10.3. Information Collection

10.3.1. Whois

• who.is

• NetCN WHOIS

• Tencent Cloud WHOIS

• ChinaZ WHOIS

10.3.2. Website filing

• Tianyancha

• ICP filing query

• Love station record query

10.3.3. CDN query

• Ping multiple places

• CDN service provider query

10.3.4. Subdomain Blasting

• subDomainsBrute

• wydomain

• broDomain

• ESD

• aiodnsbrute

• OneForAll

• subfinder

• altdns Generates permutations, alterations and mutations of subdomains and then resolves them

10.3.5. Domain Name Acquisition

• the art of subdomain enumeration

• sslScrape

• aquatone A Tool for Domain Flyovers

• teemo A Domain Name & Email Address Collection Tool

• DNS DB history

10.3.6. Weak Password Blasting

• hydra

• medusa is a high-speed network authentication cracking tool

• Ncrack

• htpwdScan

• patator

10.3.7. Git information leakage

• GitHack By lijiejie

• GitHack By BugScan

• GitTools

• Zen

• dig github history

• gitrob Reconnaissance tool for GitHub organizations

• git secrets

• shhgit Find GitHub secrets in real time

• GitHound GitHound pinpoints exposed API keys on GitHub using pattern matching, commit history searching, and a unique result scoring system. A batch-catching, pattern-matching, patch-attacking secret snatcher

• x patrol Github leaked patrol

• GitDorker scrape secrets from GitHub through usage of a large repository of dorks

10.3.8. Github Monitoring

• Github Monitor Github Sensitive Information Leakage Monitor

• Github Dorks

• GSIL

• Hawkeye

• gshark

• GitGot

• gitGraber monitor GitHub to search and find sensitive data in real time for different online services

10.3.9. Path and file scanning

• weakfilescan

• DirBrute

• dirsearch

• bfac

• ds_store_exp

10.3.10. Path Crawlers

• crawlergo A powerful dynamic crawler for web vulnerability scanners

10.3.11. Fingerprint recognition

• Wappalyzer

• whatweb

• Wordpress Finger Print

• CMS Finger Print

• JA3 is a standard for creating SSL client fingerprints in an easy to produce and shareable way

• TideFinger

• JARM active Transport Layer Security (TLS) server fingerprinting tool

• fingerprintjs Browser fingerprinting library with the highest accuracy and stability

10.3.12. Waf Fingerprint

• identywaf

• wafw00f

• WhatWaf

10.3.13. Port Scanning

• nmap

• zmap

• masscan

• ShodanHat

• lzr LZR quickly detects and fingerprints unexpected services running on unexpected ports

• ZGrab2 Fast Go Application Scanner

• RustScan The Modern Port Scanner

• DNS dnsenum nslookup dig fierce

• SNMP snmpwalk

10.3.14. DNS data query

• VirusTotal

• PassiveTotal

• DNSDB

• sitedossier

10.3.15. DNS Association

• Cloudflare Enumeration Tool

• amass

• Certificate Search

10.3.16. Cloud Services

• Find aws s3 buckets

• CloudScraper

• AWS Bucket Dump

10.3.17. Data query

• Censys

• Shodan

• Zoomeye

• fofa

• scans

• Just Metadata

• publicwww - Find Web Pages via Snippet

10.3.18. Password

• Probable Wordlists Wordlists sorted by probability originally created for password generation and testing

• Common User Passwords Profiler

• chrome password grabber

• DefaultCreds cheat sheet One place for all the default credentials to assist the pentesters during an engagement

• SuperWordlist

10.3.19. CI Information Disclosur

• secretz minimizing the large attack surface of Travis CI

10.3.20. Profile of personal data

• GHunt Investigate Google Accounts with emails

10.3.21. Mailbox Collection

• EmailHarvester

10.3.22. Others

• datasploit

• watchdog

• archive

• HTTPLeaks

• htrace

• Quake Command-Line Application 360 Cyberspace Mapping System