Infrastructure Enumeration

Domain Information

curl -s https://crt.sh/\?q\=qu35t.pw\&output\=json | jq .

Filtered by the unique subdomains.

curl -s https://crt.sh/\?q\=qu35t.pw\&output\=json | jq . | grep name | cut -d":" -f2 | grep -v "CN=" | cut -d'"' -f2 | awk '{gsub(/\\n/,"\n");}1;' | sort -u

openssl s_client -ign_eof 2>/dev/null <<<$'HEAD / HTTP/1.0\r\n\r' -connect "qu35t.pw:443" | openssl x509 -noout -text -in - | grep 'DNS' | sed -e 's|DNS:|\n|g' -e 's|^\*.*||g' | tr -d ',' | sort -u

shodan host 10.10.10.10

dig any qu35t.pw

Sources.

baidu
bufferoverun
crtsh
hackertarget
otx
projecdiscovery
rapiddns
sublist3r
threatcrowd
trello
urlscan
vhost
virustotal
zoomeye

Gather information from sources.

cat sources.txt | while read source; do theHarvester -d "qu35t.pw" -b $source -f "${source}_qu35t.pw";done

Extract all the subdomains found.

cat *.json | jq -r '.hosts[]' 2>/dev/null | cut -d':' -f 1 | sort -u > "theHarvester.txt"

Cloud Resources

intext:COMPANY inurl:amazonaws.com

intext:COMPANY inurl:blob.core.windows.net

References

PreviousWordpress NextPrivilege Escalation

Last updated 2 years ago