Show HN: Osint tool that finds exposed files on domains

(search.cerast-intelligence.com)

19 points | by PatchRequest 2 hours ago

2 comments

  • sandeepkd 43 minutes ago
    Its interesting and not interesting at the same time based on some of the search results

    Almost all of them seem like home projects being deployed with ease in mind than security. The common thread seems to be the fact that most of them are phishing website, not sure if thats a business model to target here?

  • cvadict 44 minutes ago
    searching for .gov reveals 0 matches... doubt
    • sandeepkd 40 minutes ago
      My guess is that they ran selective search on the domains which get registered with any registrar, thats the trigger to start the search. .gov domains are not managed by your typical registrar which is selling the domain registration information to all these downstream partners/scavengers (for lack of better word)
      • jadamson 26 minutes ago
        The OP says it's using CT logs, not new domain registrations. The approach you have in mind would not include subdomains and would be less likely to coincide with a new server being configured.