/Awesome-Asset-Discovery

List of Awesome Asset Discovery Resources

Creative Commons Zero v1.0 UniversalCC0-1.0

Awesome-Asset-Discovery

Asset Discovery is the initial phase of any security assessment engagement, be it offensive or defensive. With the evolution of information technology, the scope and definition of assets has also evolved.

Earlier the servers, workstations and websites were primary IT assets of an organization, but today this definition is very limiting and should include anything and everything an organization and its entities has their data on (knowingly or unknowingly). The scope of ownership could differ, but it does not limit the attack surface, for example if an organization puts out open source code on Github, they are not the owner of Github but of the data they put under their repositories. In a scenario where some organization secret has been put on this Github account, it could pose a threat equal or more than running a vulnerable service.

We have explored this aspect of assets in our blog post here.

Through this repository, we want to put out a list of curated resources which help during asset discovery phase of a security assessment engagement. We welcome suggestions and contributions from the community in terms of resources as well as categories.

Contents

IP Address Discovery

Domain / Subdomain Discovery

Email Discovery

  • Hunter: Email search for a domain
  • Skrapp: Browser addon to find emails on Linkedin
  • Email Extractor: Chrome extension to extract emails from web pages
  • Convertcsv: Online tool to extract email addresses in text, web pages, data files etc.

Network / Port Scanning

  • Zmap: A fast network scanner designed for Internet-wide network surveys
  • Masscan: An asynchronously TCP port scanner
  • ZMapv6: A modified version of Zmap with IPv6 support.
  • Nmap: A free and open source utility for network discovery. The most popular port scanner.

Business Communication Infrastructure Discovery

  • Mxtoolbox: Online tool to check mail exchanger (MX) records
  • MicroBurst: PowerShell based Azure security assessment scripts
  • Lyncsmash: Tools to enumerate and attack self-hosted Lync/Skype for Business
  • Enumeration-as-a-Service: Script for SaaS offering enumeration through DNS queries

Source Code Aggregators / Search - Information Discovery

  • Github: Github Advanced Search
  • Bitbucket: Bitbucket Search using Google
  • Gitrob: Reconnaissance tool for GitHub organizations
  • Gitlab: Search Gitlab projects
  • Publicwww: Source Code Search Engine

Cloud Infrastructure Discovery

Company Information and Associations

  • Crunchbase: Information about companies (funding, acquisition, merger etc.) and the people behind them
  • Companieshouse: United Kingdom's registrar of companies
  • OverSeas Registries: List of company registries located around the world
  • Opencorporates: Open database of companies in the world

Internet Survey Data

  • Project Sonar: Rapid7’s internet-wide surveys data across different services and protocols
  • Scans.io: Internet-Wide Scan Data Repository, hosted by the ZMap Team
  • Portradar: Free and open port scan data by packet.tel

Social Media / Employee Profiling

Data Leaks

  • Password dump: Password data dumps
  • Paste Search Tool: Custome Search Engine for paste search
  • Dumpmon: A twitter bot which monitors multiple paste sites for password dumps and other sensitive information
  • Pastebin_scraper: Automated tool to monitor pastebin for interesting information

Internet Scan / Archived Information

  • Cachedviews: Cached view of pages on the Internet from multiple sources
  • Wayback Machine: Internet Archive
  • Shodan: Search engine for Internet-connected devices
  • Censys: Another search engine for internet-connected devices
  • Zoomeye: Cyberspace Search Engine

Contributing

In case you would like to add information to this repository or suggest some ideas, please use one of the following options:

Connect

To connect with us:

License

This work is licensed under CC0 1.0 Universal