Passive Recon with Spyse (Part-I)
بسم الله الرحمن الرحيم
Assalamu Alaikum peace be upon you
Introduction
Welcome guys, today I will be talking about recon & spyse. How can you do your recon with spyse & why ! will it help or what ?
Recon
Recon is nothing just a process to gather information about your target. While doing bugbounty, performing recon over your target will be beneficial.
Spyse
Spyse is an internet assets search engine. while doing bugbounty spyse can be your passive recon tool. How to use spyse for your passive recon ! let me show you
Spyse Tools
If you visit https://spyse.com/tools you will see the tooling section for spyse. From there you can get a idea what type of enumeration it perform and how can you collect your searched data
FEATURED TOOLS
Advance Search Customize your search to find any target.
API Get the data via Spyse API.
Bulk Search Make multiple searching for a list of targeted domains and IPs simultaneously.
DATA GATHERING
Domain Lookup Explore detailed information about a domain
DNS Lookup Find all DNS records for any domain
ASN Lookup Find Autonomous System Numbers with connected data
Subdomain Finder Find subdomains of any domain
Reverse DNS Lookup Find a DNS PTR record of any IPv4 address
SSL Certificate Lookup Find certificates by a domain name or fingerprint
IP Lookup Find geolocation, open ports and hosted domains on the IP
MX Lookup Find MX records by the domain name
Reverse AdSense Lookup Find all domains with the same AdSense ID
Reverse IP Lookup Find all hosted domains on a specific IP address
NS Lookup Get a full DNS records list of a domain
Company Lookup Find related company assets by its name
Port Scanner Find open ports and vulnerabilities
WHOIS Lookup Find WHOIS record for any domain
CVE Search Find vulnerable domains and IP addresses by CVE ID
Technology Checker Search for technologies on the websites.
So as you can see here a lot to do with spyse.
Advance Search
Here you can see spyse have around 4.8B data collection. So with advance search you can filter the data from their collection and can collect specific data you need.
Let me give you a practical example by searching for all possible subdomain takeover on GitHub service
Hope this example is clear that how you can use spyse advance search feature to request specific data and use it for your own benefit. NOTE: hacking randomly like this can be dangerous
EndNote
I am little bit sick & can’t write more. I am closing this write up here, whatever there a lot more to cover about spyse & recon. I will be publishing 2nd part of this write up as soon as I can.
Allah Hafiz
wanna support my work! well just buy me a coffee
