OSINT
OSINT,是指可以从公告资源,特别是互联网中可以进行信息收集
分类
进攻性 收集目标测试过程中的相关信息
防御性 收集目标以前的违规信或与之相关的安全信息
收集信息范围
进攻
域名
谷歌缓冲
子域名
IP地址
电子邮件
共享主机列表
社交媒体
Google黑客
日志文件
敏感文件
数据库文件
防御
安全漏洞
威胁情报
被动侦察
定义 不与目标直接发生交互,利用OSINT途径进行信息收集或侦察
域名注册信息收集
whois工具
whois 域名
![](https://img-blog.csdnimg.cn/20210118094848503.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3dlaXhpbl80MzI1MjIwNA==,size_16,color_FFFFFF,t_70)
在以上whois工具查询信息中,有如下一段
Web-based WHOIS: https://domains.markmonitor.com/whois
这其实就是告诉我们这个工具查询数据的来源,使用网页打开,输入域名查询,也可得到相同的查询信息
![](https://img-blog.csdnimg.cn/20210118094848506.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3dlaXhpbl80MzI1MjIwNA==,size_16,color_FFFFFF,t_70)
![](https://img-blog.csdnimg.cn/20210118094848130.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3dlaXhpbl80MzI1MjIwNA==,size_16,color_FFFFFF,t_70)
编写python脚本实现这一功能
whois_jb.py
import requests
import sys
args = sys.argv
headers = {"User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0","Referer":"https://domains.markmonitor.com/whois/"}
url = "https://domains.markmonitor.com/whois/"
payloads = {"btn":"getWhois","domain":args[1],"email":""}
response = requests.post(url = url, headers=headers, data=payloads)
data_json = response.json()
f = open(args[1]+".html","w+")
f.write(data_json['whois'])
f.close
![](https://img-blog.csdnimg.cn/20210118094848370.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3dlaXhpbl80MzI1MjIwNA==,size_16,color_FFFFFF,t_70)
IP地址信息收集
shodan.io
![](https://img-blog.csdnimg.cn/20210118094848660.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3dlaXhpbl80MzI1MjIwNA==,size_16,color_FFFFFF,t_70)
censys.io
![](https://img-blog.csdnimg.cn/20210118094848536.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3dlaXhpbl80MzI1MjIwNA==,size_16,color_FFFFFF,t_70)
fofa.so
![](https://img-blog.csdnimg.cn/20210118094848447.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3dlaXhpbl80MzI1MjIwNA==,size_16,color_FFFFFF,t_70)
子域名信息收集
google site:域名
![](https://img-blog.csdnimg.cn/20210118094848521.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3dlaXhpbl80MzI1MjIwNA==,size_16,color_FFFFFF,t_70)
主机信息收集
netcraft
域名历史记录
archive.org
电子邮件信息收集
https://centralops.net/co/EmailDossier.aspx
![](https://img-blog.csdnimg.cn/20210118094848447.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3dlaXhpbl80MzI1MjIwNA==,size_16,color_FFFFFF,t_70)
用户信息
theHarvester
theHarvester -d beglage.cn -l 100 -b baidu
-d 指定目标
-l 设置上限查询值
-b 设置查询源
![](https://img-blog.csdnimg.cn/20210118094848519.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3dlaXhpbl80MzI1MjIwNA==,size_16,color_FFFFFF,t_70)
安全威胁信息收集
https://haveibeenpwned.com/
![](https://img-blog.csdnimg.cn/20210118094848716.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3dlaXhpbl80MzI1MjIwNA==,size_16,color_FFFFFF,t_70)
http://zone-h.com/archive?hz=1
查询已经被黑的网站
![](https://img-blog.csdnimg.cn/20210118094848545.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3dlaXhpbl80MzI1MjIwNA==,size_16,color_FFFFFF,t_70)
已被攻破的
![](https://img-blog.csdnimg.cn/20210118094848626.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3dlaXhpbl80MzI1MjIwNA==,size_16,color_FFFFFF,t_70)