Anyway Hi I'm remade My old sideblock from my old main blog Because sometimes I just want see art I want to reblog lmao. My faves are the goth kids, Josh Myers, and my new kid ✌️
1 note
·
View note
You can not simply publicly access private secure links, can you?
https://vin01.github.io/piptagole/security-tools/soar/urlscan/hybrid-analysis/data-leaks/urlscan.io/cloudflare-radar%22/2024/03/07/url-database-leaks-private-urls.html
0 notes
FAKE METAMASK SCAM
Funny email spam with imaginary gift of 5.1 ETH uses random unpatched wordpress as temporary intermediate redirect, before sending users to the final scam URL.
Mimics MetaMask via CSS
Filename: Metanew.html
Only 2 hits on URLScan
note the HTML CSS IPFS page mimicking metamask !!
0 notes
sigurlfind3r: A Passive Reconnaissance Tool for known URLs Discovery | #Reconnaissance #URLScan #Security
0 notes
Sigurls - Fetch URLs From AlienVault's OTX, Common Crawl, URLScan
Sigurls - Fetch URLs From AlienVault's OTX, Common Crawl, URLScan, Github And The Wayback Machine #AlienvaultOtx
sigurls is a reconnaissance tool, it fetches URLs from AlienVault’s OTX, Common Crawl, URLScan, Github and the Wayback Machine.
Usage
To display help message for sigurls use the -h flag:
$ sigurls -h
_ _
___(_) __ _ _ _ _ __| |___
/ __| |/ _` | | | | '__| / __|
__ | (_| | |_| | | | __
|___/_|__, |__,_|_| |_|___/ v1.3.1
|___/
USAGE:
sigurls [OPTIONS]
OPTIONS:
-d domain to fetch urls for
-sE…
View On WordPress
0 notes
urlscan.io scam
https://reducer.ro/urlscanio-scam
Urlscan reviews confirm site is scam or
: //www.scamadviser.com url scan
shows on web .io . https URL
-.
https://securityboulevard.com ›2021/11›not-all-url-sc..
November 9, 2021 – Scan .Scam Adviser.com We will examine the strengths and weaknesses of these tools to determine their accuracy an
View On WordPress
0 notes
[Media] waymore
waymore
The idea behind waymore is to find even more links from the Wayback Machine than other existing tools.
👉 The biggest difference between waymore and other tools is that it can also download the archived responses for URLs on wayback machine so that you can then search these for even more links, developer comments, extra parameters, etc. etc.
Anyone who does bug bounty will have likely used the amazing waybackurls by @TomNomNoms. This tool gets URLs from web.archive.org and additional links (if any) from one of the index collections on index.commoncrawl.org. You would have also likely used the amazing gau by @hacker_ which also finds URL's from wayback archive, Common Crawl, but also from Alien Vault and URLScan. Now waymore gets URL's from ALL of those sources too (with ability to filter more to get what you want):
▫️ Wayback Machine (web.archive.org)
▫️ Common Crawl (index.commoncrawl.org)
▫️ Alien Vault OTX (otx.alienvault.com)
▫️ URLScan (urlscan.io)
https://github.com/xnl-h4ck3r/waymore
0 notes
Top Cyber Security APIs
The standard method of integrating, improving, and sharing data via online services is Application Programming Interfaces-API.
For anything you can think of, APIs are available, including setting up e-commerce websites, payment wallets, digital coins, social network interaction, and email services. The current infosec and cybersecurity market is also boosted by the red team and blue team APIs.
The most popular security APIs:
Google Safe Browsing API
PhishTank API
VirusTotal API
Quttera API
Sucuri API
GreyNoise API
URLScan API
Cloudflare API
Shodan API
Metasploit API
AlienVault API
What is Security APIs useful for?
Detecting and cleaning malware or viruses:
To detect malicious files and code injections in your web apps, a lot of malware API services are useful. When a new app is infected with an illegal 3rd party code, you will be alerted quickly.
Exploring the reputation of any website:
This type of security API is useful for detecting phishing domains, or pages related to unusual downloads, networks that are infected, etc.
Exploring your attack surface area:
Using security APIs will allow you to investigate and track down the culprits behind fraudulent activities if you work for a public or private security agency.
Cyber fraud Investigation:
Some cybersecurity APIs allow you to explore and audit your DNS records, IP addresses, and domain names, allowing you to discover any abnormal changes to your DNS infrastructure to prevent harmful activities such as domain hijacking, as well as finding stale DNS records, reviewing information about SSL certificates, and more.
Brand monitoring:
Find and report illegal use within seconds of any brand name or trademark that your company has registered.
Copyright violation research:
Use your copyrighted materials to find and research 3rd party websites; locate IP addresses, records, domain names, and use web hosting checker features to find the actual people behind the operation.
Bug and data bounty programs:
To show their abilities while earning money with their hacking knowledge, ethical hackers participate in bug and data bounty programs. For these white hat hackers seeking valuable reconnaissance information about their targets, security APIs are the perfect tool.
1 note
·
View note
Proyecto Triz3stalk
Triz3stalk es una distribución de Ubuntu enfocada a OSINT. En esta distribución encontrarás multitud de herramientas con tutoriales de uso que te permitirán realizar escaneos e investigaciones de todo tipo.
¿Qué herramientas incluye Triz3stalk?
Para empezar Triz3stalk se puede dividir en herramientas instaladas en la propia distribución y herramientas que se utilizan desde el navegador web.
Herramientas Linux
1. Shodan
2. SpiderFoot HX
3. Recon-ng
4. TheHarvester
5. Maltego
6. Sherlock
7. Nmap
8. OSRFramework
9. Sublist3r
10. Katana-ds
11. DMitry
12. Infoga
13. H8mail
⫘⫘⫘⫘⫘⫘⫘⫘⫘⫘⫘⫘⫘⫘⫘⫘⫘⫘⫘⫘
Herramientas web
1. Censys
2. Metadata2go
3. Flightaware
4. Builtwith
5. Searchcode
6. Dnsdumpster
7. Breachdirectory
8. Wayback Machine
9. URL Fuzzer
10. IPinfo
11. Imgops
12. WhoTwi
13. IntelX
14. VirusTotal
15. URLScan
16. AbuseIPDB
17. Mystalk
18. MxToolBox
꒷⏝꒷꒦꒷⏝꒷꒦꒷⏝꒷꒷⏝꒷꒦꒷⏝꒷꒦꒷⏝꒷꒷⏝꒷꒦꒷⏝꒷꒦꒷⏝꒷꒷⏝꒷꒦꒷⏝꒷꒦꒷⏝꒷
Todas estas herramientas se encuentran compiladas en un script que incluye un manual y ejemplos de uso para facilitar lo máximo posible los escaneos de información y las investigaciones que queramos realizar.
꒷⏝꒷꒦꒷⏝꒷꒦꒷⏝꒷꒷⏝꒷꒦꒷⏝꒷꒦꒷⏝꒷꒷⏝꒷꒦꒷⏝꒷꒦꒷⏝꒷꒷⏝꒷꒦꒷⏝꒷꒦꒷⏝꒷
Dorks Cheat Sheet
Como punto extra, también se incluye una Cheat Sheet de dorks de distintos navegadores para tener a mano todos los atajos a la hora de buscar información directamente en Internet.
Todo ello hace de Triz3stalk una suite de herramientas OSINT sencilla y amigable gracias a su interfaz, que agilizará nuestras investigaciones en fuentes abiertas y nos facilitará el acceso a algunas de las herramientas más útiles que encontraremos en la red, y que ahora podemos tener a nuestra alcance con tan solo un par de clicks ;)
1 note
·
View note
Urlscan.io’s SOAR spot: Chatty security tools leaking private data
https://positive.security/blog/urlscan-data-leaks
Comments
0 notes
🎯 @Spotify @SpotifyCares
⚠astonwoodbusinessclub.com/Spotify/
☣ AS201536 [77.237.248.21] 🇬🇧
🌐 @netearthone
🖧 @nahosting @datacentreplus
Spam relay 209.159.153.135
AS201536 - SANDYXHOSTING-AS Data Centre Plus, GB
#scam #spoof #phishing
host .amsa .org .au [64.91.251.198]
https://urlscan.io/ip/192.185.225.72
1 note
·
View note
Sigurls – Fetch URLs From AlienVault’s OTX, Common Crawl, URLScan | MrHacker.Co #alienvaultotx #alienvault039s #apikeys #common #crawl #hacker #hacking #cybersecurity #hackers #linux #ethicalhacking #programming #security #mrhacker
0 notes
WRecon: Open Source no Intussive Web Scanner | #reconnaissance #urlscan #webscanner #security
0 notes
Microsoft ve Güvenlik, İşte şimdi başladık
Microsoft Progress Report: Security Bill Gates' in açık e-mail mesajı. Burada Microsoft artık gerçekten güvenliğe önem verdiği belirtiliyor.
Biraz istatistikle destekleyelim;
Windows 2000 işletim sistemi çıktığında ilk 320 gün içerisinde 40 kritik açık rapor edilmiş bunun yanında Windows 2003 ün ilk 320 gününde sadece 9. Evet gerçekten de bir ilerleme kaydedilmiş, Bu gözle görülüyor. Ancak ilginç olan bu adamlar bugüne kadar niye bu konuyu bu kadar takmıyorlar dı ?
Son ve gerçekten dehşet bir istatistikte şu IIS6 henüz hiç bir açık içermiyor. IIS6' da bu şekilde açık çıkmaması gerçekten çok güzel. Özellikle de Apache'nin yeni sürümlerinde ve ilişkili modlarında çıkan yoğun açıklarla karşılaştırınca. Ancak IIS6 incelendiğinde zaten ileri derecede güvenliğe önem verildiği belli.
Daha önceden Win2003 ile ilgili yazılarımda belirttiğim gibi MS artık default ayarlar konusunda çok ciddi. Mesela Win2003 te Internet Explorer varsayılan ayarlarında internet download bile yapmıyor. Internet Zone High (Yüksek Güvenlik) seviyesinde.
Aynı şekilde IIS 6 da "disable parent paths" (üst klasör kullanımını yasakla) seçeneği seçili olarak kuruluyor, URLScan' ın bir çok özelliğinin de buna dahil edilerek built-in olarak gelmesi de ayrı bir güvenlik artısı.
Konu ile ilgili olarak URLScan 2.5 IIS 6 uyumlu versiyonu.
Yazı Kaynakları;
Micheal Howard's Web Blog
Microsoft Progress Report: Security
0 notes