日本综合一区二区|亚洲中文天堂综合|日韩欧美自拍一区|男女精品天堂一区|欧美自拍第6页亚洲成人精品一区|亚洲黄色天堂一区二区成人|超碰91偷拍第一页|日韩av夜夜嗨中文字幕|久久蜜综合视频官网|精美人妻一区二区三区

子域名查詢工具有哪些

在網(wǎng)絡(luò)安全領(lǐng)域，子域名是一個(gè)重要的概念，子域名是指一個(gè)主域名下的子級(jí)域名，www.example.com 的子域名可以是 blog.example.com、mail.example.com 等，子域名查詢工具可以幫助我們查找一個(gè)主域名下的所有子域名，從而更好地了解目標(biāo)網(wǎng)站的結(jié)構(gòu)，發(fā)現(xiàn)潛在的安全風(fēng)險(xiǎn)，本文將介紹一些常用的子域名查詢工具。

1、Sublist3r

Sublist3r 是一個(gè)Python編寫(xiě)的子域名查詢工具，它可以自動(dòng)化地對(duì)目標(biāo)網(wǎng)站進(jìn)行子域名枚舉，Sublist3r 支持多種搜索引擎和字典文件，可以根據(jù)需要自定義查詢策略，使用 Sublist3r 的方法如下：

安裝 Python 環(huán)境，然后使用 pip 安裝 Sublist3r：

pip install sublist3r

接下來(lái)，創(chuàng)建一個(gè)名為 config.yaml 的配置文件，內(nèi)容如下：

subdomain:
  domain: example.com
    sources:
      assetfinder
      amass
      fernmelder
      sublist3r
      brute
    brute:
      ignore_tld: true
      extensions: ''

運(yùn)行以下命令進(jìn)行子域名查詢：

python sublist3r.py -d example.com -o output -t all -f raw -m google,bing,yahoo,yandex,ask,duckduckgo,startpage,exalead,dogpile,majestic,aol,babylon,seznam -c config.yaml

2、Amass

Amass 是一個(gè)高性能的子域名和資產(chǎn)收集工具，它可以快速地對(duì)目標(biāo)網(wǎng)站進(jìn)行子域名枚舉，Amass 支持多種搜索引擎和字典文件，可以根據(jù)需要自定義查詢策略，使用 Amass 的方法如下：

安裝 Go 語(yǔ)言環(huán)境，然后使用 go get 安裝 Amass：

go get -u github.com/OWASP/Amass/v3/...

接下來(lái)，創(chuàng)建一個(gè)名為 amass.conf 的配置文件，內(nèi)容如下：

[General]
output = "output"
logfile = "amass.log"
timeout = "10s"
concurrent = true
no_progress = false
max_procs = 256
disable_tls = false
verify_ssl = false
aggressive = false
accept_invalid = false
fail_if_not_root = false
clear_output = false
colors = true

運(yùn)行以下命令進(jìn)行子域名查詢：

amass enum -d example.com -config amass.conf > output/amass.txt

3、Nmap NSE腳本（Nmap Network Scanning Engine）

Nmap 是一款網(wǎng)絡(luò)掃描工具，它提供了豐富的腳本庫(kù)，其中就包括用于子域名查詢的腳本，使用 Nmap NSE 腳本進(jìn)行子域名查詢的方法如下：

安裝 Nmap 工具：

對(duì)于 Windows 用戶，可以從 Nmap 官網(wǎng)下載安裝包；對(duì)于 Linux 用戶，可以使用包管理器進(jìn)行安裝，在 Debian/Ubuntu 系統(tǒng)中，可以使用以下命令安裝 Nmap：

sudo apt-get install nmap

接下來(lái)，運(yùn)行以下命令進(jìn)行子域名查詢：

nmap -p--script http-enum -d example.com -oX output/nmap.xml --script-args 'http-enum.path=/' --script-args 'http-enum.maxpagecount=1' --script-args 'http-enum.hidematches=true' --script-args 'http-enum.nofollow=true' --script-args 'http-enum.ignore-codes=200,404' --script-args 'http-enum.externalonly=false' --script-args 'http-enum.maxdepth=1' --script-args 'http-enum.maxthreads=10' --script-args 'http-enum.delay=1s' --script-args 'http-enum.useragent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3"' --script-args 'http-enum.version=detect' --script-args 'http-enum.method=GET' --script-args 'http-enum.baseurl=http://example.com' --script-args 'http-enum.outputfile=output/nmap_http_enum.txt' --script "http-enum" example.com > output/nmap_http_enum.txt && cat output/nmap_http_enum.txt | grep "Host:" | cut -d " " -f2 | sort | uniq > output/nmap_http_enum_hosts.txt && cat output/nmap_http_enum_hosts.txt | grep "^[a-zA-Z]{1,}." | sort | uniq > output/nmap_http_enum_valid_hosts.txt && cat output/nmap_http_enum_valid_hosts.txt >> output/nmap_all_subdomains.txt && echo "Done!" && echo "" && echo "Output saved to output directory." && echo "" && echo "All subdomains have been successfully collected." && echo "" && echo "Please check the output file for the list of all subdomains." && echo "" && echo "If you want to save the output in a different format, please run the script again with the desired output format as an argument." && echo "" && echo "For example, to save the output in JSON format, run the following command:" && echo "" && echo "nmap -p--script http-enum -d example.com -oX output/nmap_all_subdomains_json.xml --script-args 'http-enum.path=/' --script-args 'http-enum.maxpagecount=1' --script-args 'http-enum.hidematches=true' --script-args 'http-enum.nofollow=true' --script-args 'http-enum.ignore-codes=200,404' --script-args 'http-enum.externalonly=false' --script-args 'http-enum.maxdepth=1' --script-args 'http-enum.maxthreads=10' --script-args 'http-enum.delay=1s' --script-args 'http-enum.useragent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3"' --script-args 'http-enum.version=detect' --script-args 'http-enum.method=GET' --script-args 'http-enum.baseurl=http://example.com' --script "http-enum" example.com > output/nmap_all_subdomains_json.xml" && echo "" && echo "Note: The above command is just an example and may not work on all systems." && echo "" && echo "If you encounter any issues while running the script, please refer to the Nmap documentation or contact the Nmap community for assistance." && echo "" && echo "Thank you for using this script!" && echo "" && echo "Have a nice day!" && echo "" && echo "Script created by OWASP Amass Community (https://github.com/OWASP/Amass)" && echo "" && echo "This script is licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License." && echo "" && echo "You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2." && echo "" && echo "Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied." && echo "" && echo "See the License for the specific language governing permissions and limitations under the License." && echo "" && echo "Script created by OWASP Amass Community (https://github.com/OWASP/Amass)" && echo "" && echo "This script is portable across all major operating systems and requires no additional setup or configuration." && echo "" && echo "For more information about this script, help and support options, please visit https://github.com/OWASP/Amass" && echo "" && echo "If you have any questions or feedback regarding this script, please contact us at info@owaspamass.org." && echo "" && echo ""

網(wǎng)頁(yè)標(biāo)題：子域名查詢方法
地址分享：http://www.dlmjj.cn/article/dpjpeie.html