Passive Recon with Spyse (Part-I)

Mehedi Hasan Remon
3 min readFeb 28, 2021

بسم الله الرحمن الرحيم
In the name of Allah, the Compassionate, the Merciful

Assalamu Alaikum
peace be upon you


Welcome guys, today I will be talking about recon & spyse. How can you do your recon with spyse & why ! will it help or what ?


Recon is nothing just a process to gather information about your target. While doing bugbounty, performing recon over your target will be beneficial.


Spyse is an internet assets search engine. while doing bugbounty spyse can be your passive recon tool. How to use spyse for your passive recon ! let me show you

Spyse Tools

If you visit you will see the tooling section for spyse. From there you can get a idea what type of enumeration it perform and how can you collect your searched data


  • Advance Search
    Customize your search to find any target.
  • API
    Get the data via Spyse API.
  • Bulk Search
    Make multiple searching for a list of targeted domains and IPs simultaneously.


So as you can see here a lot to do with spyse.

Advance Search

Here you can see spyse have around 4.8B data collection. So with advance search you can filter the data from their collection and can collect specific data you need.

Let me give you a practical example by searching for all possible subdomain takeover on GitHub service

Hope this example is clear that how you can use spyse advance search feature to request specific data and use it for your own benefit.
NOTE: hacking randomly like this can be dangerous


I am little bit sick & can’t write more. I am closing this write up here, whatever there a lot more to cover about spyse & recon. I will be publishing 2nd part of this write up as soon as I can.

Allah Hafiz