explaingit

d0ctorsec/informationcollectionedgeassetsmining

Analysis updated 2026-05-18

16Audience · developerComplexity · 3/5Setup · moderate

TLDR

A Chinese-language reference guide walking authorized penetration testers through discovering a target organization's domains, subdomains, and hidden assets.

Mindmap

mindmap
  root((InformationCollectionEdgeAssetsMining))
    What it does
      Recon workflow guide
      Chinese language notes
      Sequential stages
    Tech stack
      Tscan
      subfinder
      Hunter Quake FOFA
    Use cases
      Company info lookup
      Subdomain discovery
      Edge asset mapping
    Audience
      Security professionals
      Authorized pentesters

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Trace a target company's registered domains and shadow domains using ICP filings and historical WHOIS records.

USE CASE 2

Expand from a main domain to subdomains and IP addresses using tools like Tscan and subfinder.

USE CASE 3

Search asset mapping platforms such as Hunter, Quake, and FOFA to find edge assets outside a target's main perimeter.

How does it compare?

d0ctorsec/informationcollectionedgeassetsmining920linjerry-stack/capital-studioaahonarmand/neticu
Stars161616
LanguagePythonSwift
Setup difficultymoderateeasyeasy
Complexity3/53/52/5
Audiencedeveloperresearchergeneral

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · moderate Time to first run · 1h+

Requires separately installing and configuring third-party recon tools and API keys for the platforms it references.

In plain English

This repository is a Chinese-language reference guide for asset discovery and reconnaissance during authorized penetration testing engagements. The author assembled it to replace scattered notes and tools with a single, ordered workflow. Most of the text is in Chinese, but tool commands and search syntax appear in English. The guide is structured as a sequential chain. You work through each stage in order, and the outputs from earlier stages feed into later ones. The first stage covers collecting basic information about a target organization: looking up company registration data through equity transparency platforms, finding registered domains through China's ICP filing system (the Ministry of Industry and Information Technology database), tracing historical WHOIS records to find shadow domains the organization may have forgotten, and reverse-searching contact details from WHOIS records to discover additional domain registrations. The second stage expands from the main domain into subdomains and IP addresses. The guide recommends combining automated tools with asset mapping platforms. Tools covered include Tscan (a multi-platform tool that aggregates results from several intelligence platforms at once) and subfinder (an open-source subdomain discovery tool that pulls from sources like Shodan, FOFA, Censys, and GitHub). Asset mapping platforms covered include Hunter, Quake, and FOFA, each with their specific query syntax for domain lookups, ICP registration number searches, and favicon hash searches. The guide notes that certificate wildcard matching can produce false positives that need manual filtering. The document continues through additional stages covering IP range validation, port scanning, web fingerprinting, and identifying edge assets: services that belong to a target organization but sit outside its main perimeter, such as forgotten subdomains, cloud storage buckets, and third-party integrations. The project is described as practical field notes from real pre-sales security assessments, compiled to save time during future engagements. The guide is intended for security professionals performing authorized assessments, not for unauthorized use.

Copy-paste prompts

Prompt 1
Summarize the stages of the InformationCollectionEdgeAssetsMining recon workflow in English.
Prompt 2
Explain how ICP filing lookups and WHOIS history are used to find a target organization's shadow domains.
Prompt 3
Compare the query syntax for Hunter, Quake, and FOFA described in this guide for domain and favicon hash searches.
Prompt 4
Translate the subfinder command examples in this repo and explain what each flag does.

Frequently asked questions

What is informationcollectionedgeassetsmining?

A Chinese-language reference guide walking authorized penetration testers through discovering a target organization's domains, subdomains, and hidden assets.

How hard is informationcollectionedgeassetsmining to set up?

Setup difficulty is rated moderate, with roughly 1h+ to a first successful run.

Who is informationcollectionedgeassetsmining for?

Mainly developer.

Open on GitHub → Explain another repo

This repo across BitVibe Labs

Verify against the repo before relying on details.