其他信息
云信息
Aliyun、AWS、GCP、Azure等
查找可公开访问的实例
https://github.com/gwen001/s3-buckets-finder
https://github.com/nccgroup/aws-inventory
https://github.com/jordanpotti/AWSBucketDump
APP反编译
url、js、osskey、api等信息查找
搜集到接口Fuzz常见参数
C段/B段信息
Banner、是否存在目标的后台或其他入口/其他业务系统
工具
recon-ng,theharvester,maltego,exiftool等
https://www.spiderfoot.net/
https://github.com/smicallef/spiderfoot
网页缓存
http://www.cachedpages.com/
https://archive.org/web
图片反查
百度识图、googleimage、tineye
原图查询坐标
Github/Gitee等代码托管平台
https://github.com/dxa4481/truffleHog
https://github.com/lijiejie/GitHack
https://github.com/MiSecurity/x-patrol
https://github.com/az0ne/Github_Nuggests
https://github.com/0xbug/Hawkeye
https://github.com/mazen160/GithubCloner 克隆用户的github
https://github.com/michenriksen/gitrob.git
被入侵网址列表
http://zone-h.org/archive
wooyun镜像查找目标企业曾出现的漏洞
http://wooyun.2xss.cc/
Amass 深入的击面映射和资产发现
https://github.com/OWASP/Amass
>amass intel -org 'Sony Corporation of America' #fetch ASN & CIDR IP Range of a Company
>amass intel -active -asn 3725 -ip #enumerate subdomains & IP Address from ASN
>amass intel -active -asn 3725 #enumerate subdomains only from ASN
>amass intel -active -cidr 160.33.96.0/23 #enumerate subdomains from cidr rang
>amass intel -asn 3725 -whois -d sony.com #enumerate subdomains using asn & whois
>amass enum -d sony.com -active -cidr 160.33.99.0/24,160.33.96.0/23 -asn 3725 #enumerate subdomains using cidr & asn
威胁情报平台
Virustotal:https://www.virustotal.com/gui/home/upload
腾讯哈勃分析系统:https://habo.qq.com/tool/index
微步在线威胁情报:https://x.threatbook.cn/
奇安信威胁情报:https://ti.qianxin.com/
360威胁情报:https://ti.360.net/#/homepage
安恒威胁情报:https://ti.dbappsecurity.com.cn/
火线安全平台:https://www.huoxian.cn
Hacking8安全信息流:https://i.hacking8.com/
零零信安:https://0.zone
最后更新于