Infrastructure
Check List
Cheat Sheet
Search Engine
site:$WEBSITEintitle:"login" |
intitle:"admin" |
intitle:"administrator"
site:$WEBSITEinurl:conf |
inurl:env |
inurl:cgi |
inurl:bin |
inurl:etc |
inurl:root |
inurl:sql |
inurl:backup |
inurl:admin |
inurl:php
site:$WEBSITEfiletype:pdf |
filetype:csv |
filetype:xls |
filetype:xlsx
site:$WEBSITEext:log |
ext:txt |
ext:conf |
ext:cnf |
ext:ini |
ext:env |
ext:sh |
ext:bak |
ext:backup |
ext:swp |
ext:old |
ext:~ |
ext:git |
ext:svn |
ext:htpasswd |
ext:htaccess |
ext:json |
ext:daf
site:$WEBSITE"choose file" site:$WEBSITE cache:"$WEBSITE"port:22country:"IR"city:"Tehran"org:"United States Department"product:"Apache"product:"apache" after:"22/02/2009" before:"14/3/2010"services.service_name: "HTTP"location.country: "Iran"services.tls.certificate.parsed.subject.common_name: "$WEBSITE"autonomous_system.asn: 15169services.banner: "Apache"port:80app:"Apache"country:"Iran"ip:"$TARGET"city:"Tehran"os:"Windows"Useful Website
Bug Bounty Programs
for platform in hackerone bugcrowd intigriti; do echo -e "\n\033[1;36m==============================\n[$platform Programs]\n==============================\033[0m"; curl -s "https://raw.githubusercontent.com/arkadiyt/bounty-targets-data/master/data/${platform}_data.json" | jq -r '.[].url'; doneBGPView
curl -s https://api.bgpview.io/search?query_term=$COMPANY | jq
Whois
DNS
IP Address
Run Machine > URL To Network And Domain Information > Fill in Input your Target > Right Click Domain > All Transforms
Application Menu > New
Entity Palette > Infrastructure > Drag & Drop Domain > Enter Domain Name
Right-click Domain > Run Transforms > All Transforms > [Securitytrails] DNS History Field A
Right-click Domain > Run Transforms > All Transforms > [WhoisXML] DNS lookup
Right-click Domain > Run Transforms > All Transforms > [Securitytrails] DNS History Field NS
Right-click Domain > Run Transforms > All Transforms > To DNS Name - NS
Right-click Domain > Run Transforms > All Transforms > To DNS Name - MX
Right-click Domain > Run Transforms > Domain owner detail
Right-click Domain > Run Transforms > Domain owner detail > To Entities from WHOIS [IBM Watson]
Right-click Domain > Run Transforms > Domain owner detail > To Entities from WHOIS > To WHOIS Records [Whois XML]
Right-click Domain > Run Transforms > Find in Entity Properties > To E-Mail addresses [within Properties]
Right-click Domain > Run Transforms > hunter > Find Email Address [Hunter]
Right-click Domain > Run Transforms > All Transforms > [Securitytrails] List Subdomains
Right-click Domain > Run Transforms > All Transforms > To Subdomains (+Historical)[Shodan]
Right-click Domain > Run Transforms > All Transforms > To Subdomains(Passive DNS)[OTX]
Right-click Domain > Run Transforms > All Transforms > To Subdomains[Shodan]
Right-click Domain > Run Transforms > All Transforms > To Subdomains[VirusTotal Public API]
Right-click Domain > Run Transforms > To Phone numbers [From whois info]
Right-click Domain > Run Transforms > To Phone Numbers [using Search Engine]
Right-click Domain > Run Transforms > To Phone Numbers [within Properties]
recon-ng[recon-ng][default] > help[recon-ng][default] > marketplace search[recon-ng][default] > marketplace install recon/domains-contacts/hunter_io[recon-ng][default] > modules load hunter_io[recon-ng][default][hunter_io] > options list[recon-ng][default][hunter_io] > options set SOURCE $WEBSITE[recon-ng][default][hunter_io] > run[recon-ng][default] > keys list[recon-ng][default] > keys add hunter_io 9918b4ea[...]b46a73f071 [recon-ng][default] > keys remove hunter_io Metadata Extraction
metagoofil -d $WEBSITE -t pdf,xls,xlsx,csv -l 100 -n 7 -f ~/result.htmlexiftool $FILEApplication Menu > Project > New Project > Fill the Inputs > Create > Select Path for Result > Select Extensions and Search Engine > Search All
Last updated