其他信息

云信息

Aliyun、AWS、GCP、Azure等
查找可公开访问的实例
https://github.com/gwen001/s3-buckets-finder
https://github.com/nccgroup/aws-inventory
https://github.com/jordanpotti/AWSBucketDump

APP反编译

url、js、osskey、api等信息查找
搜集到接口Fuzz常见参数

C段/B段信息

Banner、是否存在目标的后台或其他入口/其他业务系统

工具

recon-ng,theharvester,maltego,exiftool等
https://www.spiderfoot.net/
https://github.com/smicallef/spiderfoot

网页缓存

http://www.cachedpages.com/
https://archive.org/web

图片反查

百度识图、googleimage、tineye
原图查询坐标

Github/Gitee等代码托管平台

https://github.com/dxa4481/truffleHog
https://github.com/lijiejie/GitHack
https://github.com/MiSecurity/x-patrol
https://github.com/az0ne/Github_Nuggests
https://github.com/0xbug/Hawkeye
https://github.com/mazen160/GithubCloner 克隆用户的github
https://github.com/michenriksen/gitrob.git

被入侵网址列表

http://zone-h.org/archive
wooyun镜像查找目标企业曾出现的漏洞
http://wooyun.2xss.cc/

Amass 深入的击面映射和资产发现

https://github.com/OWASP/Amass 
  >amass intel -org 'Sony Corporation of America'  #fetch ASN & CIDR IP Range of a Company
  >amass intel -active -asn 3725 -ip   #enumerate subdomains & IP Address from ASN
  >amass intel -active -asn 3725    #enumerate subdomains only from ASN 
  >amass intel -active -cidr 160.33.96.0/23   #enumerate subdomains from cidr rang
  >amass intel -asn 3725 -whois -d sony.com   #enumerate subdomains using asn & whois
  >amass enum -d sony.com -active -cidr 160.33.99.0/24,160.33.96.0/23 -asn 3725   #enumerate subdomains using cidr & asn

威胁情报平台

Virustotal:https://www.virustotal.com/gui/home/upload
腾讯哈勃分析系统:https://habo.qq.com/tool/index
微步在线威胁情报:https://x.threatbook.cn/
奇安信威胁情报:https://ti.qianxin.com/
360威胁情报:https://ti.360.net/#/homepage
安恒威胁情报:https://ti.dbappsecurity.com.cn/
火线安全平台:https://www.huoxian.cn
Hacking8安全信息流:https://i.hacking8.com/
零零信安:https://0.zone

最后更新于