Tool Links
编码¶
- CyberChef
- MD5解码:
shell¶
LOL(Living Off the Land)¶
漏洞库¶
IoC¶
- GreyNoise
- ThreatMiner
- VirusTotal
- Threat Intelligence Platform
- Robtex:a Threat Intel site that provides information about IP addresses, domain names, etc.
- https://otx.alienvault.com/
- InQuest
- Reputation Center(思科):https://talosintelligence.com/reputation
- OPSWAT MetaDefender
- (greynoise.io:有API的话可以去github装客户端)
- ABUSE.ch: community driven threat intelligence.
- Malware Bazaar: A resource for sharing malware samples.
- Feodo Tracker: A resource used to track botnet command and control (C2) infrastructure linked with Emotet, Dridex and TrickBot.
- SSL Blacklist: A resource for collecting and providing a blocklist for malicious SSL certificates and JA3/JA3s fingerprints.
- URL Haus: A resource for sharing malware distribution sites.
- Threat Fox: A resource for sharing indicators of compromise (IOCs).
Malware hash¶
国内¶
have IP/Domain¶
- BGP Toolkit
- 多地ping:https://check-host.net/
- DB:https://securitytrails.com/
- 域名解析历史、子域
- IP反查域名
- https://dnsdumpster.com/
- ViewDNS
- https://site.ip138.com/ (国际版:https://dnsdblookup.com/)
- 域名解析历史
- https://securityheaders.com/:分析 HTTP 响应标头并提供目标站点安全状况的基本分析。
have Domain¶
- https://who.is/
- https://www.whoxy.com/
- https://whois.domaintools.com/
- https://whois.gandi.net/
- https://searchdns.netcraft.com/
- ICP备案查询:https://beian.miit.gov.cn/#/Integrated/recordQuery
have IP¶
- ipinfo.io:
curl ipinfo.io/xx.xx.xx.xx - IP反查域名:https://dns.aizhan.com/
网络空间资产搜索引擎¶
SandBox¶
浏览器沙箱¶
- https://www.wannabrowser.de/:看网页源码
- https://urlscan.io/:截图&关联信息
- https://www.browserling.com/:桌面交互
Email¶
- Email信誉:
curl emailrep.io/name.what@gmail.com
Email Header¶
客户端/指纹识别¶
- UA识别:
- 追踪/钓鱼生成:Canarytokens
- 追踪/在线IP Logger:grabify
- FingerprintJS
MITRE ATT&CK®相关¶
Other¶
- Web档案:https://archive.org/
- 画布:https://excalidraw.com/
- 狼组安全团队公开知识库:https://wiki.wgpsec.org/