How to Fastline Internet Asset Enumeration with Cyber Search Engines

"In the midst of chaos, there is also an opportunity" - Sun Tzu. 

As Sun Tzu said, we always have an opportunity to penetrate the restricted networks, and the bigger the mess the easier it can be. But it’s essential to be fast and collect as much information as it can be, to know where to step further.

But, where would I collect these kinds of information, accurate, complete, and in a short matter of time? Who is the best information provider?

CMD line tools such as Nmap will give accuracy, Amass will help to gather all in one place but all those tools can't be fast, they are just scanners. Scanners require creating special scanning infrastructure: a bunch of abuse-safe servers(preferably located in different parts of the world),  free hands, and after all, money. 

Here is where Spyse comes into play

Spyse is a Cyber Search Engine that collects data across the whole internet and delivers it in a structured view. It provides instant access to the target’s data to assess the attack perimeter, understand how the target is presented on the internet, what’s connected to it, and most importantly where you should look first.

The data that is collecting is huge: subdomains, DNS records, SSL certificate details, technology stacks, subnets, IPs, CVE details, and more.

Interesting? 

Detailed data could be sees here: https://spyse.com/our-data

In this article, I will share details about gathered data that will be used in real examples in future articles. 

Subdomain enumeration 

Finding an asset is a crucial job for bug hunters and pentester. The reason is that they might be missed out on some domains from their subdomain process. They also required more processing time to get more subdomain using subdomain tools like Amass, Subfinder, Findomain, etc., and need to find out the valid subdomain by resolving the DNS. 

• Do you want to automate the process? 
• Do you need more subdomain details within few clicks? 
• Yes and Yes, obviously.

Spyse provides API to upstream the development flow. Write a simple script to simplify information gathering or implement it with different tools such as Maltego.

Please check out the API documentation in the below link.
Link: https://spyse.com/api

Email Harvesting 

"Your privacy is in your Email Id" - @Monstersec 

Sharing your emails is an identity to contact. Nowadays, your emails are connected to multiple apps. Some people don't know all the apps they've given their email to and what permissions they allowed. 

There are a lot of phishing attacks through emails that have been leaked on the internet. 

Spyse collects more emails than hunter.io or snov.io and connects this information to domain names. This feature is excellent for hackers, IMHO. 

The reason is most of the organization assets login integrated with the org email. Once we get the Email password via cracking or phishing, then your company is in a very dangerous position. 

CVE based vulnerable target

Spyse is excellent for delivering CVE based vulnerable targets. But, How Hacker would use it? 

First of all, hackers could search for vulnerable targets by CVE id or footprints (stack of technologies and their versions). 

A second cool feature is that Spyse has its own security rating with expands opportunities for finding vulnerable targets.

"Prevention is better than cure. “ 

Port Scanner 

Finding an open port is a crucial task for an attacker.

Take a quick overview of targets’ open ports Instead of scanning all at once and waste a bunch of time. Pick the right vector and scan it. 

This feature is more useful for Network Administrators, Bug Hunters, and security Engineers to prevent unwanted port open issues. 

Conclusion

All your internet assets are an alias of your brand. It should be safe and secure. In the era of the cybersecurity world, Small and mid-level Companies should be invested in tools like Spyse to remain safe from these kinds of cyberattacks.