{"id":1430,"date":"2025-05-10T20:14:22","date_gmt":"2025-05-10T12:14:22","guid":{"rendered":"https:\/\/blog.vvvtimes.com\/?p=1430"},"modified":"2025-05-12T19:52:08","modified_gmt":"2025-05-12T11:52:08","slug":"offense-and-defense-sub-domain-name-query","status":"publish","type":"post","link":"https:\/\/blog.vvvtimes.com\/index.php\/2025\/05\/10\/offense-and-defense-sub-domain-name-query\/","title":{"rendered":"\u653b\u9632\u5bf9\u6297\u4e4b\u5b50\u57df\u540d\u67e5\u8be2"},"content":{"rendered":"

1.\u8bc1\u4e66\u900f\u660e\u5de5\u5177<\/p>\n

\u653b\u6cd5\uff1a2016\u5e74\u5f00\u59cb\u7684ssl\u8bc1\u4e66\u900f\u660e\u5de5\u5177<\/p>\n

\uff081\uff09crtsh\uff1ahttps:\/\/crt.sh\/
\n\uff082\uff09censys\uff1ahttps:\/\/censys.io\/certificates
\n\uff083\uff09spyse\uff1ahttps:\/\/spyse.com\/search\/certificate
\n\uff084\uff09certspotter\uff1ahttps:\/\/sslmate.com\/certspotter\/api\/
\n\uff085\uff09entrust\uff1ahttps:\/\/www.entrust.com\/ct-search\/
\n\uff086\uff09facebook\uff1ahttps:\/\/developers.facebook.com\/tools\/ct
\n\uff087\uff09google\uff1ahttps:\/\/developers.facebook.com\/tools\/ct<\/p>\n

\u89e3\u6cd5\uff1a\u7b7e\u53d1\u6cdb\u57df\u540d\u8bc1\u4e66\uff0c\u4ece2018\u5e74\u5f00\u59cb\uff0c\u514d\u8d39\u7684lets\u8bc1\u4e66\u4e5f\u80fd\u7b7e\u53d1\u6cdb\u57df\u540d\u8bc1\u4e66\u4e86\u3002<\/p>\n

2.DNS\u8bb0\u5f55\u516c\u5f00\u6570\u636e\u6536\u96c6<\/p>\n

\u653b\u6cd5\uff1a\u4e00\u4e9b\u516c\u5f00\u7684\u67e5\u8be2\u7f51\u7ad9\u4f1a\u8bb0\u5f55\u516c\u5f00\u5386\u53f2<\/p>\n

\uff081\uff09ip138\uff1ahttps:\/\/site.ip138.com\/
\n\uff082\uff09\u767e\u5ea6\u4e91\u89c2\u6d4b\uff1ahttp:\/\/ce.baidu.com\/index\/getRelatedSites?site_address=baidu.com
\n\uff083\uff09circl\uff1ahttps:\/\/www.circl.lu\/services\/passive-dns\/#passive-dns
\n\uff084\uff09hackertarget\uff1ahttps:\/\/hackertarget.com\/find-dns-host-records\/
\n\uff085\uff09riddler\uff1ahttps:\/\/riddler.io\/search?q=pld:baidu.com
\n\uff086\uff09bufferover\uff1ahttps:\/\/dns.bufferover.run\/dns?q=.baidu.com
\n\uff087\uff09dnsdb\uff1ahttps:\/\/dnsdb.io\/zh-cn\/search?q=baidu.com
\n\uff088\uff09ipv4info\uff1ahttp:\/\/ipv4info.com\/
\n\uff089\uff09robtex\uff1ahttps:\/\/www.robtex.com\/dns-lookup\/
\n\uff0810\uff09chinaz\uff1ahttps:\/\/alexa.chinaz.com\/
\n\uff0811\uff09netcraft\uff1ahttps:\/\/searchdns.netcraft.com\/
\n\uff0812\uff09securitytrails\uff1ahttps:\/\/docs.securitytrails.com\/v1.0\/reference#get-domain
\n\uff0813\uff09dnsdumpster\uff1ahttps:\/\/dnsdumpster.com\/
\n\uff0814\uff09sitedossier\uff1ahttp:\/\/www.sitedossier.com\/
\n\uff0815\uff09threatcrowd\uff1ahttps:\/\/www.threatcrowd.org\/
\n\uff0816\uff09siterankdata\uff1ahttps:\/\/siterankdata.com\/
\n\uff0817\uff09findsubdomains\uff1ahttps:\/\/findsubdomains.com\/<\/p>\n

\u89e3\u6cd5\uff1a\u4e0d\u516c\u5f00\u67e5\u8be2\uff0c\u4f7f\u7528nslookup dig\u547d\u4ee4\u67e5\u8be2\u8bb0\u5f55<\/p>\n

3.\u5a01\u80c1\u60c5\u62a5\u6570\u636e<\/p>\n

\u653b\u6cd5\uff1a<\/p>\n

\uff081\uff09\u5fae\u6b65\uff1ahttps:\/\/x.threatbook.cn\/
\n\uff082\uff09alienvault\uff1ahttps:\/\/otx.alienvault.com\/
\n\uff083\uff09riskiq\uff1ahttps:\/\/www.riskiq.com\/
\n\uff084\uff09threatminer\uff1ahttps:\/\/www.threatminer.org\/
\n\uff085\uff09virustotal\uff1ahttps:\/\/www.virustotal.com\/gui\/home\/search<\/p>\n

\u89e3\u6cd5\uff1a\u8ddf\u8fdb\u5a01\u80c1\u60c5\u62a5\u5206\u6790\u7ed3\u679c\uff0c\u627e\u51fa\u6cc4\u9732\u6e90<\/p>\n

4.\u5b89\u5168\u7c7b\u641c\u7d22\u5f15\u64ce<\/p>\n

\u653b\u6cd5\uff1a<\/p>\n

\uff081\uff09https:\/\/fofa.so\/
\n\uff082\uff09https:\/\/www.shodan.io\/
\n\uff083\uff09https:\/\/www.zoomeye.org\/
\n\uff084\uff09binaryedge\uff1ahttps:\/\/app.binaryedge.io\/services\/domains<\/p>\n

\u89e3\u6cd5\uff1a\u7f51\u9875\u8bf7\u6c42\u5934\u6df7\u6dc6\uff0c\u6700\u5c0f\u66b4\u9732\u653b\u51fb\u9762<\/p>\n

5.\u5e38\u89c4\u641c\u7d22\u5f15\u64ce<\/p>\n

\u653b\u6cd5\uff1a
\n\uff081\uff09baidu
\n\uff082\uff09bing
\n\uff083\uff09google
\n\uff084\uff09sougou<\/p>\n

\u89e3\u6cd5\uff1aroobots\u534f\u8bae\uff0c\u722c\u866bip\u9ed1\u540d\u5355<\/p>\n

6.\u4ee3\u7801\u4ed3\u5e93<\/p>\n

\u653b\u6cd5\uff1a<\/p>\n

\uff081\uff09gayhub\uff1agiithub
\n\uff082\uff09\u963f\u91cc\u4e91\u4ee3\u7801\u6258\u7ba1\uff1ahttps:\/\/code.aliyun.com\/
\n\uff083\uff09\u7801\u4e91\uff1ahttps:\/\/gitee.com\/<\/p>\n

\u89e3\u6cd5\uff1a\u80fd\u7528\u5185\u7f51\u4ed3\u5e93\u7528\u5185\u7f51\u4ed3\u5e93\uff0c\u5982\u679c\u9700\u8981\u5916\u7f51\u8bbf\u95ee\uff0c\u57df\u540d\u90fd\u5199\u5230\u914d\u7f6e\u91cc\u6ce8\u610f\u4e0d\u8981\u5199\u751f\u4ea7\u914d\u7f6e\u3002<\/p>\n

7.dns\u66b4\u529b\u7834\u89e3\u5de5\u5177<\/p>\n

\u653b\u6cd5\uff1a<\/p>\n

\uff081\uff09subDomainsBrute\uff1ahttps:\/\/github.com\/lijiejie\/subDomainsBrute
\n\uff082\uff09teemo\uff1ahttps:\/\/github.com\/bit4woo\/teemo
\n\uff083\uff09Sublist3r\uff1ahttps:\/\/github.com\/aboul3la\/Sublist3r
\n\uff084\uff09gobuster\uff1ahttps:\/\/github.com\/OJ\/gobuster
\n\uff085\uff09assetfinder\uff1ahttps:\/\/github.com\/tomnomnom\/assetfinder
\n\uff086\uff09Sudomy\uff1ahttps:\/\/github.com\/Screetsec\/Sudomy<\/p>\n

\u89e3\u6cd5\uff1a\u57df\u540d\u957f\u5ea6\u52a0\u957f\u6216\u8005\u4f7f\u7528\u5b50\u57df\u540d\u7684\u5b50\u57df\u540d\uff0c\u76ee\u524d\u5b50\u57df\u540d\u4e3a2\u4e2a\u5b57\u6bcd\u7684\u6781\u6613\u88ab\u7a77\u4e3e\uff0c\u5efa\u8bae\u81f3\u5c114\u4e2a\u5b57\u6bcd+\u7279\u6b8a\u5b57\u7b26<\/p>\n

8.\u8bf7\u6c42\u5934\u76f8\u5173<\/p>\n

\u653b\u6cd5\uff1a<\/p>\n

\uff081\uff09\u7f51\u7ad9\u7684crossdomain.xml\u6587\u4ef6\u548c\u8fd4\u56de\u5305\u4e2d\u7684Access-Control-Allow-Origin<\/span>\u5934
\n\uff082\uff09\u8fd4\u56de\u5305\u4e2d\u7684CSP\uff08Content-Security-Policy\uff09\u5934
\n\uff083\uff09\u7f51\u7ad9robots\u6587\u4ef6
\n\uff084\uff09\u7f51\u7ad9sitemap\u6587\u4ef6<\/p>\n

\u89e3\u6cd5\uff1a\u654f\u611f\u914d\u7f6e\u9700\u8981\u5c0f\u5fc3\u914d\u7f6e\u3002\u5982cros refer wordpress\u7684sitemap xmlrpc<\/p>\n

9.\u6f0f\u6d1e\u76f8\u5173<\/p>\n

\u653b\u6cd5\uff1a<\/p>\n

\uff081\uff09\u57df\u4f20\u9001\u6f0f\u6d1e
\n\uff082\uff09js\u654f\u611f\u4fe1\u606f\u6cc4\u9732<\/p>\n

\u89e3\u6cd5\uff1a\u5b9a\u671f\u6f0f\u6d1e\u626b\u63cf<\/p>\n

 <\/p>\n","protected":false},"excerpt":{"rendered":"

1.\u8bc1\u4e66\u900f\u660e\u5de5\u5177 \u653b\u6cd5\uff1a2016\u5e74\u5f00\u59cb\u7684ssl\u8bc1\u4e66\u900f\u660e\u5de5\u5177 \uff081\uff09crtsh\uff1ahttps:\/\/crt.sh\/ … <\/p>\n

\u7ee7\u7eed\u9605\u8bfb\u201c\u653b\u9632\u5bf9\u6297\u4e4b\u5b50\u57df\u540d\u67e5\u8be2\u201d<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-1430","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/blog.vvvtimes.com\/index.php\/wp-json\/wp\/v2\/posts\/1430","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.vvvtimes.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.vvvtimes.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.vvvtimes.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.vvvtimes.com\/index.php\/wp-json\/wp\/v2\/comments?post=1430"}],"version-history":[{"count":5,"href":"https:\/\/blog.vvvtimes.com\/index.php\/wp-json\/wp\/v2\/posts\/1430\/revisions"}],"predecessor-version":[{"id":1438,"href":"https:\/\/blog.vvvtimes.com\/index.php\/wp-json\/wp\/v2\/posts\/1430\/revisions\/1438"}],"wp:attachment":[{"href":"https:\/\/blog.vvvtimes.com\/index.php\/wp-json\/wp\/v2\/media?parent=1430"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.vvvtimes.com\/index.php\/wp-json\/wp\/v2\/categories?post=1430"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.vvvtimes.com\/index.php\/wp-json\/wp\/v2\/tags?post=1430"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}