技巧
DNS解析记录主站获取单点登录接口crossdomain.xmlIP反查通过HTTPS证书收集DNS域传送搜集联系人信息/邮箱反查域名x-dns-prefetch-control #DNS解析 - ctrl+u查看网页源码
工具
fierceSublist3rsubbruteSubDomainsBruteLayerwydomaintheHarvester #emails,names,subdomains,IPs,and URLs
搜索引擎
http://www.ask.comhttps://www.baidu.comhttp://cn.bing.comhttps://api.cognitive.microsoft.comhttp://www.dogpile.comhttps://duckduckgo.comhttp://www.exalead.com/search/webhttp://www.fofa.sohttps://www.so.comhttps://www.google.comhttps://search.yahoo.comhttps://www.exalead.comhttp://www.googleapis.comhttps://www.zoomeye.orghttps://shodan.io
通过解析记录
https://www.dnsdb.infohttps://www.virustotal.comhttps://circl.lu/services/passive-dnshttps://www.paloaltoneonetworks.com/features/passive-dnshttps://dnsdumpster.comhttps://www.threatcrowd.org/domain.php?domain=qq.com
爬虫
工具如burp spider / domain hunter
DNSSEC zone walking
NSECldns-walk 工具 ldnsutilsdig dit +short NSEC api.nasa.gov 工具 dnsutils dig +short NSEC api.nasa.gov | wak '{print $1;}'NSEC3 http://josefsson.org/walkerhttps://dnscurve.org/nsec3walker.htmlhttps://github.com/anonion0/nese3map
在线网站
https://www.netcraft.comhttp://i.links.cn/subdomainhttp://dns.aizhan.comhttps://crt.shhttps://d.chinacycc.comphpinfo.me/domainhttps://dns.bufferover.run/dns?q=xx.comwhois.chinaz.comwww.intemic.net/whois.htmlhttps://www.google.com/transparencyreport/https/ct/?hl=zh-CN#domain=apple.com&incl_exp=false&incl_sub=truehttps://ctr.sh/https://censys.iohttps://www.google.com/transparencyreport/https/ct/https://scans.io/https://github.com/appsecco/bugcrowd-levelup-subdomain-enumeration/blob/master/cloudflare_enum.py