-
Notifications
You must be signed in to change notification settings - Fork 236
Discovery Menu
Video Demo: https://www.youtube.com/watch?v=PFGU-eOfXuU
Discovery module helps you to identify machines which runs a specific service.
You can extract pre-discovered machines with Shodan's or Censys's API
or you can scan them yourself with masscan tool. Also, you can discover websites according to a dork from Google. Make sure that you provided Shodan, Censys and Google API keys in order to use these features.
All discovered targets are saved under /assets/discovered folder with following format:
discoverymethod_service_discoveryid.txt
Example: censys_ssh_8593212.txt
You can check discovered targets in "Assets" menu. For more detail about it, visit it's wiki page.
Shodan module will you to extract pre-discovered machines via Shodan's API.
In 'Automatic Query' section you can generate Shodan search query and find machines by providing country code and service type. Following example shows how to gather IP addresses which runs SSH in Turkey.
Enter Country Code: TR
Enter Protocol: ssh
In this section, you can write your own Shodan query. For syntax, please visit here: https://www.shodan.io/
Following example shows how to gather IP addresses which runs Apache in Istanbul:
apache city:"Istanbul"
Censys module will you to extract pre-discovered machines via Censys's API.
In 'Automatic Query' section you can generate Censys search query and find machines by providing country code and service type. Following example shows how to gather IP addresses which runs SSH in Turkey.
Enter Country Code: TR
Enter Protocol: ssh
In this section, you can write your own Shodan query. For syntax, please visit here: https://censys.io/
Following example shows how to gather IP addresses SCADA systems in US:
location.country_code: US and tags: scada
With masscan, you can discover devices in an IP range which runs specific services. Following example shows how to gather IP addresses which runs SSH in 83.49.0.0/16 range.
Enter IP range: 83.49.0.0/16
Enter Protocol: ssh
Web Scanner module allows you to extract URLs from Google with given dork.
In 'Automatic Dork' section, you can create a dork by providing country code and domain extension. Following example shows how to gather URLs which has edu.tr domain extension. (Full dork will be this: inurl:.php?id= inurl:edu.tr)
Enter Country Code: tr
Enter Domain Extension: edu
In this section, you can enter your own dork. For example:
Enter Your Dork: intitle:EyesOfNetwork intext:"sponsored by AXIANS"
For checking discovered assets, please visit "Assets" page