Commonly used penetration testing tool-based Web site

Navisec

website:http://navisec.it

Network security personnel's Internet navigation, security personnel essential website. Website focused content, and not too much decoration, style is extremely concise. Frequently visited forums, vulnerability libraries, well-known blogs, emergency response centers, everything. Before, have been suffering from the absence of a website can be common security sites collected together. The appearance of Navisec made the editor feel pleasantly surprised.

Zhong Eye

website:http://www.zoomeye.org

ZoomeyeChinese name is"Zhong Eye", it is located in the network Space search engine, can be exposed to the public network of host devices and site components for a full range of search (as long as thereIPAddress to find the vulnerabilities in the network"Hiding a problem with the tuck"。ZoomeyeAndSHODANHQThe difference isZoomeyeCurrently focused onWebLevel of asset discovery andSHODANHQFocus on the host plane. The site's authoring team is from: Know Chong Woo

Dharma

website:http://fofa.so

FoFA website Information search engine, is a technical staff to provide fingerprint identification, all-network application recognition of the open online search engine.

Satan

http://www.shodanhq.com/

shodan can be said to be a " dark Google, a moment constantly looking for all the Internet-related servers, cameras, Printers, routers, and so on. zoomeye Some ideas also draw on with shodanhq , you can see SHODANHQ the status of the lake is high. There are many tutorials online, interested friends can use SHODANHQ looking for a webcam or something.

Do network security industry, I think there are two points to have: the first is a sharp sense of smell, flexible and efficient means of information collection. The second is to have a hard-working spirit. Here is the website I used when I initially collected information.

Whois

website:http://Who.is

who.is Query to more comprehensive information, will also display some domain name history, sub-domain information,DNS information and so on. In the current access to the site, he provides information on the availability of very good.

Http://whois.domaintools.com

The information collected is more detailed than the who.is , but it has to be charged. The free information is less than who.is . A friend with a high demand can think about it.

Ping

website:http://ping.chinaz.com

His role is not only to ping so simple. The main role is to detect whether the target site uses a CDN. You can even dig out the real website IP. Because there are not too many tests, there is no guarantee of validity here.

Next Station query

website:http://dns.aizhan.com http://www.114best.com/ip/

Side-note skills, the earliest known is in the Ming boy's side note tool. Host security is generally poor in the current year, many servers have a local overflow vulnerability. As long as a station on the server, you can get the target site. Later, this technique continues until today.

Website fingerprint identification

website:http://www.websth.com/http://hacksoft.org/cms http://whatweb.net/

Before the official offensive, I like to understand the program used to target the first. If it is an open source program, we will go to Google, Cloud, vulnerability library, etc. to find out whether the program has previously exposed the vulnerability. If it is written by the other side, you can also use the above tools to identify whether the other side of the thinkphp and other frameworks. The enemy, Baizhanbudai.

FB Netizen H4DE5 Supplement

Well, let me add some of the tools I've used myself to:
1, http://www.gpsspg.com/
2, http://websth.com/
3, http://www.showjigenzong.com/
4, http://hd2001562.ourhost.cn/
5, http://www.cz88.net/
6, http://so.baiduyun.me/
7, http://nmap.online-domain-tools.com/
8, http://az0ne.lofter.com/post/31a51a_131960c This blog also has a lot of tools

These websites come from their own subscriptions, there are many of their own collection of small tools Web site, students need to leave a message.

Commonly used penetration testing tool-based Web site