Passive Recon with Spyse (Part-I)

بسم الله الرحمن الرحيم
In the name of Allah, the Compassionate, the Merciful

Assalamu Alaikum
peace be upon you

Introduction

Welcome guys, today I will be talking about recon & spyse. How can you do your recon with spyse & why ! will it help or what ?

Recon

Recon is nothing just a process to gather information about your target. While doing bugbounty, performing recon over your target will be beneficial.

Spyse

Spyse is an internet assets search engine. while doing bugbounty spyse can be your passive recon tool. How to use spyse for your passive recon ! let me show you

Spyse Tools

If you visit https://spyse.com/tools you will see the tooling section for spyse. From there you can get a idea what type of enumeration it perform and how can you collect your searched data

FEATURED TOOLS

• Advance Search
  Customize your search to find any target.
• API
  Get the data via Spyse API.
• Bulk Search
  Make multiple searching for a list of targeted domains and IPs simultaneously.

DATA GATHERING

• Domain Lookup
  Explore detailed information about a domain
• DNS Lookup
  Find all DNS records for any domain
• ASN Lookup
  Find Autonomous System Numbers with connected data
• Subdomain Finder
  Find subdomains of any domain
• Reverse DNS Lookup
  Find a DNS PTR record of any IPv4 address
• SSL Certificate Lookup
  Find certificates by a domain name or fingerprint
• IP Lookup
  Find geolocation, open ports and hosted domains on the IP
• MX Lookup
  Find MX records by the domain name
• Reverse AdSense Lookup
  Find all domains with the same AdSense ID
• Reverse IP Lookup
  Find all hosted domains on a specific IP address
• NS Lookup
  Get a full DNS records list of a domain
• Company Lookup
  Find related company assets by its name
• Port Scanner
  Find open ports and vulnerabilities
• WHOIS Lookup
  Find WHOIS record for any domain
• CVE Search
  Find vulnerable domains and IP addresses by CVE ID
• Technology Checker
  Search for technologies on the websites.

So as you can see here a lot to do with spyse.

Advance Search

Here you can see spyse have around 4.8B data collection. So with advance search you can filter the data from their collection and can collect specific data you need.

Let me give you a practical example by searching for all possible subdomain takeover on GitHub service

Hope this example is clear that how you can use spyse advance search feature to request specific data and use it for your own benefit.
NOTE: hacking randomly like this can be dangerous

EndNote

I am little bit sick & can’t write more. I am closing this write up here, whatever there a lot more to cover about spyse & recon. I will be publishing 2nd part of this write up as soon as I can.

Allah Hafiz