Great #OSINT and #Recon by SormOrdinaryGamer on the @internetarchive hack that points to be a #Russian #disinformation #misinformation #psyop: https://youtu.be/uMGcUZQmDmA
Recent searches
Search options
#recon
0 posts0 participants0 posts today
InfoSec newsletters and websites need to stop giving free publicity to new recon tools that just run a bunch of other preexisting recon tools. WebCopilot sounds super cool, until you read that it's just running assetfinder, SUBLIST3R_V2.0, subfinder, amass, findomain, gobuster, amass, aquatone, httpx, waymore, gf, dalfox, nuclei, sqlmap. Also it's literally just a bash script that runs a bunch of other commands. This isn't impressive. Stop falling for this.
https://meterpreter.org/webcopilot-all-in-one-web-vulnerability-scanner-find-xss-sqli-rce-and-more/
GitHubwebcopilot/webcopilot at main · h4r5h1t/webcopilotAn automation tool that enumerates subdomains then filters out xss, sqli, open redirect, lfi, ssrf and rce parameters and then scans for vulnerabilities. - h4r5h1t/webcopilot
The @owasp #attacksurface #intelligence collection tool v4.2 has been released and recently reached 10k stars on @github! 
Great job #Amass contributors, corporate supporters, and community! @zerofox @ipinfoio @six2dez @Jhaddix
#asm #easm #osint #osint4good #recon #attacksurfacemanagement
GitHubRelease v4.2.0 · owasp-amass/amassIncorporates the new performance enhancements implemented within Asset DB increasing query speed.
Changelog
87f73be updates to the collection function
9fdfaf0 updated docs to be consistent with As...
If you're interested in the escape room industry, there's still time to sign up for RECON, the online escape room convention hosted by Room Escape Artist!
The community gathers and chats in Discord, and on Sunday the 20th there's a day of streaming talks
: RECONRECONReality Escape Convention - Immersive Games, Escape Rooms, VR, and more
I made something for myself that you might find useful 
GitHubGitHub - n0kovo/random-agent: Simply output a random user-agent. Use it with tools that don't have a --random-agent flag. Like `random-agent` or $(random-agent)Simply output a random user-agent. Use it with tools that don't have a --random-agent flag. Like `random-agent` or $(random-agent) - GitHub - n0kovo/random-agent: Simply output a random user-ag...
Highly recommend signing up for for tickets to the escape room conference RECON which is running virtually on August 19-20, 2023.
The free ticket tier gives access to all of the talks and recordings. And there are tickets that give access to the RECON Discord—which is great for chatting with other community members during the event:
https://roomescapeartist.com/2023/04/14/now-available-recon-remote-tickets/
Room Escape ArtistNow Available: RECON Remote Tickets - Room Escape ArtistTickets are now on sale for RECON Remote 23 (August 19-20 2023), an online escape room conference for business owners, creators, and players.
I recently made a highly efficient subdomain discovery wordlist by scanning the entire IPv4 space for SSL certs.
I've written a full article on the project, which is, in fact, my first public InfoSec article ever!
I would love to hear what you think!
You can read it here:
https://n0kovo.github.io/posts/subdomain-enumeration-creating-a-highly-efficient-wordlist-by-scanning-the-entire-internet/
(boosts and shares highly appreciated 
)
n0kovoSubdomain Enumeration: Creating A Highly Efficient Wordlist By Scanning The Entire Internet: A Case Study (Part 1)Subdomain enumeration is a fundamental and very important part of any offensive reconnaissance, discovering points of entry, exposed assets and/or information that will aid in further compromise of the target’s infrastructure.
Quick question for the OSINT community (Red Teamers too). What FOSS do y'all use for note taking, data visualization, graphing etc., in the context of investigations/recon/mapping?
Are you allowed to be proud when your work is included in SecLists? 
I recently made a highly efficient subdomain discovery wordlist by scanning the entire IPv4 space for SSL certs.
I've written a full article on the project, which is, in fact, my first public InfoSec article ever!
I would love to hear what you think!
You can read it here:
https://n0kovo.github.io/posts/subdomain-enumeration-creating-a-highly-efficient-wordlist-by-scanning-the-entire-internet/
(boosts and shares highly appreciated )
n0kovoSubdomain Enumeration: Creating A Highly Efficient Wordlist By Scanning The Entire Internet: A Case Study (Part 1)Subdomain enumeration is a fundamental and very important part of any offensive reconnaissance, discovering points of entry, exposed assets and/or information that will aid in further compromise of the target’s infrastructure.
One of my favorite web-based #recon #osint tools is dnsdumpster. I find it's results more accurate when verifying the results. It has an easy excel export, and anyone can use it!
Use it the next time you're looking for DNS records: https://dnsdumpster.com/
dnsdumpster.comDNSdumpster.com - dns recon and research, find and lookup dns recordsFind dns records in order to identify the Internet footprint of an organization. Recon that enables deeper security assessments and discovery of the attack surface.
Need a quick way to find related domains?
I did, so I wrote a quick #OSINT tool that abuses the SecurityTrails domain search suggestion API to grab a list of domains that start with [string].
I call it DomainDouche, since it's clearly using their API in a very unintended way and they probably wouldn't like it.
Grab it while it still works :)
GIF
I am #hiringnow to build a #security #research team at ZeroFox focused on #attacksurfacemanagement that will be contributing to the #opensource community! Some excellent candidates have been identified, but if you're interested, please DM me to discuss the details
#osint #recon #infosec
