= WAF_bypass = <> <> 「サーバー移転」を追いかけるときに、cloudflareが障害になる。  元サイトを発見するのに使えるだろう。-- ToshinoriMaeno <> == DNS-history == https://github.com/vincentcox/bypass-firewalls-by-DNS-history vincentcox/bypass-firewalls-by-DNS-history == subdomain 探索 == How to find Subdomains of a Domain in Minutes? (メタサイト) https://geekflare.com/find-subdomains/ dnsdumpster.com https://dnsdumpster.com/ [[/dnsdumpster]] [[certspotter.com]] https://sslmate.com/certspotter/ https://censys.io/ ---- https://dnsdumpster.com/static/map/jprs.jp.png https://dnsdumpster.com/static/map/reflection.co.jp.png ---- https://pentest-tools.com/information-gathering/find-subdomains-of-domain {{{ Discover more subdomains with additional subdomain discovery techniques. Technique Light scan Full scan DNS Zone Transfer DNS Enumeration Certificate Transparency Logs HTML links SSL certificates Google and Bing search Reverse DNS enumeration Smart DNS search }}} ImmuniWeb® SSLScan https://www.htbridge.com/ssl/ {{{ }}} == tool == https://github.com/aboul3la/Sublist3r Sublist3r is a python tool designed to enumerate subdomains of websites using OSINT. Sublist3r enumerates subdomains using many search engines such as Google, Yahoo, Bing, Baidu, and Ask. Sublist3r also enumerates subdomains using Netcraft, Virustotal, ThreatCrowd, DNSdumpster, and ReverseDNS. https://github.com/TheRook/subbrute A DNS meta-query spider that enumerates DNS records, and subdomains. == netcraft == https://searchdns.netcraft.com/ ---- virustotal.comb https://www.virustotal.com/#/home/url https://www.kitploit.com/2018/08/waf-buster-disrupt-waf-by-abusing.html?m=1