Web网络安全-----红蓝攻防之信息收集（web、安卓...）

B1g0rang

已于 2024-10-12 13:57:15 修改

阅读量2.8k

点赞数 3

CC 4.0 BY-SA版权

文章标签： web安全安全网络安全

于 2023-07-15 17:57:18 首次发布

本文链接：https://blog.csdn.net/qq_51690690/article/details/131729082

本文介绍了红蓝攻防中信息收集的重要性，并列举了多种空间搜索引擎、威胁情报查询工具、自动化工具、企业信息查询、域名IP查询、端口扫描、子域名搜集、WEB信息指纹识别等资源，旨在帮助网络安全从业者进行系统化信息收集和安全防护。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

系列文章目录

Web网络安全-----Log4j高危漏洞原理及修复

文章目录

系列文章目录
前言
一、为什么要做信息收集？
- 蓝队：
- 红队：
- 红蓝对抗，无疑是一场信息对抗大赛
二、空间搜索引擎类
- 1.[FOFA](https://fofa.info/)
- 2.[鹰图-奇安信](https://hunter.qianxin.com/)
- 3.[Shodan Search Engine](https://www.shodan.io/)
- 4.[零组](https://0.zone/)
- 5.[Soall](https://soall.org/)
- 6.[ONYPHE - Cyber Defense Search Engine](https://www.onyphe.io/)
- 7.[DNSDB](https://dnsdb.io/zh-cn/)
- 8.[360网络空间测绘](https://quake.360.net/quake/#/index)
- 9.[FullHunt | Expose Your Attack Surface](https://fullhunt.io/)
- 10.[Netlas](https://app.netlas.io/responses/)
- 11.[leakix](https://leakix.net/)
- 12.[DorkSearch - Speed up your Dorking](https://dorksearch.com/)
三、威胁情报查询类
- 1. [微步在线X情报社区-威胁情报查询_威胁分析平台_开放社区:](https://x.threatbook.com/)
- 2.[NTI - 绿盟](https://ti.nsfocus.com/)
- 3.[奇安信威胁情报中心](https://ti.qianxin.com/)
- 4.[VenusEye威胁情报中心](https://www.venuseye.com.cn/)
- 5.[IBM X-Force Exchange](https://exchange.xforce.ibmcloud.com/)
- 6.[RedQueen安全智能服务平台](https://redqueen.tj-un.com/IntelHome.html)
- 7.[华为安全中心平台](https://isecurity.huawei.com/sec/web/intelligencePortal.do)
- 8.[安全星图平台-安恒](https://ti.dbappsecurity.com.cn/)
- 9.[深信服威胁情报中心](https://ti.sangfor.com.cn/analysis-platform)
- 10.[360安全大脑](https://ti.360.cn/#/homepage)
- 11.[腾讯哈勃分析系统](https://habo.qq.com/)
- 12.[安恒云沙箱](https://sandbox.dbappsecurity.com.cn/)
- 13.[微步云沙箱](https://s.threatbook.com/)
- 14.[IBM X-Force ](https://www.ibm.com/cn-zh/x-force)
- 15.[VirusTotal - Home](https://www.virustotal.com/gui/home/upload)
- 16.[AlienVault - Open Threat Exchange](https://otx.alienvault.com/)
- 17.[any.run](https://app.any.run/)
- 18.[greynoise](https://viz.greynoise.io/)
- 19.[URLhaus | Checking your browser](https://urlhaus.abuse.ch/verify-ua/)
- 20.[pithus](https://beta.pithus.org/)
- 21.[hybrid-analysis](https://www.hybrid-analysis.com/)
- 22.[intezer.](https://intezer.com/)
- 23.[sans](https://isc.sans.edu/)
四、信息收集自动化工具
- 1.ARL灯塔信息搜集系统
- 2.水泽
五、企业信息及备案
- 1.[天眼查](https://www.tianyancha.com/)
- 2.[爱企查](https://aiqicha.baidu.com/)
- 3.[ICP备案查询 - 站长工具](https://icp.chinaz.com/)
- 4.[工业和信息化部政务服务平台：ICP/IP地址/域名信息备案管理系统](https://beian.miit.gov.cn/#/Integrated/index)
- 5.[小蓝本](https://www.xiaolanben.com/pc)
六、域名(whois)
- 1.[域名Whois查询 - 站长之家](https://whois.chinaz.com/)
- 2.[whois查询-阿里云](https://whois.aliyun.com/)
- 3.[域名信息查询 - 腾讯云h](https://whois.cloud.tencent.com/)
- 4.[WHOIS域名注册信息查询-GoDaddy官方中文站](https://www.godaddy.com/zh-sg/whois)
七、ip/ip段信息查询
- 1.[ IPIP.NET](https://www.ipip.net/)
- 2.[警戒区 logo · IP信息查询 ](https://jingjiequ.com/tools/ip/)
- 3.[IPUU](https://ipuu.net/Home)
- 4.[ 高精度IP定位](https://www.opengps.cn/Data/IP/LocHighAcc.aspx)
八、端口信息
- 1.[ Nmap](https://github.com/nmap/nmap)
- 2.Goby
九、子域名搜集查询
- 1.[ 子域名查询 - 站长工具](https://tool.chinaz.com/subdomain/)
- 2.[ 资产查询 - 在线子域](https://rapiddns.io/subdomain)
- 3.[ 在线子域名查询](http://tools.bugscaner.com/subdomain/)
- 4.[在线子域名查询ruo](https://ruo.me/)
- 4.[RapidDNS](https://rapiddns.io/subdomain#google_vignette)
- 4.[在线子域名查询talosintelligence](https://talosintelligence.com/)
十、旁站
十一、C段
十二、IP反查域名相关
- 1.[ 同IP网站查询 - 站长工具](https://stool.chinaz.com/same)
- 2.[ The Web of WebScan](https://www.webscan.cc/)
- 3.[IP反查域名](https://dns.aizhan.com/)
- 4.[ IPIP-IP反查域名](https://tools.ipip.net/ipdomain.php)
十三、WEB信息指纹类
- 1.[潮汐指纹](http://finger.tidesec.net/)
- 2.[云悉在线CMS指纹识别](https://www.yunsee.cn/)
- 3.[360指纹收录](https://fp.shuziguanxing.com/#/)
- 4.[EHole(棱洞)3.0红队重点攻击系统指纹探测工具](https://github.com/EdgeSecurityTeam/EHole)
- 5.Wappalyzer插件
- 6.Goby
十四、敏感信息-网盘资源
- 1.[ 十大网盘搜索引擎 - 凌风云](https://www.lingfengyun.com/)
- 2.[ 大力盘 - 网盘搜索引擎](https://www.dalipan.com/#/main/search?searchtype=1&restype=2)
- 3.[ 云盘狗-百度云网盘搜索](http://yunpangou.com/)
- 4.[ 盘131](https://www.pan131.com/)
- 5.[ 搜盘网](http://www.soupan.info/)
十五、敏感信息-文档
- 1.[ 百度文库](https://wenku.baidu.com/?_wkts_=1689413649720)
- 2.[ 道客巴巴](https://www.doc88.com/)
十六、敏感信息-GitHub & Gitee
十七、社工
十八、证书透明度
- 1.[Certificate Search](https://crt.sh/)
- 2.[Censys](https://search.censys.io/certificates)
- 3.[spyse](https://spyse.com/search/certificate)
- 4.[certspotter](https://sslmate.com/certspotter/api/)
- 5.[entrust](https://www.entrust.com/ct-search/)
- 5.[facebook](https://developers.facebook.com/tools/ct)
十九、App分析在线平台
- 1.[七麦数据](https://www.qimai.cn/)
- 2.[Apkpure](https://apkpure.com/cn)：可以在这里下载apk
- 3.[AppInfoScanner](https://github.com/kelvinBen/AppInfoScanner0)：一个APP分析工具
二十、WAF识别
二十一、邮箱信息
- 1.[verify](https://github.com/Tzeross/verifyemail)
- 2.[skymem](https://www.skymem.info/)
- 3.[搜邮箱](https://www.skymem.info/)
二十二、历史快照
- 1.[archive](https://archive.org/web/)
- 2.[cachedview](https://cachedview.com/)
- 3.[loc ](https://www.loc.gov/search/)
总结

前言

信息收集，就笔者看来，信息收集是红蓝攻防中最重要的一步，红队有什么再NB的秒通大佬，或者是顺着味道就找到你的蓝队溯源大佬，都没有一个系统的、完善的信息收集来得让人安心。
（如果有大佬看见了，当我没说，顺便带带我QAQ）

一、为什么要做信息收集？

蓝队：

所谓知己知彼百战百胜，提前做好信息收集，能够帮助蓝队知道自己系统存在什么资产（资产收集），所有的资产都能成为攻击方的跳板；知道系统在互联网上暴露了什么敏感信息（敏感信息收集），这些信息可能被利用，来对系统造成攻击（邮箱钓鱼、文件泄露…）

红队：

我要知道你小子有什么我才好打你，和蓝队相反，资产收集得到的东西和收集到的敏感信息，就是红队最好的剑和剑鞘，在蓝队不知情的情况下，已经偷偷摸摸拿shell了

红蓝对抗，无疑是一场信息对抗大赛

下面笔者将列出自己常用的一些方法，欢迎大佬们补充！

二、空间搜索引擎类

6.ONYPHE - Cyber Defense Search Engine

9.FullHunt | Expose Your Attack Surface

12.DorkSearch - Speed up your Dorking

以上笔者最常用的是 FOFA、鹰图、零组，有的需开代理访问，每一种搜索引擎得到的信息类型和使用要求都有所相同，可以在使用后选择几个自己喜欢的熟悉使用

三、威胁情报查询类

1. 微步在线X情报社区-威胁情报查询_威胁分析平台_开放社区:

16.AlienVault - Open Threat Exchange

19.URLhaus | Checking your browser

23.sans

梦想做黑客是吧，那么情报肯定是很重要的，微步、绿盟的NIT、奇安信威胁情报中心还有一些都是不错的，当做逛微博吧

四、信息收集自动化工具

1.ARL灯塔信息搜集系统

最常见的就是灯塔了，免费而且可以同时跑多个目标，

2.水泽

所谓水泽：河湖沼泽，只需要输入根域名即可全方位收集相关资产，docker可以直接安装

相关安装和使用，笔者后续再进行补充，一用就会

五、企业信息及备案

4.工业和信息化部政务服务平台：ICP/IP地址/域名信息备案管理系统

六、域名(whois)

七、ip/ip段信息查询

八、端口信息

2.Goby

九、子域名搜集查询

十、旁站

https://dns.aizhan.com/
https://webscan.cc/
https://www.114best.com/ip/
https://dnsdumpster.com/
https://rapiddns.io/sameip
https://myip.ms/
https://dnslytics.com/domain
http://s.tool.chinaz.com/same?s=
https://searchdns.netcraft.com/

十一、C段

http://www.bug8.me/bing/bing.php、
https://securitytrails.com/、
https://www.webscan.cc/