外网打点工具概览

信息收集工具

域名收集

网络空间搜索引擎

https://hunter.qianxin.com/

https://fofa.info/

https://quake.360.net/quake/#/index

工具

https://github.com/shmilylty/OneForAll

python oneforall.py --target example.com run
python oneforall.py --targets ./example.txt run

https://github.com/kkbo8005/mitan
https://github.com/honmashironeko/ARL-docker

admin honmashironeko

路径爆破

https://github.com/lemonlove7/dirsearch_bypass403

https://github.com/projectdiscovery/httpx/releases/tag/v1.6.3

httpx -l url.txt -fep -o url_ok.txt  
处理大量url数据,判断是否可访问
httpx -l url.txt -sc -ct -location -favicon -jarm -rt -title -server -probe -asn -fep  -irr -include-chain -ss -j -o jjjj
获取有价值的指纹信息,并截图,将结果以json格式存入文件

IP查询

https://tool.chinaz.com/batchquery#1

端口与C段扫描

nmap

https://www.sooele.com/4342.html

sudo nmap -sS -Pn -n --open --min-hostgroup 4 --min-parallelism 1024  -T4 -v -oN result.txt -p 1-65535 -iL ip2.txt
c段扫描
nmap -sn IP/24

https://github.com/ZororoZ/fscanOutput

https://github.com/shadow1ng/fscan

fscan.exe -h 192.168.1.1/24  -nobr -nopoc  
不进行ssh,redis等爆破和poc验证

系统指纹

https://github.com/kkbo8005/mitan

目录扫描

https://github.com/kkbo8005/mitan

https://github.com/lemonlove7/dirsearch_bypass403

Nday攻击

https://github.com/projectdiscovery/nuclei/releases

nuclei -u http://target.com

https://github.com/zan8in/afrog

afrog -T urls.txt -o result.html
posted @ 2024-06-10 16:10  Ho1d_F0rward  阅读(86)  评论(0)    收藏  举报