10.3. 信息收集¶
10.3.4. 子域爆破¶
- Amass In-depth Attack Surface Mapping and Asset Discovery
- subDomainsBrute
- wydomain
- broDomain
- ESD
- aiodnsbrute
- OneForAll
- subfinder
- altdns Generates permutations, alterations and mutations of subdomains and then resolves them
10.3.5. 域名获取¶
- the art of subdomain enumeration
- sslScrape
- aquatone A Tool for Domain Flyovers
- teemo A Domain Name & Email Address Collection Tool
- DNS DB 历史记录
10.3.6. 弱密码爆破¶
10.3.7. Git信息泄漏¶
- GitHack By lijiejie
- GitHack By BugScan
- GitTools
- Zen
- dig github history
- gitrob Reconnaissance tool for GitHub organizations
- git secrets
- shhgit Find GitHub secrets in real time
- GitHound GitHound pinpoints exposed API keys on GitHub using pattern matching, commit history searching, and a unique result scoring system. A batch-catching, pattern-matching, patch-attacking secret snatcher
- x patrol Github leaked patrol
- GitDorker scrape secrets from GitHub through usage of a large repository of dorks
10.3.8. Github监控¶
- Github Monitor Github Sensitive Information Leakage Monitor
- Github Dorks
- GSIL
- Hawkeye
- gshark
- GitGot
- gitGraber monitor GitHub to search and find sensitive data in real time for different online services
10.3.9. 路径及文件扫描¶
10.3.11. 指纹识别¶
- Wappalyzer
- whatweb
- Wordpress Finger Print
- CMS指纹识别
- JA3 is a standard for creating SSL client fingerprints in an easy to produce and shareable way
- TideFinger
- JARM active Transport Layer Security (TLS) server fingerprinting tool
- fingerprintjs Browser fingerprinting library with the highest accuracy and stability
10.3.13. 端口扫描¶
10.3.14. DNS数据查询¶
10.3.15. DNS关联¶
10.3.16. 云服务¶
10.3.17. 数据查询¶
10.3.18. Password¶
- Probable Wordlists Wordlists sorted by probability originally created for password generation and testing
- Common User Passwords Profiler
- chrome password grabber
- DefaultCreds cheat sheet One place for all the default credentials to assist the pentesters during an engagement
- SuperWordlist