بسم الله الرحمن الرحيم
In the name of Allah, the Compassionate, the Merciful
peace be upon you
Welcome guys, today I will be talking about recon & spyse. How can you do your recon with spyse & why ! will it help or what ?
Recon is nothing just a process to gather information about your target. While doing bugbounty, performing recon over your target will be beneficial.
Spyse is an internet assets search engine. while doing bugbounty spyse can be your passive recon tool. How to use spyse for your passive recon ! let me show you
If you visit https://spyse.com/tools you will see the tooling section for spyse. From there you can get a idea what type of enumeration it perform and how can you collect your searched data
- Advance Search
Customize your search to find any target.
Get the data via Spyse API.
- Bulk Search
Make multiple searching for a list of targeted domains and IPs simultaneously.
- Domain Lookup
Explore detailed information about a domain
- DNS Lookup
Find all DNS records for any domain
- ASN Lookup
Find Autonomous System Numbers with connected data
- Subdomain Finder
Find subdomains of any domain
- Reverse DNS Lookup
Find a DNS PTR record of any IPv4 address
- SSL Certificate Lookup
Find certificates by a domain name or fingerprint
- IP Lookup
Find geolocation, open ports and hosted domains on the IP
- MX Lookup
Find MX records by the domain name
- Reverse AdSense Lookup
Find all domains with the same AdSense ID
- Reverse IP Lookup
Find all hosted domains on a specific IP address
- NS Lookup
Get a full DNS records list of a domain
- Company Lookup
Find related company assets by its name
- Port Scanner
Find open ports and vulnerabilities
- WHOIS Lookup
Find WHOIS record for any domain
- CVE Search
Find vulnerable domains and IP addresses by CVE ID
- Technology Checker
Search for technologies on the websites.
So as you can see here a lot to do with spyse.
Here you can see spyse have around 4.8B data collection. So with advance search you can filter the data from their collection and can collect specific data you need.
Let me give you a practical example by searching for all possible subdomain takeover on GitHub service
Hope this example is clear that how you can use spyse advance search feature to request specific data and use it for your own benefit.
NOTE: hacking randomly like this can be dangerous
I am little bit sick & can’t write more. I am closing this write up here, whatever there a lot more to cover about spyse & recon. I will be publishing 2nd part of this write up as soon as I can.