渗透测试-情报收集阶段-CSDN博客

本文链接：https://blog.csdn.net/kangsfcc/article/details/143821041

免责声明：本项目所有工具、代码均来源于互联网公开资源，未进行任何安全性验证！仅供个人学习研究使用，严禁用于任何非法用途或未授权测试！

渗透测试的前提：拿到纸质的授权书，没有授权书不做任何攻击。牢记天网恢恢疏而不漏

一、经典面试题：渗透测试的流程是什么

1.前期交互阶段

与客户进行讨论，确定目标、范围、资源、时间等。获取纸质的授权书，明确合法性。

2.情报收集阶段

3.威胁建模阶段

4.漏洞分析阶段

5.渗透攻击阶段

6.后渗透阶段

7.报告阶段

二、情报收集概述

信息收集被认为是最重要的一步,要有广度和深度。

信息收集分为主动信息收集，被动信息收集

主动信息收集：直接与目标主机交互，发送数据包来获取信息

被动信息收集：利用外部网站间接收集目标信息。一些网站已经记录了目标的相关信息,我们可以利用这些网站直接获取信息。如获取网站的子域名信息，不需要对目标网站爆破扫描，可以利用dns的记录信息等获取网站的子域名信息。

根据PTES标准收集信息

三、信息收集的一些网站和工具

利用网站进行信息收集

利用外部网站对目标进行信息收集（干货，典藏版）_站长之家端口-CSDN博客

利用工具进行信息收集

子域名发现

https://github.com/guelfoweb/knock/tree/4.1/knockpy
https://github.com/aboul3la/Sublist3r
https://github.com/TheRook/subbrute
https://github.com/ring04h/wydomain
https://github.com/euphrat1ca/LayerDomainFinder
https://github.com/shmilylty/OneForAll
https://github.com/blark/aiodnsbrute
https://github.com/ring04h/wydomain
https://github.com/michenriksen/aquatone
https://github.com/nsonaniya2010/SubDomainizer
https://github.com/infosec-au/altdns

目录或者API接口发现

https://github.com/assetnote/kiterunner
https://github.com/OJ/gobuster
https://github.com/foryujian/yjdirscan
https://github.com/maurosoria/dirsearch
https://github.com/deibit/cansina
https://github.com/epi052/feroxbuster
https://github.com/H4ckForJob/dirmap
https://www.fujieace.com/hacker/tools/yujian.html
https://github.com/devploit/nomore403
https://sourceforge.net/projects/dirbuster/
https://github.com/Threezh1/JSFinder
https://github.com/pingc0y/URLFinder
https://github.com/GerbenJavado/LinkFinder
https://github.com/lemonlove7/dirsearch_bypass403

人员信息收集

https://github.com/martinvigo/email2phonenumber
https://github.com/megadose/holehe
https://github.com/sundowndev/phoneinfoga
https://github.com/Taonn/EmailAll
https://github.com/soxoj/maigret

端口服务识别

https://nmap.org/download.html
https://github.com/shadow1ng/fscan
https://github.com/robertdavidgraham/masscan
https://github.com/lcvvvv/kscan
https://github.com/bee-san/Rustscan
https://github.com/praetorian-inc/fingerprintx #端口所开发服务

APP信息收集工具

https://github.com/kelvinBen/AppInfoScanner
https://github.com/dwisiswant0/apkleaks
https://github.com/n0mi1k/apk2url

爬虫工具

https://github.com/chaitin/rad
https://github.com/xnl-h4ck3r/xnLinkFinder
https://github.com/Qianlitp/crawlergo/
https://github.com/projectdiscovery/katana

蜜罐识别工具

https://github.com/Yuy0ung/Niffler
https://github.com/Ghr07h/Heimdallr
https://github.com/Monyer/antihoneypot
https://github.com/cnrstar/anti-honeypot

负载均衡/CDN/WAF/IDS 识别工具

https://github.com/ccc-f/FCDN
sudo apt update && sudo apt install lbd #kali工具
https://github.com/Explorer1092/cdncheck
https://github.com/EnableSecurity/wafw00f
https://github.com/Ekultek/WhatWaf
https://github.com/YouChenJun/CheckCdn
https://github.com/projectdiscovery/cdncheck

指纹识别工具

https://github.com/TideSec/TideFinger
https://github.com/P001water/P1finger
https://github.com/0x727/FingerprintHub
https://github.com/emo-crab/observer_ward
https://github.com/s7ckTeam/Glass
https://github.com/EdgeSecurityTeam/EHole
https://github.com/HackAllSec/hfinger
https://github.com/EASY233/Finger
https://github.com/shuanx/BurpFingerPrint
https://github.com/wudijun/Catcher
https://github.com/lemonlove7/Ehole_magic
https://github.com/urbanadventurer/WhatWeb

只给企业名称

https://github.com/wgpsec/ENScan_GO

给ip反查域名

https://github.com/sma11new/ip2domain

github敏感信息收集

https://github.com/obheda12/GitDorker

综合收集

https://github.com/leebaird/discover
kali: https://github.com/owasp-amass/amass
https://github.com/lanmaster53/recon-ng/tree/master
kali:https://github.com/smicallef/spiderfoot
https://github.com/goby-lang/goby
https://github.com/0x727/ShuiZe_0x727
https://www.maltego.com/downloads/
https://github.com/laramies/theharvester
https://github.com/fasnow/fine
https://github.com/Aabyss-Team/ARL
https://www.scope-sentry.top/
https://github.com/TideSec/TscanPlus
https://github.com/polite-007/Milkyway
https://www.maltego.com
https://github.com/yqcs/prismx/releases/