.75; font-size: 14px"><span style="font-size: 16px; font-weight: bold">whois查询:</span></div>
<div style="white-space: pre-wrap; text-indent: 56px; text-align: left; line-height: 1.75; font-size: 14px">域名Whois查询 - 站长之家 http://whois.chinaz.com/</div>
<div style="white-space: pre-wrap; text-indent: 56px; text-align: left; line-height: 1.75; font-size: 14px">爱站网 https://whois.aizhan.com/</div>
<div style="white-space: pre-wrap; text-indent: 56px; text-align: left; line-height: 1.75; font-size: 14px">ip138 https://site.ip138.com/</div>
<div style="white-space: pre-wrap; text-indent: 56px; text-align: left; line-height: 1.75; font-size: 14px">whoislookup https://www.whois.net/</div>
<div style="white-space: pre-wrap; text-indent: 56px; text-align: left; line-height: 1.75; font-size: 14px">icann https://lookup.icann.org/</div>
<div style="white-space: pre-wrap; text-indent: 56px; text-align: left; line-height: 1.75; font-size: 14px">腾讯云 https://whois.cloud.tencent.com/domain?domain=</div>
<div style="white-space: pre-wrap; text-indent: 56px; text-align: left; line-height: 1.75; font-size: 14px">nicolasbouliane http://nicolasbouliane.com/utils/whois/?url=http://baidu.com</div>
<div style="white-space: pre-wrap; text-indent: 56px; text-align: left; line-height: 1.75; font-size: 14px">新网whois http://whois.xinnet.com/</div>
<div style="white-space: pre-wrap; text-indent: 56px; text-align: left; line-height: 1.75; font-size: 14px">站长之家 <span style="color: rgba(0, 56, 132, 1); text-decoration: underline">http://tool.chinaz.com/ipwhois/</span></div>
<div style="white-space: pre-wrap; text-indent: 56px; text-align: left; line-height: 1.75; font-size: 14px">爱站网:<span style="color: rgba(0, 56, 132, 1); text-decoration: underline">https://www.aizhan.com/</span></div>
<div style="white-space: pre-wrap; text-indent: 56px; text-align: left; line-height: 1.75; font-size: 14px"><span style="color: rgba(57, 57, 57, 1)">去查网:<span style="color: rgba(0, 56, 132, 1); text-decoration: underline">http://www.7c.com/</span></span></div>
<div style="white-space: pre-wrap; text-indent: 56px; text-align: left; line-height: 1.75; font-size: 14px"><span style="color: rgba(57, 57, 57, 1)">yougetsignal:<span style="color: rgba(0, 56, 132, 1); text-decoration: underline">https://www.yougetsignal.com/</span></span></div>
<div style="white-space: pre-wrap; margin-left: 28px; text-align: left; line-height: 1.75; font-size: 14px"><span style="font-size: 16px; font-weight: bold">备案信息查询:</span></div>
<div style="white-space: pre-wrap; text-indent: 56px; text-align: left; line-height: 1.75; font-size: 14px">ICP备案查询网 http://www.beianbeian.com/</div>
<div style="white-space: pre-wrap; text-indent: 56px; text-align: left; line-height: 1.75; font-size: 14px">ICP备案查询-站长工具 http://icp.chinaz.com/</div>
<div style="white-space: pre-wrap; text-indent: 56px; text-align: left; line-height: 1.75; font-size: 14px">SEO综合查询-爱站 https://www.aizhan.com/seo/</div>
<div style="white-space: pre-wrap; text-indent: 56px; text-align: left; line-height: 1.75; font-size: 14px">批量查询-站长工具 http://icp.chinaz.com/searchs</div>
<div style="white-space: pre-wrap; text-indent: 56px; text-align: left; line-height: 1.75; font-size: 14px">工业和信息化部ICP/IP/域名信息备案管理 http://www.beian.miit.gov.cn/publish/query/indexFirst.action</div>
<div style="white-space: pre-wrap; text-indent: 56px; text-align: left; line-height: 1.75; font-size: 14px">美国企业备案查询 https://www.sec.gov/edgar/searchedgar/companysearch.html</div>
<div style="white-space: pre-wrap; text-indent: 28px; text-align: left; line-height: 1.75; font-size: 14px"><span style="font-size: 16px; font-weight: bold">信用信息查询:</span></div>
<div style="white-space: pre-wrap; text-indent: 56px; text-align: left; line-height: 1.75; font-size: 14px">国家企业信用信息公示系统 http://www.gsxt.gov.cn/index.html</div>
<div style="white-space: pre-wrap; text-indent: 56px; text-align: left; line-height: 1.75; font-size: 14px">悉知-全国企业信息查询 http://company.xizhi.com/</div>
<div style="white-space: pre-wrap; text-indent: 56px; text-align: left; line-height: 1.75; font-size: 14px">信用中国 https://www.creditchina.gov.cn/</div>
<div style="white-space: pre-wrap; text-align: left; line-height: 1.75; font-size: 14px"> </div>
<div style="white-space: pre-wrap; text-indent: 28px; text-align: left; line-height: 1.75; font-size: 14px"><span style="font-size: 16px; font-weight: bold">浏览器插件:</span></div>
<div style="white-space: pre-wrap; text-indent: 56px; text-align: left; line-height: 1.75; font-size: 14px">myip.ms</div>
<div style="white-space: pre-wrap; text-indent: 56px; text-align: left; line-height: 1.75; font-size: 14px">TCPIPUTILS</div>
<div style="white-space: pre-wrap; text-indent: 56px; text-align: left; line-height: 1.75; font-size: 14px">DNSlytics</div>
<div style="white-space: pre-wrap; text-indent: 56px; text-align: left; line-height: 1.75; font-size: 14px"> </div>
<div style="white-space: pre-wrap; text-align: left; line-height: 1.75; font-size: 14px"><span style="font-size: 18px; font-weight: bold">2.域名对应的真实IP—nslookup、dig</span></div>
<div style="white-space: pre-wrap; text-align: left; line-height: 1.75; font-size: 14px"><span style="font-size: 16px"> <span style="font-size: 16px; font-weight: bold">CDN简介</span></span></div>
<div style="white-space: pre-wrap; text-align: left; line-height: 1.75; font-size: 14px">CDN的全称是Content Delivery Network,即内容分发网络。其基本思路是尽可能避开互联网上有可能影响数据传输速度和稳定性的瓶颈和环节,使内容传输的更快、更稳定。通过在网络各处放置节点服务器所构成的在现有的互联网基础之上的一层智能虚拟网络,CDN系统能够实时地根据网络流量和各节点的连接、负载状况以及到用户的距离和响应时间等综合信息将用户的请求重新导向离用户最近的服务节点上。</div>
<div style="white-space: pre-wrap; text-align: left; line-height: 1.75; font-size: 14px"><span style="font-size: 16px; font-weight: bold">国内外CND</span></div>
<div style="white-space: pre-wrap; text-align: left; line-height: 1.75; font-size: 14px">阿里云</div>
<div style="white-space: pre-wrap; text-align: left; line-height: 1.75; font-size: 14px">腾讯云</div>
<div style="white-space: pre-wrap; text-align: left; line-height: 1.75; font-size: 14px">百度云</div>
<div style="white-space: pre-wrap; text-align: left; line-height: 1.75; font-size: 14px">网宿科技(ChinanNet Center)</div>
<div style="white-space: pre-wrap; text-align: left; line-height: 1.75; font-size: 14px">蓝汛</div>
<div style="white-space: pre-wrap; text-align: left; line-height: 1.75; font-size: 14px">金山云</div>
<div style="white-space: pre-wrap; text-align: left; line-height: 1.75; font-size: 14px">UCloud</div>
<div style="white-space: pre-wrap; text-align: left; line-height: 1.75; font-size: 14px">网易云</div>
<div style="white-space: pre-wrap; text-align: left; line-height: 1.75; font-size: 14px">世纪互联</div>
<div style="white-space: pre-wrap; text-align: left; line-height: 1.75; font-size: 14px">七牛云</div>
<div style="white-space: pre-wrap; text-align: left; line-height: 1.75; font-size: 14px">京东云</div>
<div style="white-space: pre-wrap; text-align: left; line-height: 1.75; font-size: 14px">Akamai(阿卡迈)</div>
<div style="white-space: pre-wrap; text-align: left; line-height: 1.75; font-size: 14px">Limelight Networks(简称LLNW)</div>
<div style="white-space: pre-wrap; text-align: left; line-height: 1.75; font-size: 14px">AWS Cloud(亚马逊)</div>
<div style="white-space: pre-wrap; text-align: left; line-height: 1.75; font-size: 14px">Google(谷歌)</div>
<div style="white-space: pre-wrap; text-align: left; line-height: 1.75; font-size: 14px">Comcast(康卡斯特)</div>
<div style="white-space: pre-wrap; text-align: left; line-height: 1.75; font-size: 14px"><span style="font-size: 32px; font-weight: bold">判断目标是否存在CDN</span></div>
<div style="white-space: pre-wrap; text-align: left; line-height: 1.75; font-size: 14px"><span style="font-size: 18px; font-weight: bold">Ping目标主域</span></div>
<div style="white-space: pre-wrap; text-align: left; line-height: 1.75; font-size: 14px">通常通过ping目标主域,观察域名的解析情况,以此来判断其是否使用了CDN</div>
<div style="white-space: pre-wrap; text-align: left; line-height: 1.75; font-size: 14px">对京东ping,观察域名的解析情况,可以看到京东采用了自家CDN</div>
<div style="text-align: left; float: none">
<div style="text-align: left; float: none"><img style="width: 620px" data-media-type="image" data-attr-org-src-id="96ACCE9F47F947758ED037FB1B02482E"></div>
</div>
<div style="white-space: pre-wrap; text-align: left; line-height: 1.75; font-size: 14px"><span style="font-size: 18px; font-weight: bold">Nslookup</span></div>
<div style="white-space: pre-wrap; text-align: left; line-height: 1.75; font-size: 14px"><span style="font-size: 18px; font-weight: bold">Nslookup默认解析</span></div>
<div style="white-space: pre-wrap; text-align: left; line-height: 1.75; font-size: 14px">若解析结果有多个,很有可能存在CDN,相反,若解析结果有一个,可能不存在CDN(不能肯定)</div>
<div style="text-align: left; float: none"><img alt="" style="width: 620px" data-media-type="image" data-attr-org-src-id="97E2F9465AB241CF9C05EE8B89CB3F8A"></div>
<div style="white-space: pre-wrap; text-align: left; line-height: 1.75; font-size: 14px"><span style="font-size: 18px; font-weight: bold">多地Ping</span></div>
<div style="white-space: pre-wrap; text-align: left; line-height: 1.75; font-size: 14px">利用全国多地区的ping服务器操作,然后对比每个地区ping出的IP结果,查看这些IP是否一致, 如果都是一样的,极有可能不存在CDN。如果IP大多不太一样或者规律性很强,可以尝试查询这些IP的归属地,判断是否存在CDN。</div>
<div style="white-space: pre-wrap; text-align: left; line-height: 1.75; font-size: 14px">Ping检测-站长工具: <span style="color: rgba(0, 56, 132, 1); text-decoration: underline">http://ping.chinaz.com</span></div>
<div style="white-space: pre-wrap; text-align: left; line-height: 1.75; font-size: 14px">17CE: <span style="color: rgba(0, 56, 132, 1); text-decoration: underline">https://www.17ce.com/</span></div>
<div style="white-space: pre-wrap; text-align: left; line-height: 1.75; font-size: 14px">ipip: <span style="color: rgba(0, 56, 132, 1); text-decoration: underline">https://tools.ipip.net/newping.php</span></div>
<div style="white-space: pre-wrap; text-align: left; line-height: 1.75; font-size: 14px"><span style="font-size: 18px; color: rgba(57, 57, 57, 1); font-weight: bold">绕过cdn找真实ip</span></div>
<div style="white-space: pre-wrap; text-align: left; line-height: 1.75; font-size: 14px"><span style="font-size: 16px; font-weight: bold">内部邮箱源</span></div>
<div style="white-space: pre-wrap; text-align: left; line-height: 1.75; font-size: 14px">一般的邮件系统都在内部,没有经过CDN的解析,通过利用目标网站的邮箱注册、找回密码或者RSS订阅等功能,查看邮件、寻找邮件头中的邮件服务器域名IP,ping这个邮件服务器的域名,就可以获得目标的真实IP。</div>
<div style="white-space: pre-wrap; text-align: left; line-height: 1.75; font-size: 14px">注意:必须是目标自己的邮件服务器,第三方或公共邮件服务器是没有用的。</div>
<div style="text-align: left; float: none"><img alt="" style="width: 620px" data-media-type="image" data-attr-org-src-id="79C8F4F0BCDC42549F6CA8F881D17DEB"></div>
<div style="white-space: pre-wrap; text-align: left; line-height: 1.75; font-size: 14px"><span style="font-size: 16px; font-weight: bold">国外请求</span></div>
<div style="white-space: pre-wrap; text-align: left; line-height: 1.75; font-size: 14px">很多时候国内的CDN对国外得覆盖面并不是很广,故此可以利用此特点进行探测。通过国外代理访问就能查看真实IP了,或者通过国外的DNS解析,可能就能得到真实的IP。</div>
<div style="white-space: pre-wrap; text-align: left; line-height: 1.75; font-size: 14px"><span style="font-size: 16px; font-weight: bold">国际Ping:</span></div>
<div style="white-space: pre-wrap; text-align: left; line-height: 1.75; font-size: 14px">https://asm.ca.com/en/ping.php</div>
<div style="white-space: pre-wrap; text-align: left; line-height: 1.75; font-size: 14px">https://tools.ipip.net/newping.php</div>
<div style="white-space: pre-wrap; text-align: left; line-height: 1.75; font-size: 14px"><span style="font-size: 16px; font-weight: bold">国外DNS解析:</span></div>
<div style="white-space: pre-wrap; text-align: left; line-height: 1.75; font-size: 14px">结合nslookup进行请求</div>
<div style="white-space: pre-wrap; text-align: left; line-height: 1.75; font-size: 14px">dns大全:http://www.ab173.com/dns/dns_world.php</div>
<div style="white-space: pre-wrap; text-align: left; line-height: 1.75; font-size: 14px"><span style="font-size: 18px; font-weight: bold">分站域名&C段查询</span></div>
<div style="white-space: pre-wrap; text-align: left; line-height: 1.75; font-size: 14px">很多网站主站的访问量会比较大,所以主站都是挂CDN的,但是分站可能没有挂CDN,可以通过ping二级域名获取分站IP, 可能会出现分站和主站不是同一个IP但在同一个C段下面的情况,从而能判断出目标的真实IP段。</div>
<div style="white-space: pre-wrap; text-align: left; line-height: 1.75; font-size: 14px"><span style="font-size: 16px; font-weight: bold">分站域名</span></div>
<div style="white-space: pre-wrap; text-align: left; line-height: 1.75; font-size: 14px">收集方法见:https://www.cnblogs.com/Yang34/p/12727145.html</div>
<div style="white-space: pre-wrap; text-align: left; line-height: 1.75; font-size: 14px"><span style="font-size: 16px; font-weight: bold">C段查询</span></div>
<div style="white-space: pre-wrap; text-align: left; line-height: 1.75; font-size: 14px">在线查询 https://phpinfo.me/bing.php</div>
<div style="white-space: pre-wrap; text-align: left; line-height: 1.75; font-size: 14px">利用网络搜索 https://www.fofa.so/ https://www.shodan.io/</div>
<div style="white-space: pre-wrap; text-align: left; line-height: 1.75; font-size: 14px"><span style="font-size: 16px; font-weight: bold">查询域名解析记录</span></div>
<div style="white-space: pre-wrap; text-align: left; line-height: 1.75; font-size: 14px">dnsdb https://www.dnsdb.io/zh-cn/</div>
<div style="white-space: pre-wrap; text-align: left; line-height: 1.75; font-size: 14px">NETCRAFT https://sitereport.netcraft.com/?url=</div>
<div style="white-space: pre-wrap; text-align: left; line-height: 1.75; font-size: 14px">viewdns https://viewdns.info/</div>
<div style="white-space: pre-wrap; text-align: left; line-height: 1.75; font-size: 14px">threatbook https://x.threatbook.cn/</div>
<div style="white-space: pre-wrap; text-align: left; line-height: 1.75; font-size: 14px">securitytrails https://securitytrails.com/</div>
<div style="white-space: pre-wrap; text-align: left; line-height: 1.75; font-size: 14px"> </div>
<div style="white-space: pre-wrap; text-align: left; line-height: 1.75; font-size: 14px"><span style="font-size: 18px; font-weight: bold">3.子域名</span></div>
<div style="white-space: pre-wrap; text-align: left; line-height: 1.75; font-size: 14px">dnsmap、fierce 、dnsdict6</div>
<div style="white-space: pre-wrap; text-align: left; line-height: 1.75; font-size: 14px"><span style="font-size: 16px; font-weight: bold">在线平台:</span></div>
<div style="white-space: pre-wrap; text-indent: 28px; text-align: left; line-height: 1.75; font-size: 14px"><span style="font-size: 18px; font-weight: bold">第三方平台查询</span></div>
<div style="white-space: pre-wrap; text-indent: 56px; text-align: left; line-height: 1.75; font-size: 14px">ip138 https://site.ip138.com/</div>
<div style="white-space: pre-wrap; text-indent: 56px; text-align: left; line-height: 1.75; font-size: 14px">站长工具 http://tool.chinaz.com/subdomain/?domain=</div>
<div style="white-space: pre-wrap; text-indent: 56px; text-align: left; line-height: 1.75; font-size: 14px">hackertarget https://hackertarget.com/find-dns-host-records/</div>
<div style="white-space: pre-wrap; text-indent: 56px; text-align: left; line-height: 1.75; font-size: 14px">t1h2ua https://www.t1h2ua.cn/tools/</div>
<div style="white-space: pre-wrap; text-indent: 56px; text-align: left; line-height: 1.75; font-size: 14px">dnsdumpster https://dnsdumpster.com/</div>
<div style="white-space: pre-wrap; text-indent: 56px; text-align: left; line-height: 1.75; font-size: 14px">chinacycc https://d.chinacycc.com/index.php?m=Login&a=index</div>
<div style="white-space: pre-wrap; text-indent: 56px; text-align: left; line-height: 1.75; font-size: 14px">zcjun http://z.zcjun.com/</div>
<div style="white-space: pre-wrap; text-indent: 56px; text-align: left; line-height: 1.75; font-size: 14px">phpinfo https://phpinfo.me/domain/</div>
<div style="white-space: pre-wrap; text-indent: 56px; text-align: left; line-height: 1.75; font-size: 14px">ximcx http://sbd.ximcx.cn/</div>
<div style="white-space: pre-wrap; text-indent: 28px; text-align: left; line-height: 1.75; font-size: 14px"><span style="font-size: 18px; font-weight: bold">权重综合查询</span></div>
<div style="white-space: pre-wrap; text-indent: 56px; text-align: left; line-height: 1.75; font-size: 14px">爱站 http://rank.chinaz.com/all/</div>
<div style="white-space: pre-wrap; text-indent: 56px; text-align: left; line-height: 1.75; font-size: 14px">站长工具 https://www.aizhan.com/seo/</div>
<div style="white-space: pre-wrap; text-indent: 28px; text-align: left; line-height: 1.75; font-size: 14px"><span style="font-size: 18px; font-weight: bold">全国政府网站基本数据库</span></div>
<div style="white-space: pre-wrap; text-indent: 56px; text-align: left; line-height: 1.75; font-size: 14px">http://114.55.181.28/databaseInfo/index</div>
<div style="white-space: pre-wrap; text-indent: 28px; text-align: left; line-height: 1.75; font-size: 14px"><span style="font-size: 18px; font-weight: bold">IP反查绑定域名网站</span></div>
<div style="white-space: pre-wrap; text-indent: 56px; text-align: left; line-height: 1.75; font-size: 14px">chinaz http://s.tool.chinaz.com/same?s</div>
<div style="white-space: pre-wrap; text-indent: 56px; text-align: left; line-height: 1.75; font-size: 14px">aizhan https://dns.aizhan.com/</div>
<div style="white-space: pre-wrap; text-indent: 56px; text-align: left; line-height: 1.75; font-size: 14px">webscan.cc https://webscan.cc/</div>
<div style="white-space: pre-wrap; text-align: left; line-height: 1.75; font-size: 14px"><span style="font-size: 16px; font-weight: bold">资产搜索引擎:</span></div>
<div style="white-space: pre-wrap; text-indent: 28px; text-align: left; line-height: 1.75; font-size: 14px">Google语法查询 site:baidu.com</div>
<div style="white-space: pre-wrap; text-indent: 28px; text-align: left; line-height: 1.75; font-size: 14px">FOFA语法查询 domain="baidu.com"</div>
<div style="white-space: pre-wrap; text-align: left; line-height: 1.75; font-size: 14px"><span style="font-size: 16px; font-weight: bold">工具枚举:</span></div>
<div style="white-space: pre-wrap; text-indent: 28px; text-align: left; line-height: 1.75; font-size: 14px">OneForAll 项目地址:https://github.com/shmilylty/OneForAll 命令:python3 oneforall.py --target=target.com run</div>
<div style="white-space: pre-wrap; text-align: left; line-height: 1.75; font-size: 14px">Layer</div>
<div style="white-space: pre-wrap; text-indent: 28px; text-align: left; line-height: 1.75; font-size: 14px">subDomainsBrute 项目地址:https://github.com/lijiejie/subDomainsBrute 命令:python subDomainsbrute.py xtarget.com</div>
<div style="white-space: pre-wrap; text-indent: 28px; text-align: left; line-height: 1.75; font-size: 14px">Sublist3r 项目地址:https://github.com/aboul3la/Sublist3r 命令:python sublist3r.py -d target.com -b -t 50 -p 80,443,21,22</div>
<div style="white-space: pre-wrap; text-align: left; line-height: 1.75; font-size: 14px">K8</div>
<div style="white-space: pre-wrap; text-indent: 28px; text-align: left; line-height: 1.75; font-size: 14px">wydomain</div>
<div style="white-space: pre-wrap; text-indent: 28px; text-align: left; line-height: 1.75; font-size: 14px">dnsmaper</div>
<div style="white-space: pre-wrap; text-indent: 28px; text-align: left; line-height: 1.75; font-size: 14px">dnsbrute</div>
<div style="white-space: pre-wrap; text-indent: 28px; text-align: left; line-height: 1.75; font-size: 14px">Findomain</div>
<div style="white-space: pre-wrap; text-indent: 28px; text-align: left; line-height: 1.75; font-size: 14px">fierce等</div>
<div style="white-space: pre-wrap; text-align: left; line-height: 1.75; font-size: 14px"><span style="font-size: 18px; font-weight: bold">证书透明度公开日志枚举:</span></div>
<div style="white-space: pre-wrap; text-align: left; line-height: 1.75; font-size: 14px"><span style="font-size: 16px; font-weight: bold">在线第三方平台查询</span></div>
<div style="white-space: pre-wrap; text-align: left; line-height: 1.75; font-size: 14px">crt.sh https://crt.sh/?q=baidu.com</div>
<div style="white-space: pre-wrap; text-align: left; line-height: 1.75; font-size: 14px">censys https://www.censys.io/certificates?q=baidu.com</div>
<div style="white-space: pre-wrap; text-align: left; line-height: 1.75; font-size: 14px">myssl https://myssl.com/</div>
<div style="white-space: pre-wrap; text-align: left; line-height: 1.75; font-size: 14px"><span style="font-size: 16px; font-weight: bold">工具枚举查询</span></div>
<div style="white-space: pre-wrap; text-align: left; line-height: 1.75; font-size: 14px">Findomain 项目地址:https://github.com/Edu4rdSHL/findomain 子域名收集:findomain -t target.com 使用所有API搜索子域并将数据导出到CSV文件:findomain -t target.com -a -o csv</div>
<div style="white-space: pre-wrap; text-align: left; line-height: 1.75; font-size: 14px"><span style="font-size: 18px; font-weight: bold">DNS历史解析:</span></div>
<div style="white-space: pre-wrap; text-align: left; line-height: 1.75; font-size: 14px">https://www.dnsdb.io/zh-cn/</div>
<div style="white-space: pre-wrap; text-align: left; line-height: 1.75; font-size: 14px">https://viewdns.info/</div>
<div style="white-space: pre-wrap; text-align: left; line-height: 1.75; font-size: 14px"><span style="font-size: 18px; font-weight: bold">4.IP反查与域名反查<span style="font-size: 32px; font-weight: bold">:</span></span></div>
<div style="white-space: pre-wrap; text-align: left; line-height: 1.75; font-size: 14px">https://dnslytics.com/</div>
<div style="white-space: pre-wrap; text-align: left; line-height: 1.75; font-size: 14px">https://x.threatbook.cn/</div>
<div style="white-space: pre-wrap; text-align: left; line-height: 1.75; font-size: 14px"><span style="font-size: 18px; font-weight: bold">浏览器插件:</span></div>
<div style="white-space: pre-wrap; text-align: left; line-height: 1.75; font-size: 14px">myip.ms</div>
<div style="white-space: pre-wrap; text-align: left; line-height: 1.75; font-size: 14px">TCPIPUTILS</div>
<div style="white-space: pre-wrap; text-align: left; line-height: 1.75; font-size: 14px">DNSlytics</div>
<div style="white-space: pre-wrap; text-align: left; line-height: 1.75; font-size: 14px"> </div>
<div style="white-space: pre-wrap; text-align: left; line-height: 1.75; font-size: 14px"><span style="font-size: 18px; font-weight: bold">5.域名服务器</span></div>
<div style="white-space: pre-wrap; text-indent: 28px; text-align: left; line-height: 1.75; font-size: 14px">fierce、dnsenum、dnsdict6</div>
<div style="white-space: pre-wrap; text-align: left; line-height: 1.75; font-size: 14px"><span style="font-size: 18px; font-weight: bold">6.邮件服务器</span></div>
<div style="white-space: pre-wrap; text-indent: 28px; text-align: left; line-height: 1.75; font-size: 14px">denenum、dnsdict6</div>
<div style="white-space: pre-wrap; text-align: left; line-height: 1.75; font-size: 14px"> </div>
<div style="white-space: pre-wrap; text-align: left; line-height: 1.75; font-size: 14px"><span style="font-size: 18px; font-weight: bold">7.IP反查、旁站、C段</span></div>
<div style="white-space: pre-wrap; text-indent: 56px; text-align: left; line-height: 1.75; font-size: 14px">fierce</div>
<div style="white-space: pre-wrap; text-indent: 56px; text-align: left; line-height: 1.75; font-size: 14px"><span style="color: rgba(0, 56, 132, 1); text-decoration: underline">https://dns.aizhan.com/</span></div>
<div style="white-space: pre-wrap; text-indent: 56px; text-align: left; line-height: 1.75; font-size: 14px"><span style="color: rgba(0, 56, 132, 1); text-decoration: underline">http://www.webscan.cc/</span></div>
<div style="white-space: pre-wrap; text-align: left; line-height: 1.75; font-size: 14px"> </div>
<div style="white-space: pre-wrap; text-align: left; line-height: 1.75; font-size: 14px">参考博客<span style="color: rgba(0, 56, 132, 1); text-decoration: underline">https://www.cnblogs.com/Yang34/p/12727145.html</span></div><br><br>
来源:https://www.cnblogs.com/kjiji/p/13858785.html
頁:
[1]