OSINTStack

Domain exposure checklist域名暴露面检查清单

A step-by-step checklist to map what your domain exposes publicly — using passive lookups and a narrow authorized SpiderFoot run.逐步检查你的域名在公开来源暴露了什么 — 使用被动查询和窄范围授权 SpiderFoot 扫描。

Step 1: passive lookup first第 1 步:先做被动查询

  1. Open Censys and search your domain. Note indexed services, certificates and associated hosts.打开 Censys 搜索你的域名。记录索引到的服务、证书和关联主机。
  2. Open Shodan and search your domain or IP ranges. Look for unexpected open ports or banners.打开 Shodan 搜索域名或 IP 范围。查找意外的开放端口或 banner。
  3. Run a passive DNS lookup (e.g. SecurityTrails, AlienVault OTX) to see subdomains you may have forgotten.运行被动 DNS 查询(如 SecurityTrails、AlienVault OTX),查看可能遗忘的子域名。

Step 2: prepare a narrow SpiderFoot scan第 2 步:准备窄范围 SpiderFoot 扫描

  • Scope: only your owned domain (e.g. <mycompany.com>), no IP subnets yet.范围:仅自有域名(如 <mycompany.com>),暂不加 IP 子网。
  • Modules: DNS, WHOIS, crt.sh, Web Analyzer. Skip spider and aggressive probing.模块:DNS、WHOIS、crt.sh、Web Analyzer。跳过 spider 和激进探测。
  • Start the scan locally on 127.0.0.1:5001.在本机 127.0.0.1:5001 启动扫描。

Step 3: review findings第 3 步:复核发现

  1. Mark every finding as verified / unverified / false-positive / out-of-scope.每条发现标注为:已核实 / 未核实 / 误报 / 超出范围。
  2. Look for exposed admin panels, outdated software banners, test/staging subdomains and certificate leaks.检查暴露的管理面板、过时软件 banner、测试/预发布子域名和证书泄露。
  3. Document findings with source URLs and dates before sharing internally.在内部分享前记录发现、来源 URL 和日期。

After the checklist清单完成后

If you found exposed services, close or firewall them before running wider scans. Do not publish the raw findings online unless you have full ownership and legal approval.如果发现暴露的服务,在扩大扫描前先关闭或加防火墙。除非有完整所有权和法律批准,不要在网上公开发布原始发现。