\u7231\u7ad9\u7f51\u57df\u540dWHOIS\u4fe1\u606f\u67e5\u8be2\u5730\u5740 \u7ad9\u957f\u5de5\u5177_whois\u67e5\u8be2\u5de5\u5177_\u7231\u7ad9\u7f51<\/a><\/p>\n \u817e\u8baf\u4e91\u57df\u540dWHOIS\u4fe1\u606f\u67e5\u8be2\u5730\u5740 \u57df\u540d\u4fe1\u606f\u67e5\u8be2 – \u817e\u8baf\u4e91<\/a><\/p>\n \u7f8e\u6a59\u4e92\u8054\u57df\u540dWHOIS\u4fe1\u606f\u67e5\u8be2\u5730\u5740 \u7f8e\u6a59\u57df\u540dwhois\u67e5\u8be2-\u57df\u540dwhois\u67e5\u8be2_whois\u67e5\u8be2_whois,\u7f8e\u6a59\u4e92\u8054\u57df\u540dwhois\u4fe1\u606f\u67e5\u8be2\u4e2d\u5fc3.<\/a><\/p>\n \u7231\u540d\u7f51\u57df\u540dWHOIS\u4fe1\u606f\u67e5\u8be2\u5730\u5740 \u57df\u540d\u6ce8\u518c,\u57df\u540d\u67e5\u8be2,\u57df\u540d\u7533\u8bf7\u8d2d\u4e70\u2014\u7231\u540d\u7f51<\/a><\/p>\n \u6613\u540d\u7f51\u57df\u540dWHOIS\u4fe1\u606f\u67e5\u8be2\u5730\u5740 \u57df\u540d Whois\u67e5\u8be2,\u57df\u540d\u6ce8\u518c\u4fe1\u606f\u67e5\u8be2,\u57df\u540d\u7f51\u7ad9\u4fe1\u606f\u67e5\u8be2<\/a><\/p>\n \u4e2d\u56fd\u4e07\u7f51\u57df\u540dWHOIS\u4fe1\u606f\u67e5\u8be2\u5730\u5740whois\u67e5\u8be2_\u57df\u540d\u67e5\u8be2_\u57df\u540d\u4ea4\u6613_\u963f\u91cc\u4e91\u4f01\u822a(\u539f\u4e07\u7f51)-\u963f\u91cc\u4e91<\/a><\/p>\n \u897f\u90e8\u6570\u7801\u57df\u540dWHOIS\u4fe1\u606f\u67e5\u8be2\u5730\u5740 https:\/\/whois.west.cn\/<\/a><\/p>\n \u65b0\u7f51\u57df\u540dWHOIS\u4fe1\u606f\u67e5\u8be2\u5730\u5740 http:\/\/whois.xinnet.com\/domain\/whois\/index.jsp<\/a><\/p>\n \u7eb3\u7f51\u57df\u540dWHOIS\u4fe1\u606f\u67e5\u8be2\u5730\u5740 http:\/\/whois.nawang.cn\/<\/a><\/p>\n \u4e2d\u8d44\u6e90\u57df\u540dWHOIS\u4fe1\u606f\u67e5\u8be2\u5730\u5740 https:\/\/www.zzy.cn\/domain\/whois.html<\/a><\/p>\n \u4e09\u4e94\u4e92\u8054\u57df\u540dWHOIS\u4fe1\u606f\u67e5\u8be2\u5730\u5740 https:\/\/cp.35.com\/chinese\/whois.php<\/a><\/p>\n \u65b0\u7f51\u4e92\u8054\u57df\u540dWHOIS\u4fe1\u606f\u67e5\u8be2\u5730\u5740 http:\/\/www.dns.com.cn\/show\/domain\/whois\/index.do<\/a><\/p>\n \u56fd\u5916WHOIS\u4fe1\u606f\u67e5\u8be2\u5730\u5740 <\/p>\n https:\/\/who.is\/<\/a><\/p>\n \u7f51\u7ad9\u5907\u6848\u4fe1\u606f\u662f\u6839\u636e\u56fd\u5bb6\u6cd5\u5f8b\u6cd5\u89c4\u89c4\u5b9a\uff0c\u7531\u7f51\u7ad9\u6240\u6709\u8005\u5411\u56fd\u5bb6\u6709\u5173\u90e8\u95e8\u7533\u8bf7\u7684\u5907\u6848\uff0c\u5982\u679c\u9700\u8981\u67e5\u8be2\u4f01\u4e1a\u5907\u6848\u4fe1\u606f\uff08\u5355\u4f4d\u540d\u79f0\u3001\u5907\u6848\u7f16\u53f7\u3001\u7f51\u7ad9\u8d1f\u8d23\u4eba\u3001\u7535\u5b50\u90ae\u7bb1\u3001\u8054\u7cfb\u7535\u8bdd\u3001\u6cd5\u4eba\u7b49\uff09\uff0c\u63a8\u8350\u4ee5\u4e0b\u7f51\u7ad9\u67e5\u8be2<\/p>\n \u5929\u773c\u67e5\u5929\u773c\u67e5-\u5546\u4e1a\u67e5\u8be2\u5e73\u53f0_\u4f01\u4e1a\u4fe1\u606f\u67e5\u8be2_\u516c\u53f8\u67e5\u8be2_\u5de5\u5546\u67e5\u8be2_\u4f01\u4e1a\u4fe1\u7528\u4fe1\u606f\u7cfb\u7edf<\/a><\/p>\n ICP\u5907\u6848\u67e5\u8be2\u7f51https:\/\/beian.miit.gov.cn\/#\/Integrated\/index<\/a><\/p>\n \u7231\u7ad9\u5907\u6848\u67e5\u8be2icp\u5907\u6848\u67e5\u8be2_\u7f51\u7ad9\u5907\u6848\u67e5\u8be2_\u57df\u540d\u5907\u6848\u67e5\u8be2_APP\u5907\u6848\u67e5\u8be2_\u5c0f\u7a0b\u5e8f\u5907\u6848\u67e5\u8be2_\u5feb\u5e94\u7528\u5907\u6848\u67e5\u8be2_\u7231\u7ad9\u7f51<\/a><\/p>\n \u57df\u540d\u52a9\u624b\u5907\u6848\u4fe1\u606f\u67e5\u8be2\u57df\u540d\u5de5\u5177_IP\u67e5\u8be2_\u5907\u6848\u57df\u540d\u67e5\u8be2_\u57df\u540d\u5907\u6848_\u57df\u540d\u52a9\u624b<\/a><\/p>\n nsfocus.com.cn<\/p>\n \u901a\u8fc7\u53cd\u67e5\u6ce8\u518c\u4eba\u548c\u90ae\u7bb1\u5f97\u591a\u66f4\u591a\u5f97\u57df\u540d<\/p>\n \u6536\u96c6\u5b50\u57df\u540d\u53ef\u4ee5\u6269\u5927\u6d4b\u8bd5\u8303\u56f4\uff0c\u540c\u4e00\u57df\u540d\u4e0b\u7684\u4e8c\u7ea7\u57df\u540d\u90fd\u5c5e\u4e8e\u76ee\u6807\u8303\u56f4<\/p>\n \u5b50\u57df\u540d\u4e2d\u7684\u5e38\u89c1\u8d44\u4ea7\u7c7b\u578b\u4e00\u822c\u5305\u62ec\u529e\u516c\u7cfb\u7edf\uff0c\u90ae\u7bb1\u7cfb\u7edf\uff0c\u8bba\u575b\uff0c\u5546\u57ce\uff0c\u5176\u4ed6\u7ba1\u7406\u7cfb\u7edf\uff0c\u7f51\u7ad9\u7ba1\u7406\u540e\u53f0\u4e5f\u6709\u53ef\u80fd\u51fa\u73b0\u5b50\u57df\u540d\u4e2d\u3002<\/p>\n \u9996\u5148\u627e\u5230\u76ee\u6807\u7ad9\u70b9\uff0c\u5728\u5b98\u7f51\u4e2d\u53ef\u80fd\u4f1a\u627e\u5230\u76f8\u5173\u8d44\u4ea7\uff08\u591a\u4e3a\u529e\u516c\u7cfb\u7edf\uff0c\u90ae\u7bb1\u7cfb\u7edf\u7b49\uff09\uff0c\u5173\u6ce8\u4e00\u4e0b\u9875\u9762\u5e95\u90e8\uff0c\u4e5f\u8bb8\u6709\u7ba1\u7406\u540e\u53f0\u7b49\u6536\u83b7\u3002<\/p>\n \u67e5\u627e\u76ee\u6807\u57df\u540d\u4fe1\u606f\u7684\u65b9\u6cd5\u6709\uff1a<\/p>\n FOFA title="\u516c\u53f8\u540d\u79f0"<\/p>\n<\/li>\n \u767e\u5ea6 intitle=\u516c\u53f8\u540d\u79f0<\/p>\n<\/li>\n Google intitle=\u516c\u53f8\u540d\u79f0<\/p>\n<\/li>\n \u7ad9\u957f\u4e4b\u5bb6\uff0c\u76f4\u63a5\u641c\u7d22\u540d\u79f0\u6216\u8005\u7f51\u7ad9\u57df\u540d\u5373\u53ef\u67e5\u770b\u76f8\u5173\u4fe1\u606f\uff1a<\/p>\n<\/li>\n<\/ol>\n http:\/\/tool.chinaz.com\/<\/a><\/p>\n https:\/\/www.zoomeye.org\/<\/a><\/p>\n \u627e\u5230\u5b98\u7f51\u540e\uff0c\u518d\u6536\u96c6\u5b50\u57df\u540d\uff0c\u4e0b\u9762\u63a8\u8350\u51e0\u79cd\u5b50\u57df\u540d\u6536\u96c6\u7684\u65b9\u6cd5\uff0c\u76f4\u63a5\u8f93\u5165domain\u5373\u53ef\u67e5\u8be2<\/p>\n A\u8bb0\u5f55\u3001\u522b\u540d\u8bb0\u5f55(CNAME)\u3001MX\u8bb0\u5f55\u3001TXT\u8bb0\u5f55\u3001NS\u8bb0\u5f55<\/p>\n \u662f\u7528\u6765\u6307\u5b9a\u4e3b\u673a\u540d\uff08\u6216\u57df\u540d\uff09\u5bf9\u5e94\u7684IP\u5730\u5740\u8bb0\u5f55\u3002\u7528\u6237\u53ef\u4ee5\u5c06\u8be5\u57df\u540d\u4e0b\u7684\u7f51\u7ad9\u670d\u52a1\u5668\u6307\u5411\u5230\u81ea\u5df1\u7684web server\u4e0a\u3002\u540c\u65f6\u4e5f\u53ef\u4ee5\u8bbe\u7f6e\u60a8\u57df\u540d\u7684\u4e8c\u7ea7\u57df\u540d\u3002<\/p>\n \u4e5f\u88ab\u79f0\u4e3a\u89c4\u8303\u540d\u5b57\u3002\u8fd9\u79cd\u8bb0\u5f55\u5141\u8bb8\u60a8\u5c06\u591a\u4e2a\u540d\u5b57\u6620\u5c04\u5230\u540c\u4e00\u53f0\u8ba1\u7b97\u673a\u3002\u901a\u5e38\u7528\u4e8e\u540c\u65f6\u63d0\u4f9bWWW\u548cMAIL\u670d\u52a1\u7684\u8ba1\u7b97\u673a\u3002\u4f8b\u5982\uff0c\u6709\u4e00\u53f0\u8ba1\u7b97\u673a\u540d\u4e3a\u201chost.mydomain.com\u201d\uff08A\u8bb0\u5f55\uff09\u3002\u5b83\u540c\u65f6\u63d0\u4f9bWWW\u548cMAIL\u670d\u52a1\uff0c\u4e3a\u4e86\u4fbf\u4e8e\u7528\u6237\u8bbf\u95ee\u670d\u52a1\u3002\u53ef\u4ee5\u4e3a\u8be5\u8ba1\u7b97\u673a\u8bbe\u7f6e\u4e24\u4e2a\u522b\u540d\uff08CNAME\uff09\uff1aWWW\u548cMAIL\u3002\u8fd9\u4e24\u4e2a\u522b\u540d\u7684\u5168\u79f0\u5c31\u662f\u201cwww.mydomain.com\u201d\u548c\u201cmail.mydomain.com\u201d\u3002\u5b9e\u9645\u4e0a\u4ed6\u4eec\u90fd\u6307\u5411\u201chost.mydomain.com\u201d\u3002\u540c\u6837\u7684\u65b9\u6cd5\u53ef\u4ee5\u7528\u4e8e\u5f53\u60a8\u62e5\u6709\u591a\u4e2a\u57df\u540d\u9700\u8981\u6307\u5411\u540c\u4e00\u670d\u52a1\u5668IP\uff0c\u6b64\u65f6\u60a8\u5c31\u53ef\u4ee5\u5c06\u4e00\u4e2a\u57df\u540d\u505aA\u8bb0\u5f55\u6307\u5411\u670d\u52a1\u5668IP\u7136\u540e\u5c06\u5176\u4ed6\u7684\u57df\u540d\u505a\u522b\u540d\u5230\u4e4b\u524d\u505aA\u8bb0\u5f55\u7684\u57df\u540d\u4e0a\uff0c\u90a3\u4e48\u5f53\u60a8\u7684\u670d\u52a1\u5668IP\u5730\u5740\u53d8\u66f4\u65f6\u60a8\u5c31\u53ef\u4ee5\u4e0d\u5fc5\u9ebb\u70e6\u7684\u4e00\u4e2a\u4e00\u4e2a\u57df\u540d\u66f4\u6539\u6307\u5411\u4e86\u53ea\u9700\u8981\u66f4\u6539\u505aA\u8bb0\u5f55\u7684\u90a3\u4e2a\u57df\u540d\u5176\u4ed6\u505a\u522b\u540d\u7684\u90a3\u4e9b\u57df\u540d\u7684\u6307\u5411\u4e5f\u5c06\u81ea\u52a8\u66f4\u6539\u5230\u65b0\u7684IP\u5730\u5740\u4e0a\u4e86\u3002<\/p>\n 1\u3001\u8fdb\u5165\u547d\u4ee4\u72b6\u6001\uff1b\uff08\u5f00\u59cb\u83dc\u5355 – \u8fd0\u884c – CMD[\u56de\u8f66]\uff09\uff1b<\/p>\n 2\u3001\u8f93\u5165\u547d\u4ee4" nslookup -q=cname \u8fd9\u91cc\u586b\u5199\u5bf9\u5e94\u7684\u57df\u540d\u6216\u4e8c\u7ea7\u57df\u540d"\uff0c\u67e5\u770b\u8fd4\u56de\u7684\u7ed3\u679c\u4e0e\u8bbe\u7f6e\u7684\u662f\u5426\u4e00\u81f4\u5373\u53ef\u3002<\/p>\n \u662f\u90ae\u4ef6\u4ea4\u6362\u8bb0\u5f55\uff0c\u5b83\u6307\u5411\u4e00\u4e2a\u90ae\u4ef6\u670d\u52a1\u5668\uff0c\u7528\u4e8e\u7535\u5b50\u90ae\u4ef6\u7cfb\u7edf\u53d1\u90ae\u4ef6\u65f6\u6839\u636e\u6536\u4fe1\u4eba\u7684\u5730\u5740\u540e\u7f00\u6765\u5b9a\u4f4d\u90ae\u4ef6\u670d\u52a1\u5668\u3002\u4f8b\u5982\uff0c\u5f53Internet\u4e0a\u7684\u67d0\u7528\u6237\u8981\u53d1\u4e00\u5c01\u4fe1\u7ed9 user@mydomain.com \u65f6\uff0c\u8be5\u7528\u6237\u7684\u90ae\u4ef6\u7cfb\u7edf\u901a\u8fc7DNS\u67e5\u627emydomain.com\u8fd9\u4e2a\u57df\u540d\u7684MX\u8bb0\u5f55\uff0c\u5982\u679cMX\u8bb0\u5f55\u5b58\u5728\uff0c\u7528\u6237\u8ba1\u7b97\u673a\u5c31\u5c06\u90ae\u4ef6\u53d1\u9001\u5230MX\u8bb0\u5f55\u6240\u6307\u5b9a\u7684\u90ae\u4ef6\u670d\u52a1\u5668\u4e0a\u3002<\/p>\n TXT\u8bb0\u5f55\u4e00\u822c\u6307\u4e3a\u67d0\u4e2a\u4e3b\u673a\u540d\u6216\u57df\u540d\u8bbe\u7f6e\u7684\u8bf4\u660e\uff0c\u5982\uff1a<\/p>\n 1\uff09admin IN TXT "jack, mobile:13800138000"\uff1b<\/p>\n 2\uff09mail IN TXT "\u90ae\u4ef6\u4e3b\u673a, \u5b58\u653e\u5728xxx ,\u7ba1\u7406\u4eba\uff1aAAA"\uff0cJim IN TXT "contact: abc@mailserver.com"<\/p>\n \u4e5f\u5c31\u662f\u60a8\u53ef\u4ee5\u8bbe\u7f6e TXT \uff0c\u4ee5\u4fbf\u4f7f\u522b\u4eba\u8054\u7cfb\u5230\u60a8\u3002<\/p>\n \u5982\u4f55\u68c0\u6d4bTXT\u8bb0\u5f55\uff1f<\/p>\n 1\u3001\u8fdb\u5165\u547d\u4ee4\u72b6\u6001\uff1b\uff08\u5f00\u59cb\u83dc\u5355 – \u8fd0\u884c – CMD[\u56de\u8f66]\uff09\uff1b<\/p>\n 2\u3001\u8f93\u5165\u547d\u4ee4" nslookup -q=txt \u8fd9\u91cc\u586b\u5199\u5bf9\u5e94\u7684\u57df\u540d\u6216\u4e8c\u7ea7\u57df\u540d"\uff0c\u67e5\u770b\u8fd4\u56de\u7684\u7ed3\u679c\u4e0e\u8bbe\u7f6e\u7684\u662f\u5426\u4e00\u81f4\u5373\u53ef\u3002<\/p>\n ns\u8bb0\u5f55\u5168\u79f0\u4e3aName Server \u662f\u4e00\u79cd\u57df\u540d\u670d\u52a1\u5668\u8bb0\u5f55\uff0c\u7528\u6765\u660e\u786e\u5f53\u524d\u4f60\u7684\u57df\u540d\u662f\u7531\u54ea\u4e2aDNS\u670d\u52a1\u5668\u6765\u8fdb\u884c\u89e3\u6790\u7684\u3002<\/p>\n https:\/\/www.dnsgrep.cn\/subdomain\/nsfocus.com<\/a><\/p>\n https:\/\/www.douhao.com\/subdomain<\/a><\/p>\n https:\/\/zh.subdomains.whoisxmlapi.com\/lookup<\/a><\/p>\n https:\/\/site.ip138.com\/nsfocus.com.cn\/domain.htm<\/a><\/p>\n https:\/\/dnsdumpster.com\/<\/a><\/p>\n https:\/\/fofa.info\/<\/a><\/p>\n \u8bed\u6cd5\uff1adomain="baidu.com"<\/p>\n \u63d0\u793a\uff1a\u4ee5\u4e0a\u4e24\u79cd\u65b9\u6cd5\u65e0\u9700\u7206\u7834\uff0c\u67e5\u8be2\u901f\u5ea6\u5feb\uff0c\u9700\u8981\u5feb\u901f\u6536\u96c6\u8d44\u4ea7\u65f6\u53ef\u4ee5\u4f18\u5148\u4f7f\u7528\uff0c\u540e\u9762\u518d\u7528\u5176\u4ed6\u65b9\u6cd5\u8865\u5145\u3002<\/p>\n https:\/\/hackertarget.com\/find-dns-host-records\/<\/a><\/p>\n \u6ce8\u610f\uff1a\u901a\u8fc7\u8be5\u65b9\u6cd5\u67e5\u8be2\u5b50\u57df\u540d\u53ef\u4ee5\u5f97\u5230\u4e00\u4e2a\u76ee\u6807\u5927\u6982\u7684ip\u6bb5\uff0c\u63a5\u4e0b\u6765\u53ef\u4ee5\u901a\u8fc7ip\u6765\u6536\u96c6\u4fe1\u606f\u3002<\/p>\n https:\/\/quake.360.net\/quake\/<\/a><\/p>\n pip install aiodns<\/p>\n \u8fd0\u884c\u547d\u4ee4subDomainsBrute.py freebuf.com <\/p>\n subDomainsBrute.py freebuf.com –full -o freebuf2.txt<\/p>\n https:\/\/github.com\/aboul3la\/Sublist3r<\/a><\/p>\n pip install -r requirements.txt<\/p>\n \u63d0\u793a\uff1a\u4ee5\u4e0a\u65b9\u6cd5\u4e3a\u7206\u7834\u5b50\u57df\u540d\uff0c\u7531\u4e8e\u5b57\u5178\u6bd4\u8f83\u5f3a\u5927\uff0c\u6240\u4ee5\u6548\u7387\u8f83\u9ad8\u3002<\/p>\n \u5e2e\u52a9\u6587\u6863<\/strong><\/p>\n usage: sublist3r.py [-h] -d DOMAIN [-b [BRUTEFORCE]] [-p PORTS] [-v [VERBOSE]]<\/p>\n [-t THREADS] [-e ENGINES] [-o OUTPUT] [-n]<\/p>\n OPTIONS:<\/p>\n -h, –help show this help message and exit<\/p>\n -d DOMAIN, –domain DOMAIN<\/p>\n Domain name to enumerate it’s subdomains<\/p>\n -b [BRUTEFORCE], –bruteforce [BRUTEFORCE]<\/p>\n Enable the subbrute bruteforce module<\/p>\n -p PORTS, –ports PORTS<\/p>\n Scan the found subdomains against specified tcp ports<\/p>\n -v [VERBOSE], –verbose [VERBOSE]<\/p>\n Enable Verbosity and display results in realtime<\/p>\n -t THREADS, –threads THREADS<\/p>\n Number of threads to use for subbrute bruteforce<\/p>\n -e ENGINES, –engines ENGINES<\/p>\n Specify a comma-separated list of search engines<\/p>\n -o OUTPUT, –output OUTPUT<\/p>\n Save the results to text file<\/p>\n -n, –no-color Output without color<\/p>\n Example: python sublist3r.py -d google.com<\/p>\n \u4e2d\u6587\u7ffb\u8bd1<\/strong><\/p>\n -h \uff1a\u5e2e\u52a9<\/p>\n -d \uff1a\u6307\u5b9a\u4e3b\u57df\u540d\u679a\u4e3e\u5b50\u57df\u540d<\/p>\n -b \uff1a\u8c03\u7528subbrute\u66b4\u529b\u679a\u4e3e\u5b50\u57df\u540d<\/p>\n -p \uff1a\u6307\u5b9atpc\u7aef\u53e3\u626b\u63cf\u5b50\u57df\u540d<\/p>\n -v \uff1a\u663e\u793a\u5b9e\u65f6\u8be6\u7ec6\u4fe1\u606f\u7ed3\u679c<\/p>\n -t \uff1a\u6307\u5b9a\u7ebf\u7a0b<\/p>\n -e \uff1a\u6307\u5b9a\u641c\u7d22\u5f15\u64ce<\/p>\n -o \uff1a\u5c06\u7ed3\u679c\u4fdd\u5b58\u5230\u6587\u672c<\/p>\n -n \uff1a\u8f93\u51fa\u4e0d\u5e26\u989c\u8272<\/p>\n \u9ed8\u8ba4\u53c2\u6570\u626b\u63cf\u5b50\u57df\u540d<\/strong><\/p>\n python sublist3r.py -d baidu.com <\/p>\n \u4f7f\u7528\u66b4\u529b\u679a\u4e3e\u5b50\u57df\u540d<\/strong><\/p>\n python sublist3r -b -d baidu.com <\/p>\n pip3 install –user -r requirements.txt -i https:\/\/mirrors.aliyun.com\/pypi\/simple\/<\/a><\/p>\n python3 oneforall.py –target baidu.com run \/\u6536\u96c6<\/em>\/<\/p>\n \u7206\u7834\u5b50\u57df\u540d<\/p>\n Example\uff1a<\/p>\n brute.py –target domain.com –word True run<\/p>\n brute.py –targets .\/domains.txt –word True run<\/p>\n brute.py –target domain.com –word True –concurrent 2000 run<\/p>\n brute.py –target domain.com –word True –wordlist subnames.txt run<\/p>\n brute.py –target domain.com –word True –recursive True –depth 2 run<\/p>\n brute.py –target d.com –fuzz True –place m.*.d.com –rule ‘[a-z]’ run<\/p>\n brute.py –target d.com –fuzz True –place m.*.d.com –fuzzlist subnames.txt run<\/p>\n dnsburte.py -d aliyun.com -f dnspod.csv -o aliyun.log<\/p>\n wydomain.py -d aliyun.com <\/p>\n \u9690\u85cf\u8d44\u4ea7\u63a2\u6d4b-hosts\u78b0\u649e<\/p>\n \u5f88\u591a\u65f6\u5019\u8bbf\u95ee\u76ee\u6807\u8d44\u4ea7IP\u54cd\u5e94\u591a\u4e3a\uff1a401\u3001403\u3001404\u3001500\uff0c\u4f46\u662f\u7528\u57df\u540d\u8bf7\u6c42\u5374\u80fd\u8fd4\u56de\u6b63\u5e38\u7684\u4e1a\u52a1\u7cfb\u7edf\uff08\u7981\u6b62IP\u76f4\u63a5\u8bbf\u95ee\uff09\uff0c\u56e0\u4e3a\u8fd9\u5927\u591a\u6570\u90fd\u662f\u9700\u8981\u7ed1\u5b9ahost\u624d\u80fd\u6b63\u5e38\u8bf7\u6c42\u8bbf\u95ee\u7684\uff08\u76ee\u524d\u4e92\u8054\u7f51\u516c\u53f8\u57fa\u672c\u7684\u505a\u6cd5\uff09\uff08\u57df\u540d\u5220\u9664\u4e86A\u8bb0\u5f55\uff0c\u4f46\u662f\u53cd\u4ee3\u7684\u914d\u7f6e\u672a\u66f4\u65b0\uff09\uff0c\u90a3\u4e48\u6211\u4eec\u5c31\u53ef\u4ee5\u901a\u8fc7\u6536\u96c6\u5230\u7684\u76ee\u6807\u7684\u57df\u540d\u548c\u76ee\u6807\u8d44\u4ea7\u7684IP\u6bb5\u7ec4\u5408\u8d77\u6765\uff0c\u4ee5 IP\u6bb5+\u57df\u540d\u7684\u5f62\u5f0f\u8fdb\u884c\u6346\u7ed1\u78b0\u649e\uff0c\u5c31\u80fd\u53d1\u73b0\u5f88\u591a\u6709\u610f\u601d\u7684\u4e1c\u897f\u3002<\/p>\n \u5728\u53d1\u9001http\u8bf7\u6c42\u7684\u65f6\u5019\uff0c\u5bf9\u57df\u540d\u548cIP\u5217\u8868\u8fdb\u884c\u914d\u5bf9\uff0c\u7136\u540e\u904d\u5386\u53d1\u9001\u8bf7\u6c42\uff08\u5c31\u76f8\u5f53\u4e8e\u4fee\u6539\u4e86\u672c\u5730\u7684hosts\u6587\u4ef6\u4e00\u6837\uff09\uff0c\u5e76\u628a\u76f8\u5e94\u7684title\u548c\u54cd\u5e94\u5305\u5927\u5c0f\u62ff\u56de\u6765\u505a\u5bf9\u6bd4\uff0c\u5373\u53ef\u5feb\u901f\u53d1\u73b0\u4e00\u4e9b\u9690\u853d\u7684\u8d44\u4ea7\u3002<\/p>\n \u8fdb\u884chosts\u78b0\u649e\u9700\u8981\u76ee\u6807\u7684\u57df\u540d\u548c\u76ee\u6807\u7684\u76f8\u5173IP\u4f5c\u4e3a\u5b57\u5178<\/p>\n \u57df\u540d\u5c31\u4e0d\u8bf4\u4e86<\/p>\n \u76f8\u5173IP\u6765\u6e90\u6709\uff1a<\/p>\n \u76ee\u6807\u57df\u540d\u5386\u53f2\u89e3\u6790IP<\/p>\n https:\/\/site.ip138.com\/<\/a><\/p>\n https:\/\/ipchaxun.com\/<\/a><\/p>\n ip\u6b63\u5219<\/p>\n https:\/\/www.aicesu.cn\/reg\/<\/a><\/p>\n msscan -p 1-65535 ip –rate=1000<\/p>\n https:\/\/gitee.com\/youshusoft\/GoScanner\/<\/a><\/p>\n \u5e38\u7528\u53c2\u6570\uff0c\u5982\uff1a<\/p>\n nmap -sV 192.168.0.2<\/p>\n nmap -sT 92.168.0.2<\/p>\n nmap -Pn -A -sC 192.168.0.2<\/p>\n nmap -sU -sT -p0-65535 192.168.122.1<\/p>\n \u7528\u4e8e\u626b\u63cf\u76ee\u6807\u4e3b\u673a\u670d\u52a1\u7248\u672c\u53f7\u4e0e\u5f00\u653e\u7684\u7aef\u53e3<\/p>\n \u5982\u679c\u9700\u8981\u626b\u63cf\u591a\u4e2aip\u6216ip\u6bb5\uff0c\u53ef\u4ee5\u5c06\u4ed6\u4eec\u4fdd\u5b58\u5230\u4e00\u4e2atxt\u6587\u4ef6\u4e2d<\/p>\n nmap -iL ip.txt\u6765\u626b\u63cf\u5217\u8868\u4e2d\u6240\u6709\u7684ip\u3002<\/p>\n Nmap\u4e3a\u7aef\u53e3\u63a2\u6d4b\u6700\u5e38\u7528\u7684\u65b9\u6cd5\uff0c\u64cd\u4f5c\u65b9\u4fbf\uff0c\u8f93\u51fa\u7ed3\u679c\u975e\u5e38\u76f4\u89c2\u3002<\/p>\n http:\/\/coolaf.com\/tool\/port<\/a><\/p>\n \u5fa1\u5251\uff0cmsscan\uff0czmap\u7b49<\/p>\n \u5fa1\u5251\u9ad8\u901f\u7aef\u53e3\u626b\u63cf\u5668\uff1a<\/p>\n \u586b\u5165\u60f3\u8981\u626b\u63cf\u7684ip\u6bb5\uff08\u5982\u679c\u53ea\u626b\u63cf\u4e00\u4e2aip\uff0c\u5219\u5f00\u59cbIP\u548c\u7ed3\u675fIP\u586b\u4e00\u4e2a\u5373\u53ef\uff09\uff0c\u53ef\u4ee5\u9009\u62e9\u4e0d\u6539\u9ed8\u8ba4\u7aef\u53e3\u5217\u8868\uff0c\u4e5f\u53ef\u4ee5\u9009\u62e9\u81ea\u5df1\u6307\u5b9a\u7aef\u53e3\u3002<\/p>\n 21,22,23,1433,152,3306,3389,5432,5900,50070,50030,50000,27017,27018,11211,9200,9300,7001,7002,6379,5984,873,443,8000-9090,80-89,80,10000,8888,8649,8083,8080,8089,9090,7778,7001,7002,6082,5984,4440,3312,3311,3128,2601,2604,2222,2082,2083,389,88,512,513,514,1025,111,1521,445,135,139,53<\/p>\n 1.web\u7c7b(web\u6f0f\u6d1e\/\u654f\u611f\u76ee\u5f55)<\/p>\n \u7b2c\u4e09\u65b9\u901a\u7528\u7ec4\u4ef6\u6f0f\u6d1estruts thinkphp jboss ganglia zabbix<\/p>\n 80 web <\/p>\n 80-89 web <\/p>\n 8000-9090 web<\/p>\n 2.\u6570\u636e\u5e93\u7c7b(\u626b\u63cf\u5f31\u53e3\u4ee4)<\/p>\n 1433 MSSQL <\/p>\n 1521 Oracle <\/p>\n 3306 MySQL <\/p>\n 5432 PostgreSQL <\/p>\n 3.\u7279\u6b8a\u670d\u52a1\u7c7b(\u672a\u6388\u6743\/\u547d\u4ee4\u6267\u884c\u7c7b\/\u6f0f\u6d1e)<\/p>\n 443 SSL\u5fc3\u810f\u6ef4\u8840<\/p>\n 873 Rsync\u672a\u6388\u6743<\/p>\n 5984 CouchDB http:\/\/xxx:5984\/_utils\/<\/a> <\/p>\n 6379 redis\u672a\u6388\u6743<\/p>\n 7001,7002 WebLogic\u9ed8\u8ba4\u5f31\u53e3\u4ee4\uff0c\u53cd\u5e8f\u5217<\/p>\n 9200,9300 elasticsearch \u53c2\u8003WooYun: \u591a\u73a9\u67d0\u670d\u52a1\u5668ElasticSearch\u547d\u4ee4\u6267\u884c\u6f0f\u6d1e<\/p>\n 11211 memcache\u672a\u6388\u6743\u8bbf\u95ee<\/p>\n 27017,27018 Mongodb\u672a\u6388\u6743\u8bbf\u95ee<\/p>\n 50000 SAP\u547d\u4ee4\u6267\u884c<\/p>\n 50070,50030 hadoop\u9ed8\u8ba4\u7aef\u53e3\u672a\u6388\u6743\u8bbf\u95ee<\/p>\n 4.\u5e38\u7528\u7aef\u53e3\u7c7b(\u626b\u63cf\u5f31\u53e3\u4ee4\/\u7aef\u53e3\u7206\u7834)<\/p>\n 21 ftp <\/p>\n 22 SSH <\/p>\n 23 Telnet <\/p>\n 2601,2604 zebra\u8def\u7531\uff0c\u9ed8\u8ba4\u5bc6\u7801zebra<\/p>\n 3389 \u8fdc\u7a0b\u684c\u9762<\/p>\n 5.\u7aef\u53e3\u5408\u8ba1\u8be6\u60c5<\/p>\n 21 ftp <\/p>\n 22 SSH <\/p>\n 23 Telnet <\/p>\n 80 web <\/p>\n 80-89 web <\/p>\n 161 SNMP <\/p>\n 389 LDAP <\/p>\n 443 SSL\u5fc3\u810f\u6ef4\u8840\u4ee5\u53ca\u4e00\u4e9bweb\u6f0f\u6d1e\u6d4b\u8bd5<\/p>\n 445 SMB <\/p>\n 512,513,514 Rexec <\/p>\n 873 Rsync\u672a\u6388\u6743<\/p>\n 1025,111 NFS <\/p>\n 1433 MSSQL <\/p>\n 1521 Oracle:(iSqlPlus Port:5560,7778) <\/p>\n 2082\/2083 cpanel\u4e3b\u673a\u7ba1\u7406\u7cfb\u7edf\u767b\u9646\uff08\u56fd\u5916\u7528\u8f83\u591a\uff09<\/p>\n 2222 DA\u865a\u62df\u4e3b\u673a\u7ba1\u7406\u7cfb\u7edf\u767b\u9646\uff08\u56fd\u5916\u7528\u8f83\u591a\uff09<\/p>\n 2601,2604 zebra\u8def\u7531\uff0c\u9ed8\u8ba4\u5bc6\u7801zebra<\/p>\n 3128 squid\u4ee3\u7406\u9ed8\u8ba4\u7aef\u53e3\uff0c\u5982\u679c\u6ca1\u8bbe\u7f6e\u53e3\u4ee4\u5f88\u53ef\u80fd\u5c31\u76f4\u63a5\u6f2b\u6e38\u5185\u7f51\u4e86<\/p>\n 3306 MySQL <\/p>\n 3312\/3311 kangle\u4e3b\u673a\u7ba1\u7406\u7cfb\u7edf\u767b\u9646<\/p>\n 3389 \u8fdc\u7a0b\u684c\u9762<\/p>\n 4440 rundeck \u53c2\u8003WooYun: \u501f\u7528\u65b0\u6d6a\u67d0\u670d\u52a1\u6210\u529f\u6f2b\u6e38\u65b0\u6d6a\u5185\u7f51<\/p>\n 5432 PostgreSQL <\/p>\n 5900 vnc <\/p>\n 5984 CouchDB http:\/\/xxx:5984\/_utils\/<\/a> <\/p>\n 6082 varnish \u53c2\u8003WooYun: Varnish HTTP accelerator CLI \u672a\u6388\u6743\u8bbf\u95ee\u6613\u5bfc\u81f4\u7f51\u7ad9\u88ab\u76f4\u63a5\u7be1\u6539\u6216\u8005\u4f5c\u4e3a\u4ee3\u7406\u8fdb\u5165\u5185\u7f51<\/p>\n 6379 redis\u672a\u6388\u6743<\/p>\n 7001,7002 WebLogic\u9ed8\u8ba4\u5f31\u53e3\u4ee4\uff0c\u53cd\u5e8f\u5217<\/p>\n 7778 Kloxo\u4e3b\u673a\u63a7\u5236\u9762\u677f\u767b\u5f55<\/p>\n 8000-9090 \u90fd\u662f\u4e00\u4e9b\u5e38\u89c1\u7684web\u7aef\u53e3\uff0c\u6709\u4e9b\u8fd0\u7ef4\u559c\u6b22\u628a\u7ba1\u7406\u540e\u53f0\u5f00\u5728\u8fd9\u4e9b\u975e80\u7684\u7aef\u53e3\u4e0a<\/p>\n 8080 tomcat\/WDCP\u4e3b\u673a\u7ba1\u7406\u7cfb\u7edf\uff0c\u9ed8\u8ba4\u5f31\u53e3\u4ee4<\/p>\n 8080,8089,9090 JBOSS <\/p>\n 8083 Vestacp\u4e3b\u673a\u7ba1\u7406\u7cfb\u7edf\uff08\u56fd\u5916\u7528\u8f83\u591a\uff09<\/p>\n 8649 ganglia <\/p>\n 8888 amh\/LuManager \u4e3b\u673a\u7ba1\u7406\u7cfb\u7edf\u9ed8\u8ba4\u7aef\u53e3<\/p>\n 9200,9300 elasticsearch \u53c2\u8003WooYun: \u591a\u73a9\u67d0\u670d\u52a1\u5668ElasticSearch\u547d\u4ee4\u6267\u884c\u6f0f\u6d1e<\/p>\n 10000 Virtualmin\/Webmin \u670d\u52a1\u5668\u865a\u62df\u4e3b\u673a\u7ba1\u7406\u7cfb\u7edf<\/p>\n 11211 memcache\u672a\u6388\u6743\u8bbf\u95ee<\/p>\n 27017,27018 Mongodb\u672a\u6388\u6743\u8bbf\u95ee<\/p>\n 28017 mongodb\u7edf\u8ba1\u9875\u9762<\/p>\n 50000 SAP\u547d\u4ee4\u6267\u884c<\/p>\n 50070,50030 hadoop\u9ed8\u8ba4\u7aef\u53e3\u672a\u6388\u6743\u8bbf\u95ee<\/p>\n \u5982\u679c\u76ee\u6807\u7f51\u7ad9\u4f7f\u7528\u4e86CDN\uff0c\u4f7f\u7528\u4e86cdn\u771f\u5b9e\u7684ip\u4f1a\u88ab\u9690\u85cf\uff0c\u5982\u679c\u8981\u67e5\u627e\u771f\u5b9e\u7684\u670d\u52a1\u5668\u5c31\u5fc5\u987b\u83b7\u53d6\u771f\u5b9e\u7684ip\uff0c\u6839\u636e\u8fd9\u4e2aip\u7ee7\u7eed\u67e5\u8be2\u65c1\u7ad9\u3002<\/p>\n \u6ce8\u610f\uff1a\u5f88\u591a\u65f6\u5019\uff0c\u4e3b\u7ad9\u867d\u7136\u662f\u7528\u4e86CDN\uff0c\u4f46\u5b50\u57df\u540d\u53ef\u80fd\u6ca1\u6709\u4f7f\u7528CDN\uff0c\u5982\u679c\u4e3b\u7ad9\u548c\u5b50\u57df\u540d\u5728\u4e00\u4e2aip\u6bb5\u4e2d\uff0c\u90a3\u4e48\u627e\u5230\u5b50\u57df\u540d\u7684\u771f\u5b9eip\u4e5f\u662f\u4e00\u79cd\u9014\u5f84\u3002<\/p>\n https:\/\/ping.chinaz.com\/<\/a><\/p>\n https:\/\/ping.aizhan.com\/<\/a><\/p>\n \u5728\u67e5\u8be2\u5230\u7684\u5386\u53f2\u89e3\u6790\u8bb0\u5f55\u4e2d\uff0c\u6700\u65e9\u7684\u5386\u53f2\u89e3\u6790ip\u5f88\u6709\u53ef\u80fd\u8bb0\u5f55\u7684\u5c31\u662f\u771f\u5b9eip\uff0c\u5feb\u901f\u67e5\u627e\u771f\u5b9eIP\u63a8\u8350\u6b64\u65b9\u6cd5\uff0c\u4f46\u5e76\u4e0d\u662f\u6240\u6709\u7f51\u7ad9\u90fd\u80fd\u67e5\u5230\u3002<\/p>\n https:\/\/getdns.dnsdb.io\/<\/a><\/p>\n https:\/\/x.threatbook.com\/<\/a><\/p>\n https:\/\/tools.ipip.net\/cdn.php<\/a><\/p>\n https:\/\/viewdns.info\/<\/a><\/p>\n \u5982\u679c\u76ee\u6807\u7f51\u7ad9\u5b58\u5728phpinfo\u6cc4\u9732\u7b49\uff0c\u53ef\u4ee5\u5728phpinfo\u4e2d\u7684SERVER_ADDR\u6216_SERVER[\u201cSERVER_ADDR"]\u627e\u5230\u771f\u5b9eip<\/p>\n https:\/\/www.cnblogs.com\/qiudabai\/p\/9763739.html<\/a><\/p>\n \u65c1\u7ad9\u5f80\u5f80\u5b58\u5728\u4e1a\u52a1\u529f\u80fd\u7ad9\u70b9\uff0c\u5efa\u8bae\u5148\u6536\u96c6\u5df2\u6709IP\u7684\u65c1\u7ad9\uff0c\u518d\u63a2\u6d4bC\u6bb5\uff0c\u786e\u8ba4C\u6bb5\u76ee\u6807\u540e\uff0c\u518d\u5728C\u6bb5\u7684\u57fa\u7840\u4e0a\u518d\u6536\u96c6\u4e00\u6b21\u65c1\u7ad9\u3002<\/p>\n \u65c1\u7ad9\u662f\u548c\u5df2\u77e5\u76ee\u6807\u7ad9\u70b9\u5728\u540c\u4e00\u670d\u52a1\u5668\u4f46\u4e0d\u540c\u7aef\u53e3\u7684\u7ad9\u70b9\uff0c\u901a\u8fc7\u4ee5\u4e0b\u65b9\u6cd5\u641c\u7d22\u5230\u65c1\u7ad9\u540e\uff0c\u5148\u8bbf\u95ee\u4e00\u4e0b\u786e\u5b9a\u662f\u4e0d\u662f\u81ea\u5df1\u9700\u8981\u7684\u7ad9\u70b9\u4fe1\u606f\u3002<\/p>\n \u540cip\u7f51\u7ad9\u67e5\u8be2http:\/\/stool.chinaz.com\/same<\/p>\n https:\/\/chapangzhan.com\/<\/a><\/p>\n https:\/\/blog.csdn.net\/qq_36119192\/article\/details\/84029809<\/a><\/p>\n \u5982FOFA\u641c\u7d22\u65c1\u7ad9\u548cC\u6bb5<\/p>\n \u8be5\u65b9\u6cd5\u6548\u7387\u8f83\u9ad8\uff0c\u5e76\u80fd\u591f\u76f4\u89c2\u5730\u770b\u5230\u7ad9\u70b9\u6807\u9898\uff0c\u4f46\u4e5f\u6709\u4e0d\u5e38\u89c1\u7aef\u53e3\u672a\u6536\u5f55\u7684\u60c5\u51b5\uff0c\u867d\u7136\u8fd9\u79cd\u60c5\u51b5\u5f88\u5c11\uff0c\u4f46\u4e4b\u540e\u8865\u5145\u8d44\u4ea7\u7684\u65f6\u5019\u53ef\u4ee5\u7528\u4e0b\u9762\u7684\u65b9\u6cd5nmap\u626b\u63cf\u518d\u6536\u96c6\u4e00\u904d\u3002<\/p>\n webscan.cc<\/p>\n https:\/\/c.webscan.cc\/<\/a><\/p>\n c\u6bb5\u5229\u7528\u811a\u672c<\/p>\n pip install requests<\/p>\n \u5982\u679c\u60f3\u8981\u5728\u77ed\u65f6\u95f4\u5185\u5feb\u901f\u6536\u96c6\u8d44\u4ea7\uff0c\u90a3\u4e48\u5229\u7528\u7f51\u7edc\u7a7a\u95f4\u641c\u7d22\u5f15\u64ce\u662f\u4e0d\u9519\u7684\u9009\u62e9\uff0c\u53ef\u4ee5\u76f4\u89c2\u5730\u770b\u5230\u65c1\u7ad9\uff0c\u7aef\u53e3\uff0c\u7ad9\u70b9\u6807\u9898\uff0cIP\u7b49\u4fe1\u606f\uff0c\u70b9\u51fb\u5217\u4e3e\u51fa\u7ad9\u70b9\u53ef\u4ee5\u76f4\u63a5\u8bbf\u95ee\uff0c\u4ee5\u6b64\u6765\u5224\u65ad\u662f\u5426\u4e3a\u81ea\u5df1\u9700\u8981\u7684\u7ad9\u70b9\u4fe1\u606f\u3002FOFA\u7684\u5e38\u7528\u8bed\u6cd5<\/p>\n 1\u3001\u540cIP\u65c1\u7ad9\uff1aip="192.168.0.1"<\/p>\n 2\u3001C\u6bb5\uff1aip="192.168.0.0\/24"<\/p>\n 3\u3001\u5b50\u57df\u540d\uff1adomain="baidu.com"<\/p>\n 4\u3001\u6807\u9898\/\u5173\u952e\u5b57\uff1atitle="\u767e\u5ea6"<\/p>\n 5\u3001\u5982\u679c\u9700\u8981\u5c06\u7ed3\u679c\u7f29\u5c0f\u5230\u67d0\u4e2a\u57ce\u5e02\u7684\u8303\u56f4\uff0c\u90a3\u4e48\u53ef\u4ee5\u62fc\u63a5\u8bed\u53e5<\/p>\n title="\u767e\u5ea6"&& region="Beijing"<\/p>\n 6\u3001\u7279\u5f81\uff1abody="\u767e\u5ea6"\u6216header="baidu"<\/p>\n \u626b\u63cf\u654f\u611f\u76ee\u5f55\u9700\u8981\u5f3a\u5927\u7684\u5b57\u5178\uff0c\u9700\u8981\u5e73\u65f6\u79ef\u7d2f\uff0c\u62e5\u6709\u5f3a\u5927\u7684\u5b57\u5178\u80fd\u591f\u66f4\u9ad8\u6548\u5730\u627e\u51fa\u7f51\u7ad9\u7684\u7ba1\u7406\u540e\u53f0\uff0c\u654f\u611f\u6587\u4ef6\u5e38\u89c1\u7684\u5982.git\u6587\u4ef6\u6cc4\u9732\uff0c.svn\u6587\u4ef6\u6cc4\u9732\uff0cphpinfo\u6cc4\u9732\u7b49\uff0c\u8fd9\u4e00\u6b65\u4e00\u534a\u4ea4\u7ed9\u5404\u7c7b\u626b\u63cf\u5668\u5c31\u53ef\u4ee5\u4e86\uff0c\u5c06\u76ee\u6807\u7ad9\u70b9\u8f93\u5165\u5230\u57df\u540d\u4e2d\uff0c\u9009\u62e9\u5bf9\u5e94\u5b57\u5178\u7c7b\u578b\uff0c\u5c31\u53ef\u4ee5\u5f00\u59cb\u626b\u63cf\u4e86\uff0c\u5341\u5206\u65b9\u4fbf\u3002<\/p>\n https:\/\/www.fujieace.com\/hacker\/tools\/yujian.html<\/a><\/p>\n https:\/\/github.com\/7kbstorm\/7kbscan-WebPathBrute<\/a><\/p>\n https:\/\/github.com\/lijiejie\/BBScan<\/a><\/p>\n \u5728pip\u5df2\u7ecf\u5b89\u88c5\u7684\u524d\u63d0\u4e0b\uff0c\u53ef\u4ee5\u76f4\u63a5\uff1a<\/p>\n pip install -r requirements.txt<\/p>\n \u4f7f\u7528\u793a\u4f8b\uff1a<\/p>\n python BBScan.py –host www.target.com<\/a><\/p>\n python BBScan.py –host www.target.com –network 28 <\/p>\n python BBScan.py -f wandoujia.com.txt<\/p>\n python BBScan.py -d targets\/<\/p>\n \u2013network \u53c2\u6570\u7528\u4e8e\u8bbe\u7f6e\u5b50\u7f51\u63a9\u7801\uff0c\u5c0f\u516c\u53f8\u8bbe\u4e3a28~30\uff0c\u4e2d\u7b49\u89c4\u6a21\u516c\u53f8\u8bbe\u7f6e26~28\uff0c\u5927\u516c\u53f8\u8bbe\u4e3a24~26 <\/p>\n \u5f53\u7136\uff0c\u5c3d\u91cf\u907f\u514d\u8bbe\u4e3a24\uff0c\u626b\u63cf\u8fc7\u4e8e\u8017\u65f6\uff0c\u9664\u975e\u662f\u60f3\u5728\u5404SRC\u591a\u5237\u51e0\u4e2a\u6f0f\u6d1e\u3002<\/p>\n \u8be5\u63d2\u4ef6\u662f\u4ece\u5185\u90e8\u626b\u63cf\u5668\u4e2d\u62bd\u79bb\u51fa\u6765\u7684\uff0c\u611f\u8c22 Jekkay Hu<34538980[at]qq.com><\/p>\n \u5982\u679c\u4f60\u6709\u975e\u5e38\u6709\u7528\u7684\u89c4\u5219\uff0c\u8bf7\u627e\u51e0\u4e2a\u7f51\u7ad9\u9a8c\u8bc1\u6d4b\u8bd5\u540e\uff0c\u518d pull request <\/p>\n \u811a\u672c\u8fd8\u4f1a\u4f18\u5316\uff0c\u63a5\u4e0b\u6765\u7684\u4e8b:<\/p>\n \u589e\u52a0\u6709\u7528\u89c4\u5219\uff0c\u5c06\u89c4\u5219\u66f4\u597d\u5730\u5206\u7c7b\uff0c\u7ec6\u5316<\/p>\n \u540e\u7eed\u53ef\u4ee5\u76f4\u63a5\u4ece rulesrequest \u6587\u4ef6\u5939\u4e2d\u5bfc\u5165HTTP_request <\/p>\n \u4f18\u5316\u626b\u63cf\u903b\u8f91<\/p>\n pip install -r requirement.txt<\/p>\n https:\/\/github.com\/H4ckForJob\/dirmap<\/a><\/p>\n \u5355\u4e2a\u76ee\u6807<\/p>\n python3 dirmap.py -i https:\/\/target.com<\/a> -lcf<\/p>\n \u591a\u4e2a\u76ee\u6807<\/p>\n python3 dirmap.py -iF urls.txt -lcf<\/p>\n https:\/\/gitee.com\/Abaomianguan\/dirsearch.git<\/a><\/font><\/u><\/p>\n unzip dirsearch.zip<\/font><\/u><\/p>\n python3 dirsearch.py -u http:\/\/m.scabjd.com\/<\/a> -e * <\/font><\/u><\/p>\n sudo apt-get install gobuster <\/p>\n gobuster dir -u https:\/\/www.servyou.com.cn\/<\/a> -w \/usr\/share\/wordlists\/dirbuster\/directory-list-2.3-medium.txt -x php -t 50<\/p>\n dir -u \u7f51\u5740 w\u5b57\u5178 -x \u6307\u5b9a\u540e\u7f00 -t \u7ebf\u7a0b\u6570\u91cf<\/p>\n dir -u https:\/\/www.servyou.com.cn\/<\/a> -w \/usr\/share\/wordlists\/dirbuster\/directory-list-2.3-medium.txt -x "php,html,rar,zip" -d –wildcard -o servyou.log | grep ^"3402"<\/p>\n robots.txt<\/p>\n<\/li>\n crossdomin.xml<\/p>\n<\/li>\n sitemap.xml<\/p>\n<\/li>\n \u540e\u53f0\u76ee\u5f55<\/p>\n<\/li>\n \u7f51\u7ad9\u5b89\u88c5\u5305<\/p>\n<\/li>\n \u7f51\u7ad9\u4e0a\u4f20\u76ee\u5f55<\/p>\n<\/li>\n mysql\u7ba1\u7406\u9875\u9762<\/p>\n<\/li>\n phpinfo<\/p>\n<\/li>\n \u7f51\u7ad9\u6587\u672c\u7f16\u8f91\u5668<\/p>\n<\/li>\n \u6d4b\u8bd5\u6587\u4ef6<\/p>\n<\/li>\n \u7f51\u7ad9\u5907\u4efd\u6587\u4ef6(.rar\u3001zip\u3001.7z\u3001.tar.gz\u3001.bak)<\/p>\n<\/li>\n DS_Store \u6587\u4ef6<\/p>\n<\/li>\n vim\u7f16\u8f91\u5668\u5907\u4efd\u6587\u4ef6(.swp)<\/p>\n<\/li>\n WEB\u2014INF\/web.xml\u6587\u4ef6<\/p>\n<\/li>\n<\/ol>\n 15 .git<\/p>\n 16 .svn<\/p>\n https:\/\/www.secpulse.com\/archives\/55286.html<\/a><\/p>\n \u4f8b\u5982<\/p>\n config.php<\/p>\n config.php~<\/p>\n config.php.bak<\/p>\n config.php.swp<\/p>\n config.php.rar<\/p>\n conig.php.tar.gz<\/p>\n 1\u3001\u4e2d\u95f4\u4ef6\uff1aweb\u670d\u52a1\u3010Web Servers\u3011 apache iis7 iis7.5 iis8 nginx WebLogic tomcat<\/p>\n 2.\u3001\u7f51\u7ad9\u7ec4\u4ef6\uff1a js\u7ec4\u4ef6jquery\u3001vue \u9875\u9762\u7684\u5e03\u5c40bootstrap<\/p>\n \u901a\u8fc7\u6d4f\u89c8\u5668\u83b7\u53d6<\/p>\n http:\/\/whatweb.bugscaner.com\/look\/<\/a><\/p>\n \u706b\u72d0\u7684\u63d2\u4ef6Wappalyzer<\/p>\n curl\u547d\u4ee4\u67e5\u8be2\u5934\u4fe1\u606f<\/p>\n curl https:\/\/www.moonsec.com<\/a> -i<\/p>\n in:name test #\u4ed3\u5e93\u6807\u9898\u641c\u7d22\u542b\u6709\u5173\u952e\u5b57test<\/p>\n in:descripton test #\u4ed3\u5e93\u63cf\u8ff0\u641c\u7d22\u542b\u6709\u5173\u952e\u5b57<\/p>\n in:readme test #Readme\u6587\u4ef6\u641c\u7d20\u542b\u6709\u5173\u952e\u5b57<\/p>\n \u641c\u7d22\u67d0\u4e9b\u7cfb\u7edf\u7684\u5bc6\u7801<\/p>\n https:\/\/github.com\/search?q=smtp+58.com+password+3306&type=Code<\/a><\/p>\n github \u5173\u952e\u8bcd\u76d1\u63a7<\/p>\n https:\/\/www.codercto.com\/a\/46640.html<\/a><\/p>\n \u8c37\u6b4c\u641c\u7d22<\/p>\n site:Github.com sa password<\/p>\n site:Github.com root password<\/p>\n site:Github.com User ID=’sa’;Password<\/p>\n site:Github.com inurl:sql<\/p>\n SVN \u4fe1\u606f\u6536\u96c6<\/p>\n site:Github.com svn<\/p>\n site:Github.com svn username<\/p>\n site:Github.com svn password<\/p>\n site:Github.com svn username password<\/p>\n \u7efc\u5408\u4fe1\u606f\u6536\u96c6<\/p>\n site:Github.com password<\/p>\n site:Github.com ftp ftppassword<\/p>\n site:Github.com \u5bc6\u7801<\/p>\n site:Github.com \u5185\u90e8<\/p>\n https:\/\/blog.csdn.net\/qq_36119192\/article\/details\/99690742<\/a><\/p>\n http:\/\/www.361way.com\/github-hack\/6284.html<\/a><\/p>\n https:\/\/docs.github.com\/cn\/github\/searching-for-information-on-github\/searching-code<\/a><\/p>\n https:\/\/github.com\/search?q=smtp+bilibili.com&type=code<\/a><\/p>\n site:\u57df\u540d<\/p>\n inurl: url\u4e2d\u5b58\u5728\u7684\u5173\u952e\u5b57\u7f51\u9875<\/p>\n intext\uff1a\u7f51\u9875\u6b63\u6587\u4e2d\u7684\u5173\u952e\u8bcd<\/p>\n filetype:\u6307\u5b9a\u6587\u4ef6\u7c7b\u578b<\/p>\n https:\/\/wooyun.website\/<\/a><\/p>\n \u51cc\u4e91\u641c\u7d22 https:\/\/www.lingfengyun.com\/<\/a><\/p>\n \u76d8\u591a\u591a\uff1ahttp:\/\/www.panduoduo.net\/<\/a><\/p>\n \u76d8\u641c\u641c\uff1ahttp:\/\/www.pansoso.com\/<\/a><\/p>\n \u76d8\u641c\uff1ahttp:\/\/www.pansou.com\/<\/a><\/p>\n \u540d\u5b57\/\u5e38\u7528id\/\u90ae\u7bb1\/\u5bc6\u7801\/\u7535\u8bdd\u767b\u5f55\u7f51\u76d8\u7f51\u7ad9\u90ae\u7bb1\u627e\u654f\u611f\u4fe1\u606f<\/p>\n tg\u673a\u5668\u4eba<\/p>\n www.reg007.com<\/a>\u67e5\u8be2\u7f51\u7ad9\u6ce8\u518c\u4fe1\u606f<\/p>\n \u4e00\u822c\u662f\u914d\u5408\u793e\u5de5\u5e93\u4e00\u8d77\u6765\u4f7f\u7528\u3002<\/p>\n 1.\u7f51\u7ad9\u7684url\u8fde\u63a5\u5199\u5230js\u91cc\u9762<\/p>\n 2.js\u7684api\u63a5\u53e3\u91cc\u9762\u5305\u542b\u7528\u6237\u4fe1\u606f\u6bd4\u5982\u8d26\u53f7\u548c\u5bc6\u7801<\/p>\n https:\/\/gitee.com\/kn1fes\/JSFinder<\/a><\/p>\n python3 JSFinder.py -u http:\/\/www.mi.com<\/a><\/p>\n python3 JSFinder.py -u http:\/\/www.mi.com<\/a> -d<\/p>\n python3 JSFinder.py -u http:\/\/www.mi.com<\/a> -d -ou mi_url.txt -os mi_subdomain.txt<\/p>\n \u5f53\u4f60\u60f3\u83b7\u53d6\u66f4\u591a\u4fe1\u606f\u7684\u65f6\u5019\uff0c\u53ef\u4ee5\u4f7f\u7528-d\u8fdb\u884c\u6df1\u5ea6\u722c\u53d6\u6765\u83b7\u5f97\u66f4\u591a\u5185\u5bb9\uff0c\u5e76\u4f7f\u7528\u547d\u4ee4 -ou, -os\u6765\u6307\u5b9aURL\u548c\u5b50\u57df\u540d\u6240\u4fdd\u5b58\u7684\u6587\u4ef6\u540d<\/p>\n \u6279\u91cf\u6307\u5b9aURL\u548cJS\u94fe\u63a5\u6765\u83b7\u53d6\u91cc\u9762\u7684URL\u3002<\/p>\n \u6307\u5b9aURL\uff1a<\/p>\n python JSFinder.py -f text.txt<\/p>\n \u6307\u5b9aJS\uff1a<\/p>\n python JSFinder.py -f text.txt -j<\/p>\n \u5bfb\u627e\u7f51\u7ad9\u4ea4\u4e92\u63a5\u53e3\u6388\u6743key<\/p>\n \u968f\u7740WEB\u524d\u7aef\u6253\u5305\u5de5\u5177\u7684\u6d41\u884c\uff0c\u60a8\u5728\u65e5\u5e38\u6e17\u900f\u6d4b\u8bd5\u3001\u5b89\u5168\u670d\u52a1\u4e2d\u662f\u5426\u9047\u5230\u8d8a\u6765\u8d8a\u591a\u4ee5Webpack\u6253\u5305\u5668\u4e3a\u4ee3\u8868\u7684\u7f51\u7ad9\uff1f\u8fd9\u7c7b\u6253\u5305\u5668\u4f1a\u5c06\u6574\u7ad9\u7684API\u548cAPI\u53c2\u6570\u6253\u5305\u5728\u4e00\u8d77\u4f9bWeb\u96c6\u4e2d\u8c03\u7528\uff0c\u8fd9\u4e5f\u4fbf\u4e8e\u6211\u4eec\u5feb\u901f\u53d1\u73b0\u7f51\u7ad9\u7684\u529f\u80fd\u548cAPI\u6e05\u5355\uff0c\u4f46\u5f80\u5f80\u8fd9\u4e9b\u6253\u5305\u5668\u6240\u751f\u6210\u7684JS\u6587\u4ef6\u6570\u91cf\u5f02\u5e38\u4e4b\u591a\u5e76\u4e14\u603bJS\u4ee3\u7801\u91cf\u5f02\u5e38\u5e9e\u5927\uff08\u591a\u8fbe\u4e0a\u4e07\u884c\uff09\uff0c\u8fd9\u7ed9\u6211\u4eec\u7684\u624b\u5de5\u6d4b\u8bd5\u5e26\u6765\u4e86\u6781\u5927\u7684\u4e0d\u4fbf\uff0cPacker Fuzzer\u8f6f\u4ef6\u5e94\u8fd0\u800c\u751f\u3002<\/p>\n \u672c\u5de5\u5177\u652f\u6301\u81ea\u52a8\u6a21\u7cca\u63d0\u53d6\u5bf9\u5e94\u76ee\u6807\u7ad9\u70b9\u7684API\u4ee5\u53caAPI\u5bf9\u5e94\u7684\u53c2\u6570\u5185\u5bb9\uff0c\u5e76\u652f\u6301\u5bf9\uff1a\u672a\u6388\u6743\u8bbf\u95ee\u3001\u654f\u611f\u4fe1\u606f\u6cc4\u9732\u3001CORS\u3001SQL\u6ce8\u5165\u3001\u6c34\u5e73\u8d8a\u6743\u3001\u5f31\u53e3\u4ee4\u3001\u4efb\u610f\u6587\u4ef6\u4e0a\u4f20\u4e03\u5927\u6f0f\u6d1e\u8fdb\u884c\u6a21\u7cca\u9ad8\u6548\u7684\u5feb\u901f\u68c0\u6d4b\u3002\u5728\u626b\u63cf\u7ed3\u675f\u4e4b\u540e\uff0c\u672c\u5de5\u5177\u8fd8\u652f\u6301\u81ea\u52a8\u751f\u6210\u626b\u63cf\u62a5\u544a\uff0c\u60a8\u53ef\u4ee5\u9009\u62e9\u4fbf\u4e8e\u5206\u6790\u7684HTML\u7248\u672c\u4ee5\u53ca\u8f83\u4e3a\u6b63\u89c4\u7684doc\u3001pdf\u3001txt\u7248\u672c\u3002<\/p>\n sudo apt-get install nodejs && sudo apt-get install npm<\/p>\n git clone https:\/\/gitee.com\/keyboxdzd\/Packer-Fuzzer.git<\/a><\/p>\n pip3 install -r requirements.txt<\/p>\n python3 PackerFuzzer.py -u https:\/\/www.liaoxuefeng.com<\/a> <\/p>\n \u4e00\u6b3e\u57fa\u4e8ePython\u811a\u672c\u7684JavaScript\u654f\u611f\u4fe1\u606f\u641c\u7d22\u5de5\u5177<\/p>\n https:\/\/gitee.com\/mucn\/SecretFinder<\/a><\/p>\n python3 SecretFinder.py -i https:\/\/www.moonsec.com\/<\/a> -e<\/p>\n http:\/\/www.yunsee.cn\/info.html<\/a><\/p>\n http:\/\/finger.tidesec.net\/<\/a><\/p>\n http:\/\/whatweb.bugscaner.com\/look\/<\/a><\/p>\n https:\/\/github.com\/search?q=cms\u8bc6\u522b<\/a><\/p>\n https:\/\/github.com\/ldbfpiaoran\/cmscan<\/a><\/p>\n https:\/\/github.com\/theLSA\/cmsIdentification\/<\/a><\/p>\n 1\u3001\u5982\u679c\u627e\u5230\u4e86\u76ee\u6807\u7684\u4e00\u5904\u8d44\u4ea7\uff0c\u4f46\u662f\u5bf9\u76ee\u6807\u5176\u4ed6\u8d44\u4ea7\u7684\u6536\u96c6\u65e0\u5904\u4e0b\u624b\u65f6\uff0c\u53ef\u4ee5\u67e5\u770b\u4e00\u4e0b\u8be5\u7ad9\u70b9\u7684body\u91cc\u662f\u5426\u6709\u76ee\u6807\u7684\u7279\u5f81\uff0c\u7136\u540e\u5229\u7528\u7f51\u7edc\u7a7a\u95f4\u641c\u7d22\u5f15\u64ce\uff08\u5982fofa\u7b49\uff09\u5bf9\u8be5\u7279\u5f81\u8fdb\u884c\u641c\u7d22\uff0c\u5982\uff1abody=\u201dXX\u516c\u53f8\u201d\u6216body=\u201dbaidu\u201d\u7b49\u3002<\/p>\n \u8be5\u65b9\u5f0f\u4e00\u822c\u9002\u7528\u4e8e\u7279\u5f81\u660e\u663e\uff0c\u8d44\u4ea7\u6570\u91cf\u8f83\u591a\u7684\u76ee\u6807\uff0c\u5e76\u4e14\u5f88\u591a\u65f6\u5019\u6548\u679c\u62d4\u7fa4\u3002<\/p>\n 2\u3001\u5f53\u901a\u8fc7\u4e0a\u8ff0\u65b9\u5f0f\u7684\u627e\u5230test.com\u7684\u7279\u5f81\u540e\uff0c\u518d\u8fdb\u884cbody\u7684\u641c\u7d22\uff0c\u7136\u540e\u518d\u641c\u7d22\u5230test.com\u7684\u65f6\u5019\uff0c\u6b64\u65f6fofa\u4e0a\u663e\u793a\u7684ip\u5927\u6982\u7387\u4e3atest.com\u7684\u771f\u5b9eIP\u3002<\/p>\n 3\u3001\u5982\u679c\u9700\u8981\u5bf9\u653f\u5e9c\u7f51\u7ad9\u4f5c\u4e3a\u76ee\u6807\uff0c\u90a3\u4e48\u5728\u6279\u91cf\u83b7\u53d6\u7f51\u7ad9\u9996\u9875\u7684\u65f6\u5019\uff0c\u53ef\u4ee5\u7528\u4e0a<\/p>\n http:\/\/114.55.181.28\/databaseInfo\/index<\/a><\/p>\n \u4e4b\u540e\u53ef\u4ee5\u7ed3\u5408\u4e0a\u4e00\u6b65\u7684\u65b9\u6cd5\u8fdb\u884c\u8fdb\u4e00\u6b65\u7684\u4fe1\u606f\u6536\u96c6\u3002<\/p>\n SSL\/TLS\u8bc1\u4e66\u901a\u5e38\u5305\u542b\u57df\u540d\u3001\u5b50\u57df\u540d\u548c\u90ae\u4ef6\u5730\u5740\u7b49\u4fe1\u606f\uff0c\u7ed3\u5408\u8bc1\u4e66\u4e2d\u7684\u4fe1\u606f\uff0c\u53ef\u4ee5\u66f4\u5feb\u901f\u5730\u5b9a\u4f4d\u5230\u76ee\u6807\u8d44\u4ea7\uff0c\u83b7\u53d6\u5230\u66f4\u591a\u76ee\u6807\u8d44\u4ea7\u7684\u76f8\u5173\u4fe1\u606f\u3002<\/p>\n https:\/\/myssl.com\/<\/a><\/p>\n https:\/\/crt.sh<\/a><\/p>\n https:\/\/censys.io<\/a><\/p>\n https:\/\/developers.facebook.com\/tools\/ct\/<\/a><\/p>\n https:\/\/google.com\/transparencyreport\/https\/ct\/<\/a><\/p>\n SSL\u8bc1\u4e66\u641c\u7d22\u5f15\u64ce\uff1a<\/p>\n https:\/\/certdb.com\/domain\/github.com<\/a><\/p>\n https:\/\/crt.sh\/?Identity=%.moonsec.com<\/a><\/p>\n https:\/\/censys.io\/<\/a><\/p>\n GetDomainsBySSL.py<\/p>\n http:\/\/ipwhois.cnnic.net.cn\/index.jsp<\/a><\/p>\n \u73b0\u5728\u5f88\u591a\u4f01\u4e1a\u90fd\u6709\u5c0f\u7a0b\u5e8f\uff0c\u53ef\u4ee5\u5173\u6ce8\u4f01\u4e1a\u7684\u5fae\u4fe1\u516c\u4f17\u53f7\u6216\u8005\u652f\u4ed8\u5b9d\u5c0f\u7a0b\u5e8f\uff0c\u6216\u5173\u6ce8\u8fd0\u8425\u76f8\u5173\u4eba\u5458\uff0c\u67e5\u770b\u670b\u53cb\u5708\uff0c\u83b7\u53d6\u5c0f\u7a0b\u5e8f\u3002<\/p>\n https:\/\/weixin.sogou.com\/weixin?type=1&ie=utf8&query=%E6%8B%BC%E5%A4%9A%E5%A4%9A<\/a><\/p>\n https:\/\/www.qimai.cn\/<\/a><\/p>\n QQ\u7fa4 QQ\u624b\u673a\u53f7<\/p>\n \u5fae\u4fe1\u7fa4<\/p>\n \u9886\u82f1<\/p>\n https:\/\/www.linkedin.com\/<\/a><\/p>\n \u8109\u8109\u62db\u8058<\/p>\n boss\u62db\u8058<\/p>\n https:\/\/github.com\/m4ll0k\/SecretFinder<\/a><\/p>\n https:\/\/github.com\/Threezh1\/JSFinder<\/a><\/p>\n https:\/\/github.com\/rtcatc\/Packer-Fuzzer<\/a><\/p>\n https:\/\/github.com\/0xbug\/Hawkeye<\/a><\/p>\n https:\/\/github.com\/MiSecurity\/x-patrol<\/a><\/p>\n https:\/\/github.com\/VKSRC\/Github-Monitor<\/a><\/p>\n \u5b89\u5168\u9632\u62a4\u4e91waf\u3001\u786c\u4ef6waf\u3001\u4e3b\u673a\u9632\u62a4\u8f6f\u4ef6\u3001\u8f6fwaf<\/p>\n \u5fae\u4fe1\u6216\u8005QQ \u6df7\u5165\u5185\u90e8\u7fa4\uff0c\u8e72\u70b9\u89c2\u6d4b\u3002\u52a0\u5ba2\u670d\u5c0f\u59d0\u59d0\u53d1\u4e00\u4e9b\u8fde\u63a5\u3002\u8fdb\u4e00\u6b65\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002\u6d4b\u8bd5\u4ea7\u54c1\uff0c\u8d2d\u4e70\u670d\u52a1\u5668\uff0c\u62ff\u53bb\u6d4b\u8bd5\u8d26\u53f7\u548c\u5bc6\u7801\u3002<\/p>\n \u5230\u4f01\u4e1a\u529e\u516c\u5c42\u8fde\u63a5wifi\uff0c\u8fde\u540c\u5185\u7f51\u3002\u4e22\u4e00\u4e9b\u5e26\u6709\u540e\u95e8\u7684usb \u5f00\u653e\u514d\u8d39\u7684wifi\u622a\u53d6\u8d26\u53f7\u548c\u5bc6\u7801\u3002<\/p>\n \u5728tg\u627e\u793e\u5de5\u673a\u5668\u4eba\u67e5\u627e\u5bc6\u7801\u4fe1\u606f \u6216\u672c\u5730\u7684\u793e\u5de5\u5e93\u67e5\u627e\u90ae\u7bb1\u6216\u8005\u7528\u6237\u7684\u5bc6\u7801\u6216\u5bc6\u6587\u3002\u7ec4\u5408\u5bc6\u7801\u5728\u8fdb\u884c\u731c\u89e3\u767b\u5f55\u3002<\/p>\n ARL(Asset Reconnaissance Lighthouse)\u8d44\u4ea7\u4fa6\u5bdf\u706f\u5854\u7cfb\u7edf<\/p>\n https:\/\/github.com\/TophantTechnology\/ARL<\/a><\/p>\n AssetsHunter<\/p>\n https:\/\/github.com\/rabbitmask\/AssetsHunter<\/a><\/p>\n \u4e00\u6b3e\u7528\u4e8esrc\u8d44\u4ea7\u4fe1\u606f\u6536\u96c6\u7684\u5de5\u5177<\/p>\n https:\/\/github.com\/sp4rkw\/Reaper<\/a><\/p>\n domain_hunter_pro<\/p>\n https:\/\/github.com\/bit4woo\/domain_hunter_pro<\/a><\/p>\n LangSrcCurise<\/p>\n\u5728\u7ebf\u7f51\u7ad9\u5907\u6848\u67e5\u8be2<\/h1>\n
\u4e3e\u4f8b\u67e5\u8be2\u7eff\u76dfwhois\u4fe1\u606f<\/h2>\n
![\"1745648371389-0cb86970-4c5b-4574-9b8d-0146df9983db.png\"](\"https:\/\/cdn.picui.cn\/vip\/2025\/10\/24\/68fae9a95b218.png\")
<\/p>\n![\"1745648656633-cd252ece-4d38-4d8a-a50f-729e4382b904.png\"](\"https:\/\/cdn.picui.cn\/vip\/2025\/10\/24\/68fae9ac09b8b.png\")
<\/p>\n\u6536\u96c6\u5b50\u57df\u540d<\/h1>\n
\u5b50\u57df\u540d\u4f5c\u7528<\/h2>\n
\u5e38\u7528\u65b9\u5f0f<\/h2>\n
\n
\n
\u57df\u540d\u7c7b\u578b<\/h2>\n
A (Address) \u8bb0\u5f55\uff1a<\/h3>\n
\u522b\u540d(CNAME)\u8bb0\u5f55\uff1a<\/h3>\n
\u5982\u4f55\u68c0\u6d4bCNAME\u8bb0\u5f55\uff1f<\/h3>\n
MX\uff08Mail Exchanger\uff09\u8bb0\u5f55\uff1a<\/h3>\n
\u4ec0\u4e48\u662fTXT\u8bb0\u5f55\uff1f\uff1a<\/h3>\n
\u4ec0\u4e48\u662fNS\u8bb0\u5f55\uff1f<\/h3>\n
\u5b50\u57df\u540d\u5728\u7ebf\u67e5\u8be2<\/h2>\n
![\"1745649200737-d084bfe9-a096-4bd2-9b1f-9479ef3517c6.png\"](\"https:\/\/cdn.picui.cn\/vip\/2025\/10\/24\/68fae9adf3318.png\")
<\/p>\ndns\u4fa6\u6d4b<\/h2>\n
![\"1745649131985-3f2b5399-e5b3-4237-9469-d50cd845e6b0.png\"](\"https:\/\/cdn.picui.cn\/vip\/2025\/10\/24\/68fae9b001a97.png\")
<\/p>\nFOFA\u641c\u7d22\u5b50\u57df\u540d<\/h2>\n
![\"1745649267603-f942b8e5-2f67-4970-8e2e-cfe5ee9818f5.png\"](\"https:\/\/cdn.picui.cn\/vip\/2025\/10\/24\/68fae9b25ff88.png\")
<\/p>\nHackertarget\u67e5\u8be2\u5b50\u57df\u540d<\/h2>\n
360\u6d4b\u7ed8\u7a7a\u95f4<\/h2>\n
Layer\u5b50\u57df\u540d\u6316\u6398\u673a<\/h2>\n
![\"1745649358248-1a2e259e-0d62-47ca-b7ed-d8c299868349.png\"](\"https:\/\/cdn.picui.cn\/vip\/2025\/10\/24\/68fae9b58f18e.png\")
<\/p>\nSubDomainBrute<\/h2>\n
![\"1745649354990-58bfae50-a2b1-4fd2-9a7e-0a32bd3653c2.png\"](\"https:\/\/cdn.picui.cn\/vip\/2025\/10\/24\/68fae9b862507.png\")
<\/p>\nSublist3r<\/h2>\n
OneForALL<\/h2>\n
![\"1745649423617-874159d3-5f65-403b-9af2-2e9dd13cccd9.png\"](\"https:\/\/cdn.picui.cn\/vip\/2025\/10\/24\/68fae9bc0a0a5.png\")
<\/p>\nWydomain<\/h2>\n
FuzzDomain<\/h2>\n
![\"1745649454574-6b271509-40d5-4868-90bd-66c9454920c4.png\"](\"https:\/\/cdn.picui.cn\/vip\/2025\/10\/24\/68fae9bf7684d.png\")
<\/p>\n\u9690\u85cf\u57df\u540dhosts\u78b0\u649e<\/h2>\n
\u7aef\u53e3\u626b\u63cf<\/h1>\n
msscan\u7aef\u53e3\u626b\u63cf<\/h2>\n
\u5fa1\u5251\u7aef\u53e3\u626b\u63cf\u5de5\u5177<\/h2>\n
![\"1745649694831-af8a7301-129c-4937-9de6-a22f0b0260ca.png\"](\"https:\/\/cdn.picui.cn\/vip\/2025\/10\/24\/68fae9c33da2f.png\")
<\/p>\nnmap\u626b\u63cf\u7aef\u53e3\u548c\u63a2\u6d4b\u7aef\u53e3\u4fe1\u606f<\/h2>\n
\u5728\u7ebf\u7aef\u53e3\u68c0\u6d4b<\/h2>\n
![\"1745649750582-b1b00136-ba22-4a00-9b53-d52b2eefe9e0.png\"](\"https:\/\/cdn.picui.cn\/vip\/2025\/10\/24\/68fae9c7680e4.png\")
<\/p>\n\u7aef\u53e3\u626b\u63cf\u5668<\/h2>\n
\u6e17\u900f\u7aef\u53e3<\/h2>\n
\u6e17\u900f\u5e38\u89c1\u7aef\u53e3\u53ca\u5bf9\u5e94\u670d\u52a1<\/h2>\n
\u5e38\u89c1\u7684\u7aef\u53e3\u548c\u653b\u51fb\u65b9\u6cd5<\/h2>\n
![\"1745649826799-e686aecb-e9b7-4167-8e12-7203252606b2.png\"](\"https:\/\/cdn.picui.cn\/vip\/2025\/10\/24\/68fae9ca6904c.png\")
<\/p>\n\u67e5\u627e\u771f\u5b9eip<\/h1>\n
\u591a\u5730ping\u786e\u8ba4\u662f\u5426\u4f7f\u7528CDN<\/h2>\n
![\"1745659252855-f0843197-7cbc-45b8-a608-9eb118462d92.png\"](\"https:\/\/cdn.picui.cn\/vip\/2025\/10\/24\/68fae9cd8e763.png\")
<\/p>\n\u67e5\u8be2\u5386\u53f2DNS\u89e3\u6790\u8bb0\u5f55<\/h2>\n
DNSDB<\/h3>\n
\u5fae\u6b65\u5728\u7ebf<\/h3>\n
lpip.net<\/h3>\n
viewdns<\/h3>\n
phpinfo<\/h2>\n
\u7ed5\u8fc7CDN<\/h2>\n
\u65c1\u7ad9\u548cC\u6bb5<\/h1>\n
\u957f\u4e4b\u5bb6<\/h3>\n
google hacking<\/h2>\n
\u7f51\u7edc\u7a7a\u95f4\u641c\u7d22\u5f15\u64ce<\/h3>\n
\u5728\u7ebfc\u6bb5 webscan.cc<\/h3>\n
#coding:utf-8\nimport requests\nimport json\n\ndef get_c(ip):\nprint(\"\u6b63\u5728\u6536\u96c6{}\".format(ip))\nurl=\"http:\/\/api.webscan.cc\/?action=query&ip={}\".format(ip)\nreq=requests.get(url=url)\nhtml=req.text\ndata=req.json()\nif 'null' not in html:\nwith open(\"resulit.txt\", 'a', encoding='utf-8') as f:\nf.write(ip + 'n')\n f.close()\nfor i in data:\nwith open(\"resulit.txt\", 'a',encoding='utf-8') as f:\nf.write(\"t{} {}n\".format(i['domain'],i['title']))\nprint(\" [+] {} {}[+]\".format(i['domain'],i['title']))\nf.close()\n\ndef get_ips(ip):\niplist=[]\nips_str = ip[:ip.rfind('.')]\nfor ips in range(1, 256):\nipadd=ips_str + '.' + str(ips)\niplist.append(ipadd)\nreturn iplist\n\nip=input(\"\u8bf7\u4f60\u8f93\u5165\u8981\u67e5\u8be2\u7684ip:\")\n\nips=get_ips(ip)\nfor p in ips:\nget_c(p)<\/code><\/pre>\n\u7f51\u7edc\u7a7a\u95f4\u641c\u7d22\u5f15\u64ce<\/h1>\n
\u626b\u63cf\u654f\u611f\u76ee\u5f55\/\u6587\u4ef6<\/h1>\n
\u5fa1\u5251<\/h2>\n
7kbstorm<\/h2>\n
bbscan<\/h2>\n
\n
\n
\n
\n
dirmap<\/h2>\n
dirsearch<\/h2>\n
gobuster<\/h2>\n
\u7f51\u7ad9\u6587\u4ef6<\/h2>\n
\n
\u626b\u63cf\u7f51\u9875\u5907\u4efd<\/h1>\n
\u7f51\u7ad9\u5934\u4fe1\u606f\u6536\u96c6<\/h1>\n
![\"1745661867877-ecd011ec-9a62-47f0-b4ed-4d1a6dc608be.png\"](\"https:\/\/cdn.picui.cn\/vip\/2025\/10\/24\/68fae9d05bcce.png\")
<\/p>\n\u654f\u611f\u6587\u4ef6\u641c\u7d22<\/h1>\n
GitHub\u641c\u7d22<\/h2>\n
Google-hacking<\/h2>\n
wooyun\u6f0f\u6d1e\u5e93<\/h2>\n
\u7f51\u76d8\u641c\u7d22<\/h2>\n
\u793e\u5de5\u5e93<\/h2>\n
\u7f51\u7ad9\u6ce8\u518c\u4fe1\u606f<\/h2>\n
js\u654f\u611f\u4fe1\u606f<\/h2>\n
jsfinder<\/h3>\n
Packer-Fuzzer<\/h3>\n
SecretFinder<\/h3>\n
CMS\u8bc6\u522b<\/h1>\n
\u4e91\u6089<\/h2>\n
\u6f6e\u6c50\u6307\u7eb9<\/h2>\n
CMS\u6307\u7eb9\u8bc6\u522b<\/h2>\n
whatcms<\/h2>\n
![\"1745662046773-d0d5ed25-e9c2-427a-9614-fe61e728d878.png\"](\"https:\/\/cdn.picui.cn\/vip\/2025\/10\/24\/68fae9d37ad5e.png\")
<\/p>\n\u5fa1\u5251cms\u8bc6\u522b<\/h2>\n
\u975e\u5e38\u89c4\u64cd\u4f5c<\/h1>\n
SSL\/TLS\u8bc1\u4e66\u67e5\u8be2<\/h1>\n
\u67e5\u627e\u5382\u5546IP\u6bb5<\/h1>\n
\u79fb\u52a8\u8d44\u4ea7\u6536\u96c6<\/h1>\n
\u5fae\u4fe1\u5c0f\u7a0b\u5e8f\u652f\u4ed8\u5b9d\u5c0f\u7a0b\u5e8f<\/h2>\n
app\u8f6f\u4ef6\u641c\u7d22<\/h2>\n
\u793e\u4ea4\u4fe1\u606f\u641c\u7d22<\/h1>\n
js\u654f\u611f\u6587\u4ef6<\/h1>\n
github\u4fe1\u606f\u6cc4\u9732\u76d1\u63a7<\/h1>\n
\u9632\u62a4\u8f6f\u4ef6\u6536\u96c6<\/h1>\n
\u793e\u5de5\u76f8\u5173<\/h1>\n
\u7269\u7406\u63a5\u89e6<\/h1>\n
\u793e\u5de5\u5e93<\/h1>\n
\u8d44\u4ea7\u6536\u96c6\u795e\u5668<\/h1>\n