43 lines
696 B
Markdown
43 lines
696 B
Markdown
# Recon
|
|
|
|
# Domeni
|
|
- crt.sh
|
|
- google site:example.org -site:www.example.org -site:...
|
|
- sublis3r program
|
|
sublist3er.py -d example.org
|
|
- resolve to ip (for i in $(cat subdomens.txt) ; do host $i ; done
|
|
- whois domen,ip,as
|
|
|
|
# Port scan
|
|
|
|
- nmap example.org
|
|
- nmap -sV example.org
|
|
- whatweb program
|
|
|
|
# Vulenarbilites
|
|
|
|
- CVE details website
|
|
- nmap --script vulners -sV example.org
|
|
- sucuri website
|
|
- imuniweb
|
|
- wapiti
|
|
- xssstrike
|
|
- PwnXSS
|
|
|
|
# Firewall detection
|
|
- firewalk
|
|
|
|
# Automation
|
|
- recon should be automated to periodically scan targets
|
|
- nuclei program (scrippting language, daemon)
|
|
- owasp/amass program
|
|
|
|
# Web
|
|
- dirbuster
|
|
- robots.txt
|
|
|
|
# Anonimity
|
|
- tmap program
|
|
- Tor browser
|
|
- torsocks
|