Attack Surface Intelligence? 5 tools to boost your results!
If you are working as a penetration tester, you must be aware of the 5 tools so you can enhance your results.
The attack vector to which companies are exposed today is considerably larger than it was several years ago. Modern businesses are compelled to adapt, increasingly shifting towards cloud infrastructure. Occasionally, a misconfigured cloud setup can pose a higher risk than a company's own infrastructure. This is primarily due to the fact that cloud systems are predefined and structured in such a way that they can be scanned automatically, often revealing a depth of vulnerability that goes beyond initial assumptions.
Let’s crack on.
1. GrayHatWarfare – Buckets
The team behind GrayHatWarfare developed a tool which scans any misconfigured/open S3 Bucket and saves their listings. Therefore, its easy to search for a particular company using their advanced search function and find exposed documents of your target.
The search function can be used with free of charge but some more advanced functions needs registration. Also, free users, receive limited results.
2. GrayHatWarfare – URL Shortener
The team GrayHatWarfare strikes again with a new tool, this time with the URL Shortener search tool. Have you even wondered how many sensitive documents are hosted on public locations but nobody knows because of the difficult-guessing names? Such documents often are sent and a URL shortener is used. So, the URL shortener holds the final URL. Well, the URLShortener search tool allow you to search keywords or file extensions in the destination URL. The freeware rules are the same as of the buckets tool, offered by the same team.
3. URL Scan IO
The URL Scan IO is a file search engine. So put in your data and wait for the result. It can return any kind of files or sensitive URLs depending on the keyword combinations and URL. In a nutshell, its a URL search engine. So your keywords are checked against their saved URLs.
IntelX stands as an incredibly valuable tool. With its ability to scour a domain for leaked documents, retrieve leaked passwords from an email address, trace transactions from a Bitcoin address, or discover noteworthy data from IP addresses, it truly elevates the concept of Threat Intelligence. IntelX aspires to become a leading example in the field, offering an advanced search feature and access to billions of records. My experiences with IntelX, particularly during red team assessments, have been nothing short of impressive, and as such, it earns my highest recommendation.
You can search as a non-registered user but what you get is the number of results and the type of data returned. To view the actual data you must registered/log in. There are some restrictions to free users but this goes away, with a price.
5. Hunter IO
When you’ve got a phishing campaign, or whenever you have a red team assessment and you need emails for spear phishing, then this is probably your trailhead.
I know there are myriad open-source tools, and search engines pretty much gives you what you want. But that’s not a CTF. As a professional you should be able to have as much data as you can, because you are the last defense for the companies you are working for. You should push it to the limit an attacker would, and email gathering is an important step in your scenario.
The Hunter IO is one of the many services exists, which provides emails of a company. You need to enter as input the company’s domain and domain-based emails are returned. I can say I am impressed with the results comparing them with the ones I’ve got from open-source tools. I guess they’re using something more than search engines behind the scenes. Whatever they’ re doing is done well and the price they charge for, it’s worth it.
I hope the introduced tools to boost your results and come back with better results. Subscribe to receive articles such as this one. In the future I will introduce more tools to play with. Also by subscribing you receive a free invitation code to security courses we release and much more.