信息收集
========================================

Whois
----------------------------------------
- `who.is <https://who.is/>`_
- `万网WHOIS <https://whois.aliyun.com/>`_
- `腾讯云WHOIS <https://whois.cloud.tencent.com/>`_
- `站长之家WHOIS <https://whois.chinaz.com/>`_

网站备案
----------------------------------------
- `天眼查 <https://www.tianyancha.com/>`_
- `ICP备案查询 <http://www.beianbeian.com/>`_
- `爱站备案查询 <https://icp.aizhan.com>`_

CDN查询
----------------------------------------
- `多地Ping <https://ping.chinaz.com/>`_
- `CDN服务商查询 <https://tools.ipip.net/cdn.php>`_

子域爆破
----------------------------------------
- `Amass <https://github.com/OWASP/Amass>`_ In-depth Attack Surface Mapping and Asset Discovery
- `subDomainsBrute <https://github.com/lijiejie/subDomainsBrute>`_
- `wydomain <https://github.com/ring04h/wydomain>`_
- `broDomain <https://github.com/code-scan/BroDomain>`_
- `ESD <https://github.com/FeeiCN/ESD>`_
- `aiodnsbrute <https://github.com/blark/aiodnsbrute>`_
- `OneForAll <https://github.com/shmilylty/OneForAll>`_
- `subfinder <https://github.com/subfinder/subfinder>`_
- `altdns <https://github.com/infosec-au/altdns>`_ Generates permutations, alterations and mutations of subdomains and then resolves them

域名获取
----------------------------------------
- `the art of subdomain enumeration <https://github.com/appsecco/the-art-of-subdomain-enumeration>`_
- `sslScrape <https://github.com/cheetz/sslScrape/blob/master/sslScrape.py>`_
- `aquatone <https://github.com/michenriksen/aquatone>`_ A Tool for Domain Flyovers
- `teemo <https://github.com/bit4woo/teemo>`_ A Domain Name & Email Address Collection Tool
- `DNS DB 历史记录 <https://dnsdb.io/zh-cn/>`_

弱密码爆破
----------------------------------------
- `hydra <https://github.com/vanhauser-thc/thc-hydra>`_
- `medusa <https://github.com/jmk-foofus/medusa>`_ is a high-speed network authentication cracking tool
- `Ncrack <https://github.com/nmap/ncrack>`_
- `htpwdScan <https://github.com/lijiejie/htpwdScan>`_
- `patator <https://github.com/lanjelot/patator>`_

Git信息泄漏
----------------------------------------
- `GitHack By lijiejie <https://github.com/lijiejie/GitHack>`_
- `GitHack By BugScan <https://github.com/BugScanTeam/GitHack>`_
- `GitTools <https://github.com/internetwache/GitTools>`_
- `Zen <https://github.com/s0md3v/Zen>`_
- `dig github history <https://github.com/dxa4481/truffleHog>`_
- `gitrob Reconnaissance tool for GitHub organizations <https://github.com/michenriksen/gitrob>`_
- `git secrets <https://github.com/awslabs/git-secrets>`_
- `shhgit <https://github.com/eth0izzle/shhgit>`_ Find GitHub secrets in real time
- `GitHound <https://github.com/tillson/git-hound>`_ GitHound pinpoints exposed API keys on GitHub using pattern matching, commit history searching, and a unique result scoring system. A batch-catching, pattern-matching, patch-attacking secret snatcher
- `x patrol <https://github.com/MiSecurity/x-patrol>`_ Github leaked patrol
- `GitDorker <https://github.com/obheda12/GitDorker>`_ scrape secrets from GitHub through usage of a large repository of dorks

Github监控
----------------------------------------
- `Github Monitor <https://github.com/VKSRC/Github-Monitor>`_ Github Sensitive Information Leakage Monitor
- `Github Dorks <https://github.com/techgaun/github-dorks>`_
- `GSIL <https://github.com/FeeiCN/GSIL>`_
- `Hawkeye <https://github.com/0xbug/Hawkeye>`_
- `gshark <https://github.com/neal1991/gshark>`_
- `GitGot <https://github.com/BishopFox/GitGot>`_
- `gitGraber <https://github.com/hisxo/gitGraber>`_ monitor GitHub to search and find sensitive data in real time for different online services

路径及文件扫描
----------------------------------------
- `weakfilescan <https://github.com/ring04h/weakfilescan>`_
- `DirBrute <https://github.com/Xyntax/DirBrute>`_
- `dirsearch <https://github.com/maurosoria/dirsearch>`_
- `bfac <https://github.com/mazen160/bfac>`_
- `ds_store_exp <https://github.com/lijiejie/ds_store_exp>`_

路径爬虫
----------------------------------------
- `crawlergo <https://github.com/0Kee-Team/crawlergo>`_ A powerful dynamic crawler for web vulnerability scanners

指纹识别
----------------------------------------
- `Wappalyzer <https://github.com/AliasIO/Wappalyzer>`_
- `whatweb <https://github.com/urbanadventurer/whatweb>`_
- `Wordpress Finger Print <https://github.com/iniqua/plecost>`_
- `CMS指纹识别 <https://github.com/n4xh4ck5/CMSsc4n>`_
- `JA3 <https://github.com/salesforce/ja3>`_ is a standard for creating SSL client fingerprints in an easy to produce and shareable way
- `TideFinger <https://github.com/TideSec/TideFinger>`_
- `JARM <https://github.com/salesforce/jarm>`_ active Transport Layer Security (TLS) server fingerprinting tool
- `fingerprintjs <https://github.com/fingerprintjs/fingerprintjs>`_ Browser fingerprinting library with the highest accuracy and stability

Waf指纹
----------------------------------------
- `identywaf <https://github.com/enablesecurity/identywaf>`_
- `wafw00f <https://github.com/enablesecurity/wafw00f>`_
- `WhatWaf <https://github.com/Ekultek/WhatWaf>`_

端口扫描
----------------------------------------
- `nmap <https://github.com/nmap/nmap>`_
- `zmap <https://github.com/zmap/zmap>`_
- `masscan <https://github.com/robertdavidgraham/masscan>`_
- `ShodanHat <https://github.com/HatBashBR/ShodanHat>`_
- `lzr <https://github.com/stanford-esrg/lzr>`_ LZR quickly detects and fingerprints unexpected services running on unexpected ports
- `ZGrab2 <https://github.com/zmap/zgrab2>`_ Fast Go Application Scanner
- `RustScan <https://github.com/RustScan/RustScan>`_ The Modern Port Scanner
- DNS ``dnsenum nslookup dig fierce``
- SNMP ``snmpwalk``

DNS数据查询
----------------------------------------
- `VirusTotal <https://www.virustotal.com/>`_
- `PassiveTotal <https://passivetotal.org>`_
- `DNSDB <https://www.dnsdb.info/>`_
- `sitedossier <http://www.sitedossier.com/>`_

DNS关联
----------------------------------------
- `Cloudflare Enumeration Tool <https://github.com/mandatoryprogrammer/cloudflare_enum>`_
- `Certificate Search <https://crt.sh/>`_

云服务
----------------------------------------
- `Find aws s3 buckets <https://github.com/gwen001/s3-buckets-finder>`_
- `CloudScraper <https://github.com/jordanpotti/CloudScraper>`_
- `AWS Bucket Dump <https://github.com/jordanpotti/AWSBucketDump>`_

数据查询
----------------------------------------
- `Censys <https://censys.io>`_
- `Shodan <https://www.shodan.io/>`_
- `Zoomeye <https://www.zoomeye.org/>`_
- `fofa <https://fofa.so/>`_
- `scans <https://scans.io/>`_
- `Just Metadata <https://github.com/FortyNorthSecurity/Just-Metadata>`_
- `publicwww - Find Web Pages via Snippet <https://publicwww.com/>`_
- `Tiny Scan <https://www.tiny-scan.com>`_ A URL scan tool that provides comprehensive information about any given URL

Password
----------------------------------------
- `Probable Wordlists <https://github.com/berzerk0/Probable-Wordlists>`_ Wordlists sorted by probability originally created for password generation and testing
- `Common User Passwords Profiler <https://github.com/Mebus/cupp>`_
- `chrome password grabber <https://github.com/x899/chrome_password_grabber>`_
- `DefaultCreds cheat sheet <https://github.com/ihebski/DefaultCreds-cheat-sheet>`_ One place for all the default credentials to assist the pentesters during an engagement
- `SuperWordlist <https://github.com/fuzz-security/SuperWordlist>`_

CI信息泄露
----------------------------------------
- `secretz <https://github.com/lc/secretz>`_ minimizing the large attack surface of Travis CI

个人数据画像
----------------------------------------
- `GHunt <https://github.com/mxrch/GHunt>`_ Investigate Google Accounts with emails

邮箱收集
----------------------------------------
- `EmailHarvester <https://github.com/maldevel/EmailHarvester>`_

其他
----------------------------------------
- `datasploit <https://github.com/DataSploit/datasploit>`_
- `watchdog <https://github.com/flipkart-incubator/watchdog>`_
- `archive <https://archive.org/web/>`_
- `HTTPLeaks <https://github.com/cure53/HTTPLeaks>`_
- `htrace <https://github.com/trimstray/htrace.sh>`_
- `Quake Command-Line Application <https://github.com/360quake/quake_rs>`_ 360网络空间测绘系统