https://Virustotal.comhttps://Subdomainfinder.c99.nlhttps://crt.sh/?q=%25.target.comhttps://securitytrails.com/list/apex_domain/target.comhttps://www.shodan.io/search?query=Ssl.cert.subject.CN%3A%22target.com%22https://hunter.how/list?searchValue=

amasshttps://github.com/owasp-amass/amasssunfinderhttps://github.com/projectdiscovery/subfinderdnsxhttps://github.com/projectdiscovery/dnsxchaoshttps://chaos.projectdiscovery.io/#/assetfinderhttps://github.com/tomnomnom/assetfinder

$ amass enum -passive -norecursive -noalts -df domians.txt -o subs-list.txt$ dnsx -silent -d $domain -w ~/wordlist.txt -o ~/dnsbrute.txt$ cat domain.txt | dnsgen - | massdns -r ~/resolvers.txt -o S -w alive.txt

httpx -l domain.txt -timeout 13 -o domain-probe.txt

$ naabu -list sub-list.txt -top-ports 1000 -exclude-ports 80,443,21,22,25 -o ports.txt$ naabu -list sub-list.txt -p - -exclude-ports 80,443,21,22,25 -o ports.txt$ cat domain-subs.txt | aquatone -ports xlarge -scan-timeout 300 -out aquatone.txt

https://github.com/TheRook/subbrute

https://github.com/infosec-au/altdns

./altdns.py -i subdomains.txt -o data_output -w words.txt -r -s output.txt

https://github.com/RedSiege/EyeWitness
https://github.com/breenmachine/httpscreenshot

https://github.com/tomnomnom/waybackurls

https://github.com/lc/gau

https://web.archive.org/cdx/search/cdx?url=*.target.com&fl=original&collapse =urlkey

$ cat domains.txt | katana -silent | while read url; do cu=$(curl -s $url | grep -E '(drive. google | docs. google | spreadsheet\/d | document.\/d\/)' ;echo -e " ==> $url" "\n"" $cu" ; done

$ cat params | qsreplace yogi | dalfox pipe --mining-dom --deep-domxss --mining-dict --remotepayloads=portswigger,payloadbox --remote wordlists=burp,assetnote -o xssoutput.txt
$ cat alive.txt | waybackurls | gf xss | uro | httpx -silent | qsreplace '"><svg onload=confirm(1)>' | airixss -payload "confirm(1)" | tee xssBug3.txt

https://github.com/eslam3kl/SQLiDetector

ssl: “target[.]com” 200 http.title: “dashboard” –unauthenticated dashboardorg:“target.com” x-jenkins 200 — unauthenticated jenkins serverssl:“target.com” 200 proftpd port:21 — proftpd port:21 org:“target.com”http.html:zabbix — CVE-2022-24255 Main & Admin Portals: AuthenticationBypass org:“target.com” http.title:“phpmyadmin” —-php my adminssl:“target.com” http.title:"BIG-IP —F5 BIG-IP using CVE-2020-5902

$ for i in cat host.txt; do ffuf -u $i/FUZZ -w wordlist.txt -mc 200,302,401 -se ;done

y0gi.hacklido.comy0gi.hacklido.com /y0gi.zip - hacklido.zip – admin.zip – backup.zipy0gi.hacklido.com/y0gi/y0gi.zip - hacklido.zip – admin.zip – backup.zipy0gi.hacklido.com/hacklido/y0gi.zip - hacklido.zip – admin.zip – backup.zipy0gi.hacklido.com/admin/y0gi.zip - hacklido.zip – admin.zip – backup.zip

site:http://s3.amazonaws.com “target[.]com”site:http://blob.core.windows.net “target[.]com”site:http://googleapis.com “target[.]com”site:http://drive.google.com “target[.]com”

Org:“target” pwd/pass/passwd/password“target.atlassian” pwd/pass/passwd/password“target.okta” pwd/pass/passwd/password“Jira.target” pwd/pass/passwd/password

httpx -content-type | grep 'application/javascript'

nuclei -t /root/nuclei-templates/exposures/

Jsminer {Burp Extension}https://github.com/KathanP19/JSFScan.shhttps://github.com/trufflesecurity/trufflehog

Sudomy:https://github.com/Screetsec/SudomyReconftw：https://github.com/six2dez/reconftw水泽-信息收集自动化工具https://github.com/0x727/ShuiZe_0x727