[
  {
    "path": ".github/ISSUE_TEMPLATE/feature_request.md",
    "content": "---\nname: Feature request\nabout: Suggest an idea for this project\ntitle: ''\nlabels: enhancement\nassignees: SudhanshuC, upgoingstar\n\n---\n\n**Is your feature request related to a problem? Please describe.**\nA clear and concise description of what the problem is. Ex. I'm always frustrated when [...]\n\n**Describe the solution you'd like**\nA clear and concise description of what you want to happen.\n\n**Describe alternatives you've considered**\nA clear and concise description of any alternative solutions or features you've considered.\n\n**Additional context**\nAdd any other context or screenshots about the feature request here.\n"
  },
  {
    "path": ".github/workflows/semgrep.yml",
    "content": "on:\n  workflow_dispatch: {}\n  pull_request: {}\n  push:\n    branches:\n    - main\n    - master\n    paths:\n    - .github/workflows/semgrep.yml\n  schedule:\n  # random HH:MM to avoid a load spike on GitHub Actions at 00:00\n  - cron: 57 5 * * *\nname: Semgrep\njobs:\n  semgrep:\n    name: semgrep/ci\n    runs-on: ubuntu-20.04\n    env:\n      SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }}\n    container:\n      image: returntocorp/semgrep\n    steps:\n    - uses: actions/checkout@v4\n    - run: semgrep ci\n"
  },
  {
    "path": "License.md",
    "content": "CC0 1.0 Universal\n\nStatement of Purpose\n\nThe laws of most jurisdictions throughout the world automatically confer\nexclusive Copyright and Related Rights (defined below) upon the creator and\nsubsequent owner(s) (each and all, an \"owner\") of an original work of\nauthorship and/or a database (each, a \"Work\").\n\nCertain owners wish to permanently relinquish those rights to a Work for the\npurpose of contributing to a commons of creative, cultural and scientific\nworks (\"Commons\") that the public can reliably and without fear of later\nclaims of infringement build upon, modify, incorporate in other works, reuse\nand redistribute as freely as possible in any form whatsoever and for any\npurposes, including without limitation commercial purposes. These owners may\ncontribute to the Commons to promote the ideal of a free culture and the\nfurther production of creative, cultural and scientific works, or to gain\nreputation or greater distribution for their Work in part through the use and\nefforts of others.\n\nFor these and/or other purposes and motivations, and without any expectation\nof additional consideration or compensation, the person associating CC0 with a\nWork (the \"Affirmer\"), to the extent that he or she is an owner of Copyright\nand Related Rights in the Work, voluntarily elects to apply CC0 to the Work\nand publicly distribute the Work under its terms, with knowledge of his or her\nCopyright and Related Rights in the Work and the meaning and intended legal\neffect of CC0 on those rights.\n\n1. Copyright and Related Rights. A Work made available under CC0 may be\nprotected by copyright and related or neighboring rights (\"Copyright and\nRelated Rights\"). Copyright and Related Rights include, but are not limited\nto, the following:\n\n  i. the right to reproduce, adapt, distribute, perform, display, communicate,\n  and translate a Work;\n\n  ii. moral rights retained by the original author(s) and/or performer(s);\n\n  iii. publicity and privacy rights pertaining to a person's image or likeness\n  depicted in a Work;\n\n  iv. rights protecting against unfair competition in regards to a Work,\n  subject to the limitations in paragraph 4(a), below;\n\n  v. rights protecting the extraction, dissemination, use and reuse of data in\n  a Work;\n\n  vi. database rights (such as those arising under Directive 96/9/EC of the\n  European Parliament and of the Council of 11 March 1996 on the legal\n  protection of databases, and under any national implementation thereof,\n  including any amended or successor version of such directive); and\n\n  vii. other similar, equivalent or corresponding rights throughout the world\n  based on applicable law or treaty, and any national implementations thereof.\n\n2. Waiver. To the greatest extent permitted by, but not in contravention of,\napplicable law, Affirmer hereby overtly, fully, permanently, irrevocably and\nunconditionally waives, abandons, and surrenders all of Affirmer's Copyright\nand Related Rights and associated claims and causes of action, whether now\nknown or unknown (including existing as well as future claims and causes of\naction), in the Work (i) in all territories worldwide, (ii) for the maximum\nduration provided by applicable law or treaty (including future time\nextensions), (iii) in any current or future medium and for any number of\ncopies, and (iv) for any purpose whatsoever, including without limitation\ncommercial, advertising or promotional purposes (the \"Waiver\"). Affirmer makes\nthe Waiver for the benefit of each member of the public at large and to the\ndetriment of Affirmer's heirs and successors, fully intending that such Waiver\nshall not be subject to revocation, rescission, cancellation, termination, or\nany other legal or equitable action to disrupt the quiet enjoyment of the Work\nby the public as contemplated by Affirmer's express Statement of Purpose.\n\n3. Public License Fallback. Should any part of the Waiver for any reason be\njudged legally invalid or ineffective under applicable law, then the Waiver\nshall be preserved to the maximum extent permitted taking into account\nAffirmer's express Statement of Purpose. In addition, to the extent the Waiver\nis so judged Affirmer hereby grants to each affected person a royalty-free,\nnon transferable, non sublicensable, non exclusive, irrevocable and\nunconditional license to exercise Affirmer's Copyright and Related Rights in\nthe Work (i) in all territories worldwide, (ii) for the maximum duration\nprovided by applicable law or treaty (including future time extensions), (iii)\nin any current or future medium and for any number of copies, and (iv) for any\npurpose whatsoever, including without limitation commercial, advertising or\npromotional purposes (the \"License\"). The License shall be deemed effective as\nof the date CC0 was applied by Affirmer to the Work. Should any part of the\nLicense for any reason be judged legally invalid or ineffective under\napplicable law, such partial invalidity or ineffectiveness shall not\ninvalidate the remainder of the License, and in such case Affirmer hereby\naffirms that he or she will not (i) exercise any of his or her remaining\nCopyright and Related Rights in the Work or (ii) assert any associated claims\nand causes of action with respect to the Work, in either case contrary to\nAffirmer's express Statement of Purpose.\n\n4. Limitations and Disclaimers.\n\n  a. No trademark or patent rights held by Affirmer are waived, abandoned,\n  surrendered, licensed or otherwise affected by this document.\n\n  b. Affirmer offers the Work as-is and makes no representations or warranties\n  of any kind concerning the Work, express, implied, statutory or otherwise,\n  including without limitation warranties of title, merchantability, fitness\n  for a particular purpose, non infringement, or the absence of latent or\n  other defects, accuracy, or the present or absence of errors, whether or not\n  discoverable, all to the greatest extent permissible under applicable law.\n\n  c. Affirmer disclaims responsibility for clearing rights of other persons\n  that may apply to the Work or any use thereof, including without limitation\n  any person's Copyright and Related Rights in the Work. Further, Affirmer\n  disclaims responsibility for obtaining any necessary consents, permissions\n  or other rights required for any use of the Work.\n\n  d. Affirmer understands and acknowledges that Creative Commons is not a\n  party to this document and has no duty or obligation with respect to this\n  CC0 or use of the Work.\n\nFor more information, please see\n<http://creativecommons.org/publicdomain/zero/1.0/>\n"
  },
  {
    "path": "README.md",
    "content": "# Awesome Asset Discovery\n[<img src=\"https://i1.wp.com/redhuntlabs.com/wp-content/uploads/2020/05/RedHunt-Logo-Without-Text-Dark.png?w=512&ssl=1\" align=\"right\" width=\"100\">](https://redhuntlabs.com/)\n\nAsset Discovery is the initial phase of any security assessment engagement, be it offensive or defensive. With the evolution of information technology, the scope and definition of assets has also evolved. \n\nEarlier the servers, workstations and websites were primary IT assets of an organization, but today this definition is very limiting and should include anything and everything an organization and its entities has their data on (knowingly or unknowingly). The scope of ownership could differ, but it does not limit the attack surface, for example if an organization puts out open source code on Github, they are not the owner of Github but of the data they put under their repositories. In a scenario where some organization secret has been put on this Github account, it could pose a threat equal or more than running a vulnerable service.\n\nWe have explored this aspect of **assets** in our [blog post here](https://redhuntlabs.com/blog/redifining-assets-a-modern-perspective.html).\n\nThrough this repository, we want to put out a list of curated resources which help during asset discovery phase of a security assessment engagement. We welcome suggestions and contributions from the community in terms of resources as well as categories.\n\n**[`To know more about our Attack Surface Management platform, check out NVADR.`](https://redhuntlabs.com/nvadr)**\n\n## Contents\n\n - [Content Discovery](#content-discovery)\n - [IP Address Discovery](#ip-address-discovery)\n - [Domain / Subdomain Discovery](#domain--subdomain-discovery)\n - [Email Discovery](#email-discovery)\n - [Network / Port Scanning](#network--port-scanning)\n - [Business Communication Infrastructure Discovery](#business-communication-infrastructure-discovery)\n - [Source Code Aggregators / Search - Information Discovery](#source-code-aggregators--search---information-discovery)\n - [Cloud Infrastructure Discovery](#cloud-infrastructure-discovery)\n - [Company Information and Associations](#company-information-and-associations)\n - [Internet Survey Data](#internet-survey-data)\n - [Social Media / Employee Profiling](#social-media--employee-profiling)\n - [Data Leaks](#data-leaks)\n - [Internet Scan / Archived Information](#internet-scan--archived-information)\n\n## [↑](#contents)Content Discovery\n- [rustbuster](https://github.com/phra/rustbuster): Files, directories and vhost buster written in Rust.\n\n## [↑](#contents)IP Address Discovery\n\n- [Mxtoolbox](https://mxtoolbox.com/BulkLookup.aspx): Bulk Domain/IP lookup tool  \n- [Domaintoipconverter](http://domaintoipconverter.com/): Bulk domain to IP converter  \n- [Massdns](https://github.com/blechschmidt/massdns): A DNS resolver utility for bulk lookups  \n- [Googleapps Dig](https://toolbox.googleapps.com/apps/dig/): Online Dig tool by Google \n- [DataSploit (IP Address Modules)](https://github.com/DataSploit/datasploit/tree/master/ip): An OSINT Framework to perform various recon techniques \n- [Domain Dossier](https://centralops.net/co/domaindossier.aspx): Investigate domains and IP addresses \n- [Bgpview](https://bgpview.io/): Search ASN, IPv4/IPv6 or resource name \n- [Hurricane Electric BGP Toolkit](https://bgp.he.net/): Keyword to ASN lookup \n- [Viewdns](https://viewdns.info/): Multiple domain/IP tools \n- [Ultratools ipv6Info](https://www.ultratools.com/tools/ipv6Info): Multiple information related to IPv6 address \n- [Whois](https://manpages.debian.org/jessie/whois/whois.1.en.html): Command line utility usually used to find information about registered users/assignees of an Internet resource.\n- [ICANN Whois](https://whois.icann.org/en): Whois service by Internet Corporation for Assigned Names and Numbers (ICANN) \n- Nslookup [Linux](https://manpages.debian.org/jessie/dnsutils/nslookup.1.en.html) / [Windows](https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/nslookup): Command line utility usually used for querying the DNS records\n- [bgp](https://bgp.he.net/) : Internet Backbone and Colocation Provider ... Hurricane Electric IP Transit. Our Global Internet Backbone provides IP Transit with low latency, access to thousands of networks, and dual-stack \n\n## [↑](#contents)Domain / Subdomain Discovery\n\n- [RedHunt Labs Attack Surface Recon API](https://devportal.redhuntlabs.com/home): RedHunt Labs' Recon API offers comprehensive domain intelligence and reconnaissance capabilities. With access to their extensive in-house database of over 6 billion records, including domains, subdomains, third-party SaaS, data leaks, and intelligent correlations, this API empowers you to enhance your Attack Surface Management and InfoSec workflows.\n- [SubFinder](https://github.com/subfinder/subfinder): SubFinder is a subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe for penetration testing.\n- [Amass](https://github.com/OWASP/Amass): A subdomain enumeration utility \n- [Sublist3r](https://github.com/aboul3la/Sublist3r): Subdomains enumeration tool with multiple sources \n- [Aiodnsbrute](https://github.com/blark/aiodnsbrute): Asynchronous DNS brute force utility \n- [LDNS](https://github.com/NLnetLabs/ldns): A DNS library useful for DNS tool programming \n- [Dns-nsec3-enum](https://nmap.org/nsedoc/scripts/dns-nsec3-enum.html): Nmap NSE Script for NSEC3 walking \n- [Nsec3map](https://github.com/anonion0/nsec3map): A tool to NSEC and NSEC3 walking\n- [Crt.sh](https://crt.sh/?a=1): Domain certificate Search \n- [Ct-exposer](https://github.com/chris408/ct-exposer): A tool to discovers sub-domains by searching Certificate Transparency logs \n- [Certgraph](https://github.com/lanrat/certgraph): A tool to crawl the graph of certificate Alternate Names \n- [Appsecco - The art of subdomain enumeration](https://github.com/appsecco/the-art-of-subdomain-enumeration): The supplement material for the book \"The art of sub-domain enumeration\" \n- [SSLScrape](https://github.com/jhaddix/sslScrape): A scanning tool to scrape hostnames from SSL certificates \n- [Wolframalpha](https://www.wolframalpha.com/): Computational knowledge engine \n- [Project Sonar](https://opendata.rapid7.com/sonar.fdns_v2/): Forward DNS Data \n- [Project Sonar](https://opendata.rapid7.com/sonar.rdns_v2/): Reverse DNS Data \n- [GoBuster](https://github.com/OJ/gobuster): Directory/File, DNS and VHost busting tool written in Go\n- [Bluto](https://github.com/darryllane/Bluto): Recon, Subdomain Bruting, Zone Transfers\n\n## [↑](#contents)Email Discovery\n\n- [Hunter](https://hunter.io/): Email search for a domain  \n- [Skrapp](https://www.skrapp.io/): Browser addon to find emails on Linkedin  \n- [Email Extractor](https://chrome.google.com/webstore/detail/email-extractor/jdianbbpnakhcmfkcckaboohfgnngfcc?hl=en): Chrome extension to extract emails from web pages  \n- [Convertcsv](http://convertcsv.com/email-extractor.htm): Online tool to extract email addresses in text, web pages, data files etc. \n- [linkedin2username](https://github.com/initstring/linkedin2username): OSINT Tool: Generate username lists for companies on LinkedIn\n- [Office365UserEnum](https://bitbucket.org/grimhacker/office365userenum/src/master/):  Enumerate valid usernames from Office 365 using ActiveSync.\n\n\n## [↑](#contents)Network / Port Scanning\n\n- [Zmap](https://github.com/zmap/zmap): A fast network scanner designed for Internet-wide network surveys  \n- [Masscan](https://github.com/robertdavidgraham/masscan): An asynchronously TCP port scanner  \n- [ZMapv6](https://github.com/tumi8/zmap): A modified version of Zmap with IPv6 support.  \n- [Nmap](https://nmap.org/): A free and open source utility for network discovery. The most popular port scanner. \n\n## [↑](#contents)Business Communication Infrastructure Discovery\n\n- [Mxtoolbox](https://mxtoolbox.com/): Online tool to check mail exchanger (MX) records \n- [MicroBurst](https://github.com/NetSPI/MicroBurst): PowerShell based Azure security assessment scripts \n- [Lyncsmash](https://github.com/nyxgeek/lyncsmash): Tools to enumerate and attack self-hosted Lync/Skype for Business \n- [Enumeration-as-a-Service](https://github.com/sosdave/Enumeration-as-a-Service): Script for SaaS offering enumeration through DNS queries \n- [ruler](https://github.com/sensepost/ruler) : A tool to abuse Exchange services\n\n\n## [↑](#contents)Source Code Aggregators / Search - Information Discovery\n\n- [Github](https://github.com/search/advanced): Github Advanced Search \n- [Bitbucket](https://www.google.com/search?q=site:bitbucket.org&q=<keyword>): Bitbucket Search using Google\n- [Gitrob](https://github.com/michenriksen/gitrob): Reconnaissance tool for GitHub organizations \n- [Gitlab](https://gitlab.com/explore/projects): Search Gitlab projects \n- [Publicwww](https://publicwww.com/): Source Code Search Engine \n- [builtwith](https://builtwith.com/test.com) : Web technology information profiler tool. Find out what a website is built with.\n\n## [↑](#contents)Cloud Infrastructure Discovery\n\n- [CloudScraper](https://github.com/jordanpotti/CloudScraper): A tool to spider websites for cloud resources (S3 Buckets, Azure Blobs, DigitalOcean Storage Space) \n- [InSp3ctor](https://github.com/brianwarehime/inSp3ctor): AWS S3 Bucket/Object finder \n- [Buckets Grayhatwarfare](https://buckets.grayhatwarfare.com/): Search for Open Amazon s3 Buckets and their contents \n- [Spaces-finder](https://github.com/appsecco/spaces-finder): A tool to hunt for publicly accessible DigitalOcean Spaces \n- [GCPBucketBrute](https://github.com/RhinoSecurityLabs/GCPBucketBrute): A Google Storage buckets enumeration script \n- [CloudStorageFinder](https://github.com/digininja/CloudStorageFinder): Tools to find public data in cloud storage systems\n\n## [↑](#contents)Company Information and Associations\n\n- [Crunchbase](https://www.crunchbase.com/): Information about companies (funding, acquisition, merger etc.) and the people behind them \n- [Companieshouse](https://beta.companieshouse.gov.uk/): United Kingdom's registrar of companies \n- [OverSeas Registries](https://www.gov.uk/government/publications/overseas-registries/overseas-registries): List of company registries located around the world \n- [Opencorporates](https://opencorporates.com): Open database of companies in the world \n\n## [↑](#contents)Internet Survey Data\n\n- [Project Resonance](https://redhuntlabs.com/project-resonance): RedHunt Labs’s Internet wide surveys to study and understand the security state of the Internet.\n- [Project Sonar](https://opendata.rapid7.com/): Rapid7’s internet-wide surveys data across different services and protocols \n- [Scans.io](https://scans.io): Internet-Wide Scan Data Repository, hosted by the ZMap Team    \n- [Portradar](https://portradar.packet.tel/): Free and open port scan data by packet.tel \n\n## [↑](#contents)Social Media / Employee Profiling\n\n- [LinkedInt](https://github.com/mdsecactivebreach/LinkedInt): A LinkedIn scraper for reconnaissance \n- [Glassdoor](https://www.glassdoor.co.in/Reviews/index.htm): Company review and rating search \n- [SocialBlade](https://socialblade.com/): Track user statistics for different platforms including YouTube and Twitter \n- [Social-Searcher](https://www.social-searcher.com/): Social Media Search Engine \n- [Checkuser](https://checkuser.org): Social existence checker\n\n## [↑](#contents)Data Leaks\n\n- [Dumpmon](https://twitter.com/dumpmon): A twitter bot which monitors multiple paste sites for password dumps and other sensitive information  \n- [Pastebin_scraper](https://github.com/Critical-Start/pastebin_scraper): Automated tool to monitor pastebin for interesting information \n- [Scavenger](https://github.com/rndinfosecguy/Scavenger): Paste sites crawler (bot) looking for leaked credentials\n- [Pwnbin](https://github.com/kahunalu/pwnbin): Python based Pastebin crawler for keywords.\n- [PwnedOrNot](https://github.com/thewhiteh4t/pwnedOrNot): Tool to find passwords for compromised accounts\n\n## [↑](#contents)Internet Scan / Archived Information\n\n- [Cachedviews](https://cachedviews.com/): Cached view of pages on the Internet from multiple sources\n- [Wayback Machine](http://web.archive.org/): Internet Archive  \n- [Shodan](http://shodan.io/): Search engine for Internet-connected devices  \n- [Censys](https://censys.io/): Another search engine for internet-connected devices  \n- [Zoomeye](https://www.zoomeye.org/): Cyberspace Search Engine  \n\n***\n\n## Contributing\n\nIn case you would like to add information to this repository or suggest some ideas, please use one of the following options:\n- [Create an Issue](https://github.com/redhuntlabs/Awesome-Asset-Discovery/issues/new/choose).\n- [Send us Pull Requests](https://github.com/redhuntlabs/Awesome-Asset-Discovery/pulls)\n- Drop an email to contact@redhuntlabs.com \n\n## Connect\n\nTo connect with us:\n- [Website](https://redhuntlabs.com)\n- [Twitter](https://twitter.com/redhuntlabs)\n- [Facebook](https://www.facebook.com/redhunt.labs)\n\n## License\n\nThis work is licensed under [**CC0 1.0 Universal**](https://github.com/redhuntlabs/Awesome-Asset-Discovery/blob/master/License.md)\n\n***\n"
  }
]