OSINT / Recon

Reconnaissance 102: Subdomain Enumeration https://blog.projectdiscovery.io/reconnaissance-series-4/


Announcing Nuclei Cloud

projectdiscovery/pdtm: ProjectDiscovery’s Open Source Tool Manager

(18) INTIGRITI on Twitter: “Passive recon using “Certificate Transparency”: A deep dive 🧵 We all use tools like Amass, ReconFTW & subfinder for finding new subdomains. Let’s demystify these tools by looking at how they work 🪄 Today: Recon through Certificate Transparency What is it? How does it work? 👇” / Twitter


Implementing Nuclei into your GitHub CI/CD pipelines

[How to use CloudQuery for Attack Surface Management and Graph Visualization CloudQuery](https://www.cloudquery.io/how-to-guides/attack-surface-management-with-graph)

Optimizing Wordlists with Masks · Cyber & Stuff

dhn/udon: A simple tool that helps to find assets/domains based on the Google Analytics ID.

Project Bishop: Clustering Web Pages – NCC Group Research

[Subdomain Enumeration: Creating A Highly Efficient Wordlist By Scanning The Entire Internet: A Case Study (Part 1) n0kovo](https://n0kovo.github.io/posts/subdomain-enumeration-creating-a-highly-efficient-wordlist-by-scanning-the-entire-internet/?utm_medium=email)

Implementing Nuclei into your GitHub CI/CD pipelines

(20) Trickest on Twitter: “How to use mksub: Beyond the basics 🔎 mksub is a simple tool. It generates subdomains by combining words from a wordlist with a target domain. But why settle for just the basics? Let’s explore ways to create more combinations and find more hidden subdomains! Thread 🧵 https://t.co/dfJ2hkCdHt” / Twitter

The Anti-Recon Recon Club (using ReconFTW)

elceef/subzuf: a smart DNS response-guided subdomain fuzzer

m8sec/CrossLinked: LinkedIn enumeration tool to extract valid employee names from an organization through search engine scraping

chris408/ct-exposer: An OSINT tool that discovers sub-domains by searching Certificate Transparency logs

Scaling security automation with Docker - Detectify Labs

edoardottt/csprecon: Discover new target domains using Content Security Policy

cramppet/regulator: Automated learning of regexes for DNS discovery

Subdomain Enumeration with DNSSEC https://twitter.com/bka

JupiterOne & Project Discovery: Automating Nuclei with JupiterOne

projectdiscovery/uncover: Quickly discover exposed hosts on the internet using multiple search engines.

(20) INTIGRITI on Twitter: “12 #recon tools you NEED to know about! 🧵 Recon, the gathering of information about your target, is becoming more and more important! 🧠 Here are the tools to help you spot subdomains, vhosts, S3 buckets, parameters and more faster and more effective than the others 👇” / Twitter

Building a Fast One-Shot Recon Script for Bug Bounty

blacklanternsecurity/bbot: OSINT automation for hackers.

rapid7/recog: Pattern recognition for hosts, services, and content

Regulator: A unique method of subdomain enumeration

wssheldon/osintui: OSINT from your favorite services in a friendly terminal user interface, written in Rust 🦀

Subdomain Enumeration Tool Face-off 2022

The Ultimate Guide to Finding Bugs With Nuclei

dhn/spk: spk aka spritzgebaeck: A small OSINT/Recon tool to find CIDRs that belong to a specific organization.

Introducing ASNMap: A Golang CLI tool for speedy reconnaissance using ASN data

ASNmap is a CLI tool written in Golang, and used to query Autonomous System Data. The data is pulled from api.asnmap.sh, which returns data that is parsed from the well-known IPtoASN database.

punk-security/dnsReaper: dnsReaper - subdomain takeover tool for attackers, bug bounty hunters and the blue team!

A Guide to DNS Takeovers: The Misunderstood Cousin of Subdomain Takeovers

Qianlitp/crawlergo: A powerful browser crawler for web vulnerability scanners

A Guide to DNS Takeovers: The Misunderstood Cousin of Subdomain Takeovers

Context-Aware Content Discovery with Chameleon

hakluke/hakscale: Distribute ordinary bash commands over many systems

Microsoft announces new external attack surface audit tool

DM: Microsft has entered the Attack Surface Management space with a new tool called Microsoft Defender Attack Surface Management. It sports a real-time inventory, attack surface visibility, exposure detection and prioritization.

(20) SpiderFoot on Twitter: “If you’re into OSINT or threat intelligence - it’s important to keep on top of the latest news, tools and techniques. Here’s our top 20 sources of OSINT-related news, blogs and publications 👇🧵” / Twitter

[GitHub Recon - It’s Really Deep. Hello everyone, I know that my speed of… by Jerry Shah (Jerry) Medium](https://shahjerry33.medium.com/github-recon-its-really-deep-6553d6dfbb1f)

Automata: A General-Purpose Automation Platform TODO

BitTheByte/Monitorizer: Multithreaded monitoring framework to detect and report newly found subdomains on a specific target using various scanning tools with support for Acunetix & Nuclei

ProjectDiscovery’s Best Kept Secrets TODO

@seclilc Talks About Hacking, Recon and Breaking Into Cybersecurity - YouTube

Dorks for Intelligence X and Google
A curated list of dorks relevant to Intelligence X and Google, including invite URLs for Skype, Hangouts, Zoom, Telegram, WhatsApp, and more.

Sandcastle – AWS S3 Bucket Enumeration Tool
Takes a target’s name as the stem argument (e.g. “Shopify”) and iterates through a file of bucket name permutations. Looks for bucket names like -training, -bucket, -dev, etc. Example bucket name files here.

“OSINT Tool for All-In-One Web Reconnaissance.” Includes: Whois, SSL cert info, DNS and subdomain enumeration, directory scanning, and more.

Sifter - A OSINT, Recon And Vulnerability Scanner

GitHub tools collection

The Cyber Intelligence Analyst’s Cookbook


Scope Based Recon Methodology: Exploring Tactics for Smart Recon | by Harsh Bothra | Feb, 2021 | Cobalt.io https://twitter.com/harshbothra_