New OSINT Tool Scans Certificate Logs to Surface Exposed Files on Domains
A developer has publicly released a free, read-only OSINT tool aimed at penetration testers and bug bounty hunters. The tool monitors certificate transparency logs and automatically checks newly discovered domains for exposed sensitive files, including .env files, open Git directories, config files, and database dumps. All findings are stored in a searchable database, allowing users to query a domain or partial domain name to view what is publicly exposed. The developer is considering adding keyword-based alerts to notify users when new results match a saved search. They have also invited community input on useful features and, notably, on how to prevent misuse of the data.
This is an AI-generated summary. ShortSingh links to the original source for the complete article.


Discussion (0)
Log in to join the discussion and vote.
Log in