Show HN: Osint tool that finds exposed files on domains
58 points by PatchRequest
by phoronixrly
2 subcomments
So is this the crawler that has been constantly hammering all my applications searching for these files from the very second I first issue a TLS cert for them? Thanks to you I've had to put fail2ban on all my public-facing web servers...
How about you be a good netizen and make it so people can request to be scanned and don't proactively do it, let alone constantly keep hammering them with requests?
by technion
1 subcomments
There's an astounding amount of .DS_Store showing up - I hadn't realised how common it apparently is for people to accidentally upload this.
by keepamovin
2 subcomments
In the early days of the web you could do a search on google like
path:/etc/passwd
Sometimes there were even shadow passwd files with the hashes exposed on the web. Crazy days.
by marysol5
1 subcomments
CT logs are funny, not enough people know about them. Whenever I speak to people they're shocked to know that "internal" subdomains get exposed through them.
by sandeepkd
0 subcomment
Its interesting and not interesting at the same time based on some of the search results
Almost all of them seem like home projects being deployed with ease in mind than security. The common thread seems to be the fact that most of them are phishing website, not sure if thats a business model to target here?
by Elliott-Diy
1 subcomments
Is this just re-skinned leakix.net? One of my honeypots for them is showing the same results.
by Avery29
0 subcomment
Nice tool. I’d like to understand what kinds of businesses the customers using this website are in.