Login
Hey r/netsec -- it's been about two years since we last published a tool for the security community. As a little festive gift, today we're happy to announce the release of certgrep, a free Certificate Transparency search tool we built for our own detection work and decided to open up.
Itβs focused on pattern-based discovery (regex/substring-style searches) and quick search and drill down workflows, as a complement to tools like crt.sh.
A few fun example queries itβs useful for:
FreshRSS (login|signin|account|secure).*yourbrand.*\*.*google.*yourbrand.*(cdn|assets|static).*We hope you like it, and would love to hear any feedback you folks may have! A number of iterations will be coming up, including API, SDKs, and integrations (e.g., Slack).
Enjoy!
Hey r/netsec!
We've been hacking at a side tool recently called Analyze (subject to change, I'm not a huge fan). Today we're throwing Analyze out there into open beta. It's an on-demand active recon domain analyzer that includes screenshots, redirect chains, classifications, technology scraping (i.e., wappalyzer) and more.
Demo URL: https://haveibeensquatted.com/oneshot/haveibeensquatted.com
It's our internal alternative to URLScan, which we'd like to give to the community to get feedback on and improve. We've built it to help with our investigations which really helps us understand where the gaps are. All the features included in it are free, and will be so forever (that's our promise).
Stuff that's still rough:
With that in mind, would love to hear your feedback and what you'd like to see included next. If you hit any snags, which you will, providing us with the domain you're analyzing and a description would be very helpful!
