FreshRSS

πŸ”’
❌ Secure Planet Training Courses Updated For 2019 - Click Here
☷
β–³ πŸ”ƒ
There are new available articles, click to refresh the page.
Yesterday β€” December 24th 2025Security

certgrep: a free CT search engine

By: /u/JDBHub

Hey r/netsec -- it's been about two years since we last published a tool for the security community. As a little festive gift, today we're happy to announce the release of certgrep, a free Certificate Transparency search tool we built for our own detection work and decided to open up.

It’s focused on pattern-based discovery (regex/substring-style searches) and quick search and drill down workflows, as a complement to tools like crt.sh.

A few fun example queries it’s useful for:

  • (login|signin|account|secure).*yourbrand.*
  • \*.*google.*
  • yourbrand.*(cdn|assets|static).*

We hope you like it, and would love to hear any feedback you folks may have! A number of iterations will be coming up, including API, SDKs, and integrations (e.g., Slack).

Enjoy!

submitted by /u/JDBHub
[link] [comments]
Before yesterdaySecurity

Have I Been Squatted β€” Analyze (open beta, free)

By: /u/JDBHub

Hey r/netsec!

We've been hacking at a side tool recently called Analyze (subject to change, I'm not a huge fan). Today we're throwing Analyze out there into open beta. It's an on-demand active recon domain analyzer that includes screenshots, redirect chains, classifications, technology scraping (i.e., wappalyzer) and more.

Demo URL: https://haveibeensquatted.com/oneshot/haveibeensquatted.com

It's our internal alternative to URLScan, which we'd like to give to the community to get feedback on and improve. We've built it to help with our investigations which really helps us understand where the gaps are. All the features included in it are free, and will be so forever (that's our promise).

Stuff that's still rough:

  • There is no history, meaning that you won't be able to see when a domain was last analyzed
  • Screenshots take a while to generate; this is due to our pipeline being optimised for large batches
  • We're not patching chromium or using any undetect/stealth browser, which means you'll possibly get blocked or hit a captcha
  • Everything egresses one region, so some sites (especially phishing) will geo-block us
  • We are analyzing the root of the domain, so paths are stripped out

With that in mind, would love to hear your feedback and what you'd like to see included next. If you hit any snags, which you will, providing us with the domain you're analyzing and a description would be very helpful!

submitted by /u/JDBHub
[link] [comments]
❌