In the spirit of good things we share the point of view, to share, I myself in the penetration testing process often used in some sites. If you have good suggestions and additions, you can leave a comment below.
Navisec
Website: http://navisec.it
Network security personnel's Internet navigation, security personnel essential website. Website focused content, and not too much decoration, style is extremely concise. Frequently visited forums, vulnerability libraries, well-known blogs, emergency response centers, everything. Before, have been suffering from the absence of a website can be common security sites collected together. the appearance of Navisec made the editor feel pleasantly surprised. What's MGM Macau
Zhong Eye
Website: http://www.zoomeye.org
Zoomeye Chinese name "Zhong Eye ", it locates in the network space search engine, can be exposed in the public network host device and the website component to carry on the Omni-directional search (as long as has the IP address to search), discovers the loophole, finds out the network "hides the question which the tuck ". The difference between Zoomeye and SHODANHQ is that Zoomeye currently focuses on web-level asset discovery while SHODANHQ focuses on the host plane. The site's authoring team is from: Know Chong Woo
Dharma
Website: http://fofa.so
FOFA website Information search engine, is a technical staff to provide fingerprint identification, all-network application recognition of the open online search engine.
Satan
http://www.shodanhq.com/
Shodan can be said to be a "dark " Google, a moment constantly looking for all the Internet-related servers, cameras, printers, routers and so on. Zoomeye Some of the ideas and SHODANHQ, you can see the SHODANHQ of the status of the lake is how high. There are many tutorials online, interested friends can use SHODANHQ to find the camera or something.
Do network security industry, I think there are two points to have: the first is a sharp sense of smell, flexible and efficient means of information collection. The second is to have a hard-working spirit. Here is the website I used when I initially collected information.
Whois
Website: http://Who.is
Who.is query to more comprehensive information, will also display some domain name history, sub-domain information,DNS information and so on. In the current access to the site, he provides information on the availability of very good.
Http://whois.domaintools.com
The information collected is more detailed than the who.is, but it has to be charged. The free information is less than who.is. A friend with a high demand can think about it.
Ping
Website: http://ping.chinaz.com
His role is not only to ping so simple. The main role is to detect whether the target site uses a CDN. You can even dig out the real website IP. Because there are not too many tests, there is no guarantee of validity here.
Next Station query
Website: http://dns.aizhan.com http://www.114best.com/ip/
Side-note skills, the earliest known is in the Ming boy's side note tool. Host security is generally poor in the current year, many servers have a local overflow vulnerability. As long as a station on the server, you can get the target site. Later, this technique continues until today.
Website fingerprint identification
Website: http://www.websth.com/http://hacksoft.org/cms http://whatweb.net/
Before the official offensive, I like to understand the program used to target the first. If it is an open source program, we will go to Google, Cloud, vulnerability library, etc. to find out whether the program has previously exposed the vulnerability. If it is written by the other side, you can also use the above tools to identify whether the other side of the thinkphp and other frameworks. The enemy, Baizhanbudai.
FB Netizen H4DE5 Supplement
Well, let me add some of the tools I've used myself to:
1, http://www.gpsspg.com/
2, http://websth.com/
3, http://www.showjigenzong.com/
4, http://hd2001562.ourhost.cn/
5, http://www.cz88.net/
6, http://so.baiduyun.me/
7, http://nmap.online-domain-tools.com/
8, http://az0ne.lofter.com/post/31a51a_131960c This blog also has a lot of tools
These websites come from their own subscriptions, there are many of their own collection of small tools Web site, students need to leave a message.
Commonly used penetration testing tool-based Web site