Link to this headingOpen Source Intelligence

Sensitive Information:

  • Personally Identifiable Information (PII): Legal name, Addresses, Phonenumbers, Email addresses, Data of Birth, IDs
  • Financial Information: Bank account numbers, Credit/debit card numbers, Payment information, Financial statements, Tax Information
  • Account Credentials: Usernames, Passwords

Link to this headingGitlabs bad Auth Configuration

Look for GitLab instances on targets or belonging to the target. When you stumble across the GitLab login panel, navigate to /explore. Misconfigured instances do not require authentication to view the internal projects. Once you get in, use the search function to find passwords, keys, etc. This is a pretty big attack vector and I am finally revealing it today, because I am sure it will help a lot of you get some critical issues.

Link to this headingrelative-url-extractor

relative-url-extractor

ruby extract.rb demo-file.js ruby extract.rb https://hackerone.com/some-file.js ruby extract.rb '|cat demo-file.js' -c

Link to this headingRecon-ng

Recon-ng

API Keys from github
https://github.com/secureli/public-tools/tree/65c328869e45d08c87dff7ec4b91f826266c9523

keys add bing_api d186b37f4ace45edaaf8209012799889 keys add builtwith_api 9a74cc2b-9c1c-4cf2-b32e-a349158ef7d9 keys add google_api AIzaSyBR2fflgt0O0fYpKnjNqFubTtCiqmdPrJs keys add google_cset AIzaSyBR2fflgt0O0fYpKnjNqFubTtCiqmdPrJs keys add linkedin_api 78mjjd88ztvcfl keys add linkedin_secret ounO7pER7Q0ZXXCj keys add shodan_api ULAqZuKzub6waFpbmlpvrLdek5QDsXYB

https://github.com/fryjustinc/enumallfryjc/blob/b6bce3b3ebef82342264934025f2d4f4d590997e/enumall.py

keys add shodan_api 39Vjh03Crbi0EoPzwSffZAxcNLFqwed1 keys add google_api AIzaSyDUDMi_kuJsoG53Fbxst7Ccpd592TbCwK4 keys add google_cse 016872495654316171864:wtvyugugj0g
keys add shodan_api Wemdicnr843sdfdsvcrtbrthgrfhd

Link to this headingBuilt with

Find what web framework is used by domain:
Domain Built With