Back to News
Advertisement
PPatchRequest about 6 hours ago 10 commentsRead Article on search.cerast-intelligence.com

FR version is available. Content is displayed in original English for accuracy.

hey guys, wanted to show one of my side projects i just made public.

the idea is basically another osint tool for pentesters and bug bounty hunters. it watches certificate transparency logs and checks newly-seen domains for exposed stuff like .env files, open .git dirs, config files, db dumps and so on, and puts whatever it finds into a searchable db. you just search a domain (or part of one) and see what's exposed.

it's read-only and free. one thing i've been thinking about adding is a way to register for certain keywords and get notified when something new shows up for that search.

would love to hear if you have other ideas for useful features, and also ideas for how to reduce abuse of the data, since that's the part i'm least sure about.

https://search.cerast-intelligence.com/

Advertisement

⚡ Community Insights

Discussion Sentiment

71% Positive

Analyzed from 304 words in the discussion.

Trending Topics

#search#domain#web#gov#registration#using#website#days#passwd#files

Discussion (10 Comments)Read Original on HackerNews

Avery29•4 minutes ago
Nice tool. I’d like to understand what kinds of businesses the customers using this website are in.
keepamovin•40 minutes ago
In the early days of the web you could do a search on google like

  path:/etc/passwd
Sometimes there were even shadow passwd files with the hashes exposed on the web. Crazy days.
technion•about 2 hours ago
There's an astounding amount of .DS_Store showing up - I hadn't realised how common it apparently is for people to accidentally upload this.
stingraycharles•about 2 hours ago
It’s a terrible design from Apple to expose this metadata like this, it’s one of my biggest pet peeves.
sandeepkd•about 3 hours ago
Its interesting and not interesting at the same time based on some of the search results

Almost all of them seem like home projects being deployed with ease in mind than security. The common thread seems to be the fact that most of them are phishing website, not sure if thats a business model to target here?

phoronixrly•about 2 hours ago
So is this the crawler that has been constantly hammering all my applications searching for these files from the very second I first issue a TLS cert for them? Thanks to you I've had to put fail2ban on all my public-facing web servers...

How about you be a good netizen and make it so people can request to be scanned and don't proactively do it, let alone constantly keep hammering them with requests?

cvadict•about 3 hours ago
searching for .gov reveals 0 matches... doubt
sandeepkd•about 3 hours ago
My guess is that they ran selective search on the domains which get registered with any registrar, thats the trigger to start the search. .gov domains are not managed by your typical registrar which is selling the domain registration information to all these downstream partners/scavengers (for lack of better word)
jadamson•about 3 hours ago
The OP says it's using CT logs, not new domain registrations. The approach you have in mind would not include subdomains and would be less likely to coincide with a new server being configured.
sandeepkd•about 3 hours ago
Yes CT is explicitly stated source which is why I qualified it with "Guess" for domain registration. There were couple reasons for that -

1. Quite a few websites in the search results where just on HTTP

2. The .gov sites do use public certificate authorities like digicert, verisign, amazon & letencrypt so they would have been captured unless they are removed explicitly

And yes the domain registration would not include subdomains