子域名+探活

subfinder

1
subfinder -dL domain.txt -all >> domians1.txt

oneforall

1
python3 oneforall.py --targets domain.txt run

httpx

1
cat all_domains.txt|httpx -ports 80,443,8080,8000,8888,8443 -sc -title -mc 200,404,403,302 -threads 200 |tee subdomains_alive.txt

Tscan截图

渗透时naabu发现非80,443的web端口

1

url收集

被动收集

gau+our

gau容易被ban

1
cat livesubdomains.txt | gau | sort -u > urls2.txt

VirusTotal.sh+our

https://github.com/coffinxp/scripts/blob/main/virustotal.sh

1