Neurohazard
暮雲煙月,皓首窮經;森羅萬象,如是我聞。

子域名/资产发现解决方案

wpadmin~March 9, 2019 /InfoSec

子域名/资产发现解决方案

工具

Sublist3r (子域名)
https://github.com/aboul3la/Sublist3r

OWASP AMASS (子域名)
https://github.com/caffix/amass

subcollect
https://github.com/smelond/subcollect

!/bin/bash
mkdir $1
touch $1/$1.txt
amass active -d $1 | tee /root/tools/amass/$1/$1.txt

Subfinder (子域名)
https://github.com/subfinder/subfinder

~/tools/subfinder/subfinder.sh

!/bin/bash
mkdir $1
touch $1/$1.txt
subfinder -d $1 | tee /root/tools/subfinder/$1/$1.txt

子域名字典(基于 GoogleBigQuery)
https://github.com/assetnote/commonspeak2-wordlists/tree/master/subdomains

子域名字典 (TBHM3) all.txt
https://gist.github.com/jhaddix/86a06c5dc309d08580a018c66354a056

也可以考虑基于 Rapid7 Project Sonar 的数据来制作子域名字典。
subdomain_enum_tools

https://github.com/lijiejie/subDomainsBrute

https://github.com/s0md3v/Photon

(PDF文档)
https://github.com/Jumbo-WJB/JPentest

接口
https://account.spyse.com/subscription

部分参考资料

LevelUp 0x02 – Bug Bounty Hunter Methodology v3
https://www.youtube.com/watch?v=Qw1nNPiH_Go

Slide
https://docs.google.com/presentation/d/1R-3eqlt31sL7_rj2f1_vGEqqb7hcx4vxX_L7E23lJVo/edit#slide=id.p

Leave a Reply

Your email address will not be published. Required fields are marked *