Moniorg - Tool That Leverages Crt.Sh Website To Monitor Domains Of A Target

By looking through CT logs an attacker can gather a lot of information about organization's infrastructure i.e. internal domains,email addresses in a completly passive manner. moniorg leverage certificate transparency logs to monitor for newly issued domains based on organization field in their S...

Mihari - A Helper To Run OSINT Queries & Manage Results Continuously

Mihari is a helper to run queries & manage results continuously. Mihari can be used for C2, landing page and phishing hunting. How it works Mihari makes a query against Shodan, Censys, VirusTotal, SecurityTrails, etc. and extracts artifacts IP addresses, domains, URLs and hashes from the results...

h1-ctf: [H1-2006 2020] Bounty Pay CTF challenge

H1-2006 2020 Bounty Pay CTF challenge Hi there! This is my H1-2006 CTF writeup submission. First of all, thanks for the great challenge! This was my first H1 CTF that I played. I really enjoyed doing it and I learned new things solving this challenge. In my case, it was the demonstration that I...

crt.sh Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1154475 Security Researcher pudsec Helped patch 7 vulnerabilities Received 0 Coordinated Disclosure badges , found a security vulnerability affecting crt.sh website and its users. Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147...

Findomain v0.9.3 - The Fastest And Cross-Platform Subdomain Enumerator

The fastest and cross-platform subdomain enumerator. What Findomain can do? It table gives you a idea why you should use findomain and what it can do for you. The domain used for the test was aol.com in the following BlackArch virtual machine: Host: KVM/QEMU Standard PC i440FX + PIIX, 1996...

Mitaka - A Browser Extension For OSINT Search

Mitaka is a browser extension for OSINT search which can: Extract & refang IoC from a selected block of text. E.g. example.com to example.com, testatexample.com to [email protected], hxxp://example.com to http://example.com, etc. Search / scan it on various engines. E.g. VirusTotal,...

crt.sh XSS vulnerability

Open Bug Bounty ID: OBB-607226 Description| Value ---|--- Affected Website:| crt.sh Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

hostmap-crtsh NSE Script

Finds subdomains of a web server by querying Google's Certificate Transparency logs database . The script will run against any target that has a name, either specified on the command line or obtained via reverse-DNS. NSE implementation of ctfr.py by Sheila Berta. References:...

crt.sh XSS vulnerability

Open Bug Bounty ID: OBB-545906 Description| Value ---|--- Affected Website:| crt.sh Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

crt.sh XSS vulnerability

Vulnerable URL: https://crt.sh/?id=23643875=x509lin%22%3E%3Cimg%20src=x%20onerror=prompt/OPENBUGBOUNTY/%3E Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 462474 VIP website status:| No Coordinated Disclosure...

crt.sh XSS vulnerability

Vulnerable URL: https://crt.sh/?q=OI=^%22%3E%3Csvg/onerror=prompt%28/OPENBUGBOUNTY/%29%3E=1=icaid%22%3E%3Csvg/onload=prompt%28/XSSPOSED/%29%3E Details: Description| Value ---|--- Patched:| Yes, at 24.11.2017 Latest check for patch:| 24.11.2017 11:11 GMT Vulnerability type:| XSS Vulnerability...