검색 엔진 도구 치트 시트 언커버
개요
Uncover는 Project Discovery에서 개발한 강력한 검색 엔진 래퍼로, 여러 검색 엔진을 사용하여 인터넷에 노출된 호스트를 빠르게 발견할 수 있게 해줍니다. Shodan, Censys, Fofa, Hunter, Zoomeye, Netlas 등 인기 있는 검색 엔진을 쿼리할 수 있는 통합 인터페이스를 제공하여 정찰 및 공격 표면 매핑에 필수적인 도구입니다.
Uncover가 이러한 검색 엔진을 직접 사용하는 것과 차별화되는 점은 여러 제공자를 동시에 쿼리하고, 결과를 정규화하며, 일관된 형식으로 제공할 수 있다는 것입니다. 이를 통해 인터넷에 노출된 자산을 발견하는 프로세스가 크게 가속화되고 보안 전문가가 잠재적인 보안 위험을 더 효율적으로 식별할 수 있습니다. Uncover는 자동화를 염두에 두고 설계되어 보안 워크플로우 및 파이프라인에 쉽게 통합할 수 있습니다.
Uncover는 보안 연구원, 버그 바운티 헌터, 침투 테스터가 노출된 서비스, 취약한 애플리케이션, 잘못 구성된 시스템을 발견하는 데 일반적으로 사용됩니다. 여러 검색 엔진을 활용할 수 있는 능력은 공격 표면에 대해 더 포괄적인 뷰를 제공하여 단일 소스를 사용할 때 놓칠 수 있는 보안 문제를 발견할 가능성을 높입니다.
Would you like me to continue with the remaining sections?```bash
Install using Go (requires Go 1.20 or later)
go install -v github.com/projectdiscovery/uncover/cmd/uncover@latest
Verify installation
uncover -version
### Using Docker
```bash
# Pull the latest Docker image
docker pull projectdiscovery/uncover:latest
# Run Uncover using Docker
docker run -it projectdiscovery/uncover:latest -hUsing Homebrew (macOS)
# Install using Homebrew
brew install uncover
# Verify installation
uncover -versionUsing PDTM (Project Discovery Tools Manager)
# Install PDTM first if not already installed
go install -v github.com/projectdiscovery/pdtm/cmd/pdtm@latest
# Install Uncover using PDTM
pdtm -i uncover
# Verify installation
uncover -versionOn Kali Linux
# Install using apt
sudo apt install uncover
# Verify installation
uncover -versionBasic Usage
Searching with Queries
# Search using a basic query
uncover -q "apache"
# Search using multiple queries
uncover -q "apache,nginx"
# Search from a file containing queries
uncover -qf queries.txt
# Search from STDIN
echo "apache"|uncoverProvider Selection
# Search using a specific provider
uncover -q "apache" -e shodan
# Search using multiple providers
uncover -q "apache" -e shodan,censys
# List available providers
uncover -list-enginesOutput Options
# Save results to a file
uncover -q "apache" -o results.txt
# Output in JSON format
uncover -q "apache" -json -o results.json
# Silent mode (only results)
uncover -q "apache" -silentProvider Configuration
API Key Configuration
# Set Shodan API key
uncover -shodan-key YOUR_SHODAN_API_KEY
# Set Censys API credentials
uncover -censys-id YOUR_CENSYS_ID -censys-secret YOUR_CENSYS_SECRET
# Set Fofa API credentials
uncover -fofa-email YOUR_FOFA_EMAIL -fofa-key YOUR_FOFA_KEY
# Set ZoomEye API key
uncover -zoomeye-key YOUR_ZOOMEYE_API_KEY
# Set Hunter API key
uncover -hunter-key YOUR_HUNTER_API_KEY
# Set Netlas API key
uncover -netlas-key YOUR_NETLAS_API_KEY
# Set Quake API key
uncover -quake-key YOUR_QUAKE_API_KEY
# Set Criminalip API key
uncover -criminalip-key YOUR_CRIMINALIP_API_KEYProvider-Specific Options
# Set maximum results per provider
uncover -q "apache" -limit 100
# Set timeout for provider requests
uncover -q "apache" -timeout 60Advanced Usage
Advanced Search Queries
# Search for specific ports
uncover -q "port:80"
# Search for specific services
uncover -q "product:nginx"
# Search for specific vulnerabilities
uncover -q "vuln:cve-2021-44228"
# Search for specific countries
uncover -q "country:US"
# Search for specific organizations
uncover -q "org:\"Example Inc\""
# Combine multiple filters
uncover -q "port:443 product:nginx country:US"ASN Query Syntax
# Search using ASN query syntax
uncover -asq "asn:AS15169 product:nginx"
# Search for specific ASN
uncover -asq "asn:AS15169"
# Search for specific organization
uncover -asq "org:Google"
# Search for specific IP range
uncover -asq "ip:8.8.8.0/24"Field Selection
# Select specific fields to display
uncover -q "apache" -f ip,port,host
# Available fields: ip, port, host, country, city, org, isp, asn, product, versionIntegration with Other Tools
Pipeline with HTTPX
# Discover hosts and probe for HTTP services
uncover -q "apache" -silent|httpx -silent
# Discover hosts, filter by port, and probe for HTTP services
uncover -q "port:443" -silent|httpx -silentPipeline with Nuclei
# Discover hosts and scan for vulnerabilities
uncover -q "apache" -silent|nuclei -t cves/
# Discover hosts with specific product and scan for related vulnerabilities
uncover -q "product:nginx" -silent|nuclei -t exposures/Pipeline with Naabu
# Discover hosts and scan for open ports
uncover -q "apache" -silent|naabu -silent
# Discover hosts and scan for specific ports
uncover -q "apache" -silent|naabu -p 80,443,8080 -silentOutput Customization
Custom Output Format
# Output only IP addresses
uncover -q "apache" -silent -f ip
# Output IP:port format
uncover -q "apache" -silent -f ip,port|awk '\\\\{print $1":"$2\\\\}'
# Count results
uncover -q "apache" -silent|wc -l
# Sort output by IP
uncover -q "apache" -silent|sortFiltering Output
# Filter by specific pattern
uncover -q "apache" -silent|grep "8.8.8"
# Filter by port
uncover -q "apache" -silent -f ip,port|grep ":443$"
# Find unique IPs
uncover -q "apache" -silent -f ip|sort -uAdvanced Filtering
Provider-Specific Filtering
# Filter Shodan results by port
uncover -q "apache" -e shodan -silent|grep ":80$"
# Filter Censys results by country
uncover -q "apache" -e censys -silent -f ip,country|grep "US$"
# Filter Fofa results by title
uncover -q "apache" -e fofa -silent|grep "Dashboard"Combining Multiple Queries
# Search for multiple products
uncover -q "product:nginx,product:apache" -silent
# Search for multiple ports
uncover -q "port:80,port:443" -silent
# Search for multiple vulnerabilities
uncover -q "vuln:cve-2021-44228,vuln:cve-2021-40438" -silent
```## 공급자별 구문
```bash
# Basic Shodan query
uncover -q "apache" -e shodan
# Shodan port filter
uncover -q "port:80" -e shodan
# Shodan product filter
uncover -q "product:nginx" -e shodan
# Shodan country filter
uncover -q "country:US" -e shodan
# Shodan organization filter
uncover -q "org:\"Example Inc\"" -e shodan
# Shodan ASN filter
uncover -q "asn:AS15169" -e shodan
# Shodan vulnerability filter
uncover -q "vuln:cve-2021-44228" -e shodan
```### Shodan 구문
```bash
# Basic Censys query
uncover -q "apache" -e censys
# Censys port filter
uncover -q "services.port=80" -e censys
# Censys product filter
uncover -q "services.software.product=nginx" -e censys
# Censys country filter
uncover -q "location.country_code=US" -e censys
# Censys ASN filter
uncover -q "autonomous_system.asn=15169" -e censys
```### Censys 구문
```bash
# Basic Fofa query
uncover -q "apache" -e fofa
# Fofa port filter
uncover -q "port=80" -e fofa
# Fofa product filter
uncover -q "app=\"nginx\"" -e fofa
# Fofa country filter
uncover -q "country=\"US\"" -e fofa
# Fofa ASN filter
uncover -q "asn=\"AS15169\"" -e fofa
```### Fofa 구문
```bash
# Basic ZoomEye query
uncover -q "apache" -e zoomeye
# ZoomEye port filter
uncover -q "port:80" -e zoomeye
# ZoomEye product filter
uncover -q "app:nginx" -e zoomeye
# ZoomEye country filter
uncover -q "country:US" -e zoomeye
# ZoomEye ASN filter
uncover -q "asn:15169" -e zoomeye
```### ZoomEye 구문
```bash
# Verify API key configuration
uncover -list-keys
# Update API key
uncover -shodan-key YOUR_NEW_SHODAN_API_KEY
```## 문제 해결
```bash
# Reduce number of queries
uncover -q "apache" -limit 10
# Increase timeout
uncover -q "apache" -timeout 60
```### 일반적인 문제
```bash
# Try a different provider
uncover -q "apache" -e censys
# Try a more general query
uncover -q "web" -e shodan
```1. **API 키 문제**
```bash
# Check internet connection
ping 8.8.8.8
# Increase timeout
uncover -q "apache" -timeout 60
```2. **속도 제한**
```bash
# Enable verbose mode
uncover -q "apache" -v
# Show debug information
uncover -q "apache" -debug
# Check provider status
uncover -list-engines
```3. **결과 없음**
`$HOME/.config/uncover/provider-config.yaml`4. **연결 문제**
```yaml
# Example configuration file
shodan:
key: YOUR_SHODAN_API_KEY
censys:
id: YOUR_CENSYS_ID
secret: YOUR_CENSYS_SECRET
fofa:
email: YOUR_FOFA_EMAIL
key: YOUR_FOFA_KEY
zoomeye:
key: YOUR_ZOOMEYE_API_KEY
hunter:
key: YOUR_HUNTER_API_KEY
netlas:
key: YOUR_NETLAS_API_KEY
quake:
key: YOUR_QUAKE_API_KEY
criminalip:
key: YOUR_CRIMINALIP_API_KEY
```### 디버깅
Would you like me to continue with the rest of the headings, or do you want to provide the full text for translation?```bash
# Set Uncover configuration via environment variables
export SHODAN_API_KEY=YOUR_SHODAN_API_KEY
export CENSYS_API_ID=YOUR_CENSYS_ID
export CENSYS_API_SECRET=YOUR_CENSYS_SECRET
export FOFA_EMAIL=YOUR_FOFA_EMAIL
export FOFA_KEY=YOUR_FOFA_KEY
export ZOOMEYE_API_KEY=YOUR_ZOOMEYE_API_KEY
export HUNTER_API_KEY=YOUR_HUNTER_API_KEY
export NETLAS_API_KEY=YOUR_NETLAS_API_KEY
export QUAKE_API_KEY=YOUR_QUAKE_API_KEY
export CRIMINALIP_API_KEY=YOUR_CRIMINALIP_API_KEYReference
Command Line Options
| 깃발 | 설명 |
|---|---|
-q, -query | 검색 쿼리 |
-qf, -query-file | 검색할 쿼리가 포함된 파일 |
-e, -engine | 사용할 검색 엔진(들) |
-o, -output | 출력을 쓸 파일 |
-json | JSON 형식으로 출력 작성 |
-silent | 출력에 결과만 표시 |
-v, -verbose | 자세한 출력 표시 |
-debug | 디버그 정보 표시 |
-f, -field | 출력에 표시할 필드 |
-limit | 제공자당 최대 결과 수 |
-timeout | 프로바이더 요청에 대한 시간 초과(초 단위) |
-asq | ASN 쿼리 구문 사용 |
-list-engines | 사용 가능한 검색 엔진 목록 |
-list-keys | 구성된 API 키 목록 |
-shodan-key | Shodan API 키 |
-censys-id | Censys API ID |
-censys-secret | Censys API 시크릿 |
-fofa-email | Fofa 이메일 |
-fofa-key | Fofa API 키 |
-zoomeye-key | ZoomEye API 키 |
-hunter-key | Hunter API 키 |
-netlas-key | Netlas API 키 |
-quake-key | Quake API 키 |
-criminalip-key | Criminalip API 키 |
-version | Uncover 버전 표시 |
Supported Providers
| 제공자 | 설명 | API 키 필요 |
|---|---|---|
shodan | Shodan 검색 엔진 | 네 |
censys | Censys 검색 엔진 | 네 |
fofa | Fofa 검색 엔진 | 네 |
zoomeye | ZoomEye 검색 엔진 | 네 |
hunter | Hunter 검색 엔진 | 네 |
netlas | Netlas 검색 엔진 | 네 |
quake | Quake 검색 엔진 | 네 |
criminalip | Criminalip 검색 엔진 | 네 |
Common Search Fields
| 필드 | 설명 |
|---|---|
ip | IP 주소 |
port | 포트 번호 |
host | 호스트명 |
country | 국가 코드 |
city | 도시 이름 |
org | 조직 이름 |
isp | 인터넷 서비스 제공업체 |
asn | 자율 시스템 번호 |
product | 제품 이름 |
version | 제품 버전 |
Resources
This cheat sheet provides a comprehensive reference for using Uncover, from basic searching to advanced filtering and integration with other tools. For the most up-to-date information, always refer to the official documentation.