信息收集

1. 企查查-爱企查-天眼查

获取公司及子公司信息

域名
小程序
微信公众号
APP
微博
邮箱
生活号

https://github.com/cqkenuo/appinfoscanner
https://www.qcc.com/
https://www.tianyancha.com/
https://aiqicha.baidu.com/
google.com \ baidu.com \ bing.cn

2. 收集子域名

收集目标子域名信息

https://x.threatbook.cn/
https://github.com/shmilylty/OneForAll
Layer子域名挖掘机
https://github.com/lijiejie/subDomainsBrute
https://github.com/Jewel591/SubDomainFinder
https://github.com/aboul3la/Sublist3r
https://github.com/knownsec/ksubdomain
https://github.com/Threezh1/JSFinder
google.com \ baidu.com \ bing.cn
http://tool.chinaz.com/dns
https://www.dnsdb.io
https://fofa.so/
https://www.zoomeye.org/
https://www.shodan.io/
https://censys.io/
DNSenum
nslookup
https://www.isc.org/download/
https://code.google.com/archive/p/dnsmap/
https://github.com/0x727/ShuiZe_0x727

3. 域名指纹识别

对上面收集到的域名进行识别

https://github.com/EdgeSecurityTeam/EHole
https://github.com/al0ne/Vxscan
https://github.com/EASY233/Finger
https://github.com/TideSec/TideFinger
https://github.com/urbanadventurer/WhatWeb
https://gobies.org/
https://www.yunsee.cn/
https://github.com/s7ckTeam/Glass
https://github.com/TideSec/TideFinger
https://scan.dyboy.cn/web/
https://fp.shuziguanxing.com/#/
https://builtwith.com/zh/
https://github.com/FortyNorthSecurity/EyeWitness
https://www.yunsee.cn/
https://www.wappalyzer.com/
https://github.com/0x727/ObserverWard
https://github.com/0x727/ShuiZe_0x727
https://github.com/P1-Team/AlliN
https://github.com/dr0op/bufferfly

4. IP收集、C段收集、端口

根据域名收集对应的IP

如果遇到CDN可以考虑以下方法：

查看dns解析记录

https://dnsdb.io/zh-cn/ ###DNS查询
https://x.threatbook.cn/ ###微步在线
http://toolbar.netcraft.com/site_report?url= ###在线域名信息查询
http://viewdns.info/ ###DNS、IP等查询
https://tools.ipip.net/cdn.php ###CDN查询IP

[SecurityTrails](https://securitytrails.com/)平台
找子域名的IP
1. 微步在线
2. https://dnsdb.io/
  1. xxxx.com.cn type:A
3. google
4. 子域名扫描器
网络空间搜索引擎
1. shodan
2. fofa
3. zoomeye
4. 全球鹰
5. quake
SSL证书
HTTP头
利用网站返回内容特征搜索
国外主机访问
网站漏洞
1. phpinfo
2. xss
3. ssrf
邮件订阅（RSS）
zmap
F5 LTM

如果没有CDN就直接扫

nmap
masscan
https://github.com/EdgeSecurityTeam/Eeyes
https://github.com/shadow1ng/fscan
https://github.com/Adminisme/ServerScan
https://github.com/EdgeSecurityTeam/EHole

5. 目录扫描

https://github.com/maurosoria/dirsearch
dirbuster
gobuster
dirb
https://github.com/xmendez/wfuzz
https://github.com/foryujian/yjdirscan
https://github.com/H4ckForJob/dirmap

6. 漏洞扫描

nessus
wavs
https://github.com/H4ckForJob/dirmap
https://github.com/chaitin/xray
https://github.com/wgpsec/DBJ
https://github.com/sullo/nikto
https://github.com/zhzyker/vulmap/
https://github.com/projectdiscovery/nuclei
https://github.com/greenbone/openvas-scanner
https://github.com/wpscanteam/wpscan
http://www.encoreconsulting.com/3-10-AppScan.html
https://github.com/78778443/QingScan

7. 微信小程序信息收集

8. 微信公众号信息收集

9. 支付宝小程序信息收集

10. APP信息收集

https://github.com/cqkenuo/appinfoscanner

1 2	`https://github.com/projectdiscovery/nuclei/blob/master/README_CN.md` `https://github.com/smicallef/spiderfoot`

11. 网站JS信息收集

https://github.com/Threezh1/JSFinder
https://github.com/GerbenJavado/LinkFinder
https://github.com/rtcatc/Packer-Fuzzer (webpack)
https://github.com/momosecurity/FindSomething