Published: Apr 22, 2025 by Isaac Johnson
In February, Mark Zorz, the content director at HelpNetSecurity, spotlighted BadDNS in an intriguing article. Ever since, I’ve been eager to dive into this tool and explore its capabilities.
Today, I’ll walk you through setting up BadDNS and demonstrate its scanning prowess. Interestingly, I discovered that BadDNS can also function as a plugin for BBOT (the Bighuge BLS OSINT Tool). Naturally, this piqued my curiosity, leading me to install BBOT and uncover its potential as well.
BadDNS
BadDNS can help us detect subdomain takeovers and “other DNS tomfoolery”.
I’m going to try and use pipx to install which I first have to add to my host
$ sudo apt install pipx
[sudo] password for builder:
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
aspnetcore-runtime-3.1 aspnetcore-targeting-pack-3.1 aspnetcore-targeting-pack-6.0 dotnet-apphost-pack-3.1
dotnet-apphost-pack-6.0 dotnet-targeting-pack-3.1 dotnet-targeting-pack-6.0 fluent-bit libappstream-glib8
libdbus-glib-1-2 libfwupdplugin1 liblttng-ust-ctl4 liblttng-ust0 libxmlb1 mariadb-common python3-crcmod td-agent-bit
Use 'sudo apt autoremove' to remove them.
The following NEW packages will be installed:
pipx
0 upgraded, 1 newly installed, 0 to remove and 160 not upgraded.
Need to get 23.2 kB of archives.
After this operation, 119 kB of additional disk space will be used.
Get:1 http://archive.ubuntu.com/ubuntu focal/universe amd64 pipx all 0.12.3.1-2ubuntu1 [23.2 kB]
Fetched 23.2 kB in 0s (125 kB/s)
Selecting previously unselected package pipx.
(Reading database ... 288121 files and directories currently installed.)
Preparing to unpack .../pipx_0.12.3.1-2ubuntu1_all.deb ...
Unpacking pipx (0.12.3.1-2ubuntu1) ...
Setting up pipx (0.12.3.1-2ubuntu1) ...
$ pipx install git+https://github.com/blacklanternsecurity/baddns
Package cannot be a url
I realized the format is errant. I also realized i needed python3-venv
$ sudo apt update
$ sudo apt install python3-venv --fix-missing
$ pipx install --index-url git+https://github.com/blacklanternsecurity/baddns baddns
You can also just use pip3 to install
$ pip3 install baddns
WARNING: Skipping /home/linuxbrew/.linuxbrew/opt/python@3.11/lib/python3.11/site-packages/packaging-24.1.dist-info due to invalid metadata entry 'name'
WARNING: Skipping /home/linuxbrew/.linuxbrew/opt/python@3.11/lib/python3.11/site-packages/packaging-24.1.dist-info due to invalid metadata entry 'name'
Collecting baddns
Downloading baddns-1.9.132-py3-none-any.whl.metadata (5.1 kB)
Collecting colorama<0.5.0,>=0.4.6 (from baddns)
Downloading colorama-0.4.6-py2.py3-none-any.whl.metadata (17 kB)
Collecting dnspython<3.0.0,>=2.4.2 (from baddns)
Downloading dnspython-2.7.0-py3-none-any.whl.metadata (5.8 kB)
Collecting httpx<0.29.0,>=0.27.0 (from baddns)
Downloading httpx-0.28.1-py3-none-any.whl.metadata (7.1 kB)
Collecting python-dateutil==2.9.0.post0 (from baddns)
Downloading python_dateutil-2.9.0.post0-py2.py3-none-any.whl.metadata (8.4 kB)
Collecting python-whois<0.10.0,>=0.9.5 (from baddns)
Downloading python_whois-0.9.5-py3-none-any.whl.metadata (2.6 kB)
Collecting pyyaml<7.0.0,>=6.0.1 (from baddns)
Downloading PyYAML-6.0.2-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl.metadata (2.1 kB)
Collecting tldextract<6.0.0,>=5.1.1 (from baddns)
Downloading tldextract-5.2.0-py3-none-any.whl.metadata (11 kB)
Collecting six>=1.5 (from python-dateutil==2.9.0.post0->baddns)
Downloading six-1.17.0-py2.py3-none-any.whl.metadata (1.7 kB)
Collecting anyio (from httpx<0.29.0,>=0.27.0->baddns)
Downloading anyio-4.9.0-py3-none-any.whl.metadata (4.7 kB)
Requirement already satisfied: certifi in /home/linuxbrew/.linuxbrew/opt/python@3.11/lib/python3.11/site-packages (from httpx<0.29.0,>=0.27.0->baddns) (2024.2.2)
Collecting httpcore==1.* (from httpx<0.29.0,>=0.27.0->baddns)
Downloading httpcore-1.0.8-py3-none-any.whl.metadata (21 kB)
Requirement already satisfied: idna in /home/linuxbrew/.linuxbrew/opt/python@3.11/lib/python3.11/site-packages (from httpx<0.29.0,>=0.27.0->baddns) (3.7)
Requirement already satisfied: h11<0.15,>=0.13 in /home/linuxbrew/.linuxbrew/opt/python@3.11/lib/python3.11/site-packages (from httpcore==1.*->httpx<0.29.0,>=0.27.0->baddns) (0.14.0)
Requirement already satisfied: requests>=2.1.0 in /home/linuxbrew/.linuxbrew/opt/python@3.11/lib/python3.11/site-packages (from tldextract<6.0.0,>=5.1.1->baddns) (2.28.2)
Collecting requests-file>=1.4 (from tldextract<6.0.0,>=5.1.1->baddns)
Downloading requests_file-2.1.0-py2.py3-none-any.whl.metadata (1.7 kB)
Collecting filelock>=3.0.8 (from tldextract<6.0.0,>=5.1.1->baddns)
Downloading filelock-3.18.0-py3-none-any.whl.metadata (2.9 kB)
Requirement already satisfied: charset-normalizer<4,>=2 in /home/linuxbrew/.linuxbrew/opt/python@3.11/lib/python3.11/site-packages (from requests>=2.1.0->tldextract<6.0.0,>=5.1.1->baddns) (3.3.2)
Requirement already satisfied: urllib3<1.27,>=1.21.1 in /home/linuxbrew/.linuxbrew/opt/python@3.11/lib/python3.11/site-packages (from requests>=2.1.0->tldextract<6.0.0,>=5.1.1->baddns) (1.26.18)
Requirement already satisfied: sniffio>=1.1 in /home/linuxbrew/.linuxbrew/opt/python@3.11/lib/python3.11/site-packages (from anyio->httpx<0.29.0,>=0.27.0->baddns) (1.3.1)
Collecting typing_extensions>=4.5 (from anyio->httpx<0.29.0,>=0.27.0->baddns)
Downloading typing_extensions-4.13.2-py3-none-any.whl.metadata (3.0 kB)
Downloading baddns-1.9.132-py3-none-any.whl (95 kB)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 95.6/95.6 kB 3.3 MB/s eta 0:00:00
Downloading python_dateutil-2.9.0.post0-py2.py3-none-any.whl (229 kB)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 229.9/229.9 kB 7.2 MB/s eta 0:00:00
Downloading colorama-0.4.6-py2.py3-none-any.whl (25 kB)
Downloading dnspython-2.7.0-py3-none-any.whl (313 kB)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 313.6/313.6 kB 23.0 MB/s eta 0:00:00
Downloading httpx-0.28.1-py3-none-any.whl (73 kB)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 73.5/73.5 kB 8.5 MB/s eta 0:00:00
Downloading httpcore-1.0.8-py3-none-any.whl (78 kB)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 78.7/78.7 kB 8.9 MB/s eta 0:00:00
Downloading python_whois-0.9.5-py3-none-any.whl (104 kB)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 104.2/104.2 kB 11.0 MB/s eta 0:00:00
Downloading PyYAML-6.0.2-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (762 kB)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 763.0/763.0 kB 26.2 MB/s eta 0:00:00
Downloading tldextract-5.2.0-py3-none-any.whl (106 kB)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 106.3/106.3 kB 12.7 MB/s eta 0:00:00
Downloading filelock-3.18.0-py3-none-any.whl (16 kB)
Downloading requests_file-2.1.0-py2.py3-none-any.whl (4.2 kB)
Downloading six-1.17.0-py2.py3-none-any.whl (11 kB)
Downloading anyio-4.9.0-py3-none-any.whl (100 kB)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 100.9/100.9 kB 10.0 MB/s eta 0:00:00
Downloading typing_extensions-4.13.2-py3-none-any.whl (45 kB)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 45.8/45.8 kB 4.4 MB/s eta 0:00:00
WARNING: Skipping /home/linuxbrew/.linuxbrew/opt/python@3.11/lib/python3.11/site-packages/packaging-24.1.dist-info due to invalid metadata entry 'name'
Installing collected packages: typing_extensions, six, pyyaml, httpcore, filelock, dnspython, colorama, requests-file, python-dateutil, anyio, tldextract, python-whois, httpx, baddns
Attempting uninstall: pyyaml
WARNING: Skipping /home/linuxbrew/.linuxbrew/opt/python@3.11/lib/python3.11/site-packages/packaging-24.1.dist-info due to invalid metadata entry 'name'
Found existing installation: PyYAML 6.0
Uninstalling PyYAML-6.0:
Successfully uninstalled PyYAML-6.0
WARNING: Skipping /home/linuxbrew/.linuxbrew/lib/python3.11/site-packages/packaging-24.1.dist-info due to invalid metadata entry 'name'
WARNING: Skipping /home/linuxbrew/.linuxbrew/lib/python3.11/site-packages/packaging-24.1.dist-info due to invalid metadata entry 'name'
WARNING: Skipping /home/linuxbrew/.linuxbrew/lib/python3.11/site-packages/packaging-24.1.dist-info due to invalid metadata entry 'name'
WARNING: Skipping /home/linuxbrew/.linuxbrew/lib/python3.11/site-packages/packaging-24.1.dist-info due to invalid metadata entry 'name'
WARNING: Skipping /home/linuxbrew/.linuxbrew/lib/python3.11/site-packages/packaging-24.1.dist-info due to invalid metadata entry 'name'
WARNING: Skipping /home/linuxbrew/.linuxbrew/lib/python3.11/site-packages/packaging-24.1.dist-info due to invalid metadata entry 'name'
WARNING: Skipping /home/linuxbrew/.linuxbrew/lib/python3.11/site-packages/packaging-24.1.dist-info due to invalid metadata entry 'name'
WARNING: Skipping /home/linuxbrew/.linuxbrew/lib/python3.11/site-packages/packaging-24.1.dist-info due to invalid metadata entry 'name'
WARNING: Skipping /home/linuxbrew/.linuxbrew/lib/python3.11/site-packages/packaging-24.1.dist-info due to invalid metadata entry 'name'
WARNING: Skipping /home/linuxbrew/.linuxbrew/lib/python3.11/site-packages/packaging-24.1.dist-info due to invalid metadata entry 'name'
WARNING: Skipping /home/linuxbrew/.linuxbrew/lib/python3.11/site-packages/packaging-24.1.dist-info due to invalid metadata entry 'name'
WARNING: Skipping /home/linuxbrew/.linuxbrew/lib/python3.11/site-packages/packaging-24.1.dist-info due to invalid metadata entry 'name'
WARNING: Skipping /home/linuxbrew/.linuxbrew/lib/python3.11/site-packages/packaging-24.1.dist-info due to invalid metadata entry 'name'
WARNING: Skipping /home/linuxbrew/.linuxbrew/lib/python3.11/site-packages/packaging-24.1.dist-info due to invalid metadata entry 'name'
Successfully installed anyio-4.9.0 baddns-1.9.132 colorama-0.4.6 dnspython-2.7.0 filelock-3.18.0 httpcore-1.0.8 httpx-0.28.1 python-dateutil-2.9.0.post0 python-whois-0.9.5 pyyaml-6.0.2 requests-file-2.1.0 six-1.17.0 tldextract-5.2.0 typing_extensions-4.13.2
WARNING: Skipping /home/linuxbrew/.linuxbrew/opt/python@3.11/lib/python3.11/site-packages/packaging-24.1.dist-info due to invalid metadata entry 'name'
WARNING: Skipping /home/linuxbrew/.linuxbrew/opt/python@3.11/lib/python3.11/site-packages/packaging-24.1.dist-info due to invalid metadata entry 'name'
WARNING: Skipping /home/linuxbrew/.linuxbrew/opt/python@3.11/lib/python3.11/site-packages/packaging-24.1.dist-info due to invalid metadata entry 'name'
[notice] A new release of pip is available: 23.3.1 -> 25.0.1
[notice] To update, run: python3.11 -m pip install --upgrade pip
I can now run bare to see it is installed
\wsl.localhost\Ubuntu\home\builder\Workspaces\jekyll-blog\content\images\2025\04\baddns-01.png
I can now try some of the modules
$ baddns -m CNAME,NS tpk.pw
__ ) | |
__ \ _` | _` | _` | __ \ __|
| | ( | ( | ( | | | \__ \
____/ \__,_| \__,_| \__,_| _| _| ____/
Version - 1.9.132
Starting [CNAME] module with target [tpk.pw]
No CNAME Found :/
Starting [NS] module with target [tpk.pw]
We can see all the modules available with -l
$ baddns -l
__ ) | |
__ \ _` | _` | _` | __ \ __|
| | ( | ( | ( | | | \__ \
____/ \__,_| \__,_| \__,_| _| _| ____/
Version - 1.9.132
Available Modules:
[CNAME] - Check for dangling CNAME records and interrogate them for subdomain takeover opportunities
[references] - Check HTML content for links or other references that contain a hijackable domain
[zonetransfer] - Attempt a DNS zone transfer
[TXT] - Check TXT record contents for hijackable domains
[NSEC] - Enumerate subdomains by NSEC-walking
[MX] - Check for dangling MX records and assess their base domains for availability
[NS] - Check for dangling NS records, and interrogate them for takeover opportunities
I’ll try all but zonetransfer:
$ baddns -m CNAME,references,TXT,NSEC,MX,NS tpk.pw
__ ) | |
__ \ _` | _` | _` | __ \ __|
| | ( | ( | ( | | | \__ \
____/ \__,_| \__,_| \__,_| _| _| ____/
Version - 1.9.132
Starting [CNAME] module with target [tpk.pw]
No CNAME Found :/
Starting [references] module with target [tpk.pw]
Starting [TXT] module with target [tpk.pw]
Starting [NSEC] module with target [tpk.pw]
Starting [MX] module with target [tpk.pw]
Starting [NS] module with target [tpk.pw]
Let’s try a trash domain i have that is unused
$ baddns -m CNAME,references,TXT,NSEC,MX,NS,zonetransfer axnhywnqb2huc29u.art
__ ) | |
__ \ _` | _` | _` | __ \ __|
| | ( | ( | ( | | | \__ \
____/ \__,_| \__,_| \__,_| _| _| ____/
Version - 1.9.132
Starting [CNAME] module with target [axnhywnqb2huc29u.art]
No CNAME Found :/
Starting [references] module with target [axnhywnqb2huc29u.art]
Starting [zonetransfer] module with target [axnhywnqb2huc29u.art]
Starting [TXT] module with target [axnhywnqb2huc29u.art]
Starting [NSEC] module with target [axnhywnqb2huc29u.art]
Starting [MX] module with target [axnhywnqb2huc29u.art]
Starting [NS] module with target [axnhywnqb2huc29u.art]
If we want to see more logs, we can do so
$ baddns -d -m CNAME,references,TXT,NSEC,MX,NS,zonetransfer axnhywnqb2huc29u.
art
__ ) | |
__ \ _` | _` | _` | __ \ __|
| | ( | ( | ( | | | \__ \
____/ \__,_| \__,_| \__,_| _| _| ____/
Version - 1.9.132
[DEBUG] attempting to load signatures from: /home/linuxbrew/.linuxbrew/opt/python@3.11/lib/python3.11/site-packages/baddns/signatures
[DEBUG] Loaded [106] signatures from [/home/linuxbrew/.linuxbrew/opt/python@3.11/lib/python3.11/site-packages/baddns/signatures]
Starting [CNAME] module with target [axnhywnqb2huc29u.art]
[DEBUG] attempting to resolve axnhywnqb2huc29u.art
[DEBUG] dispatching DNS with the following nameservers: 10.255.255.254
[DEBUG] encountered error with dns_client.resolve(): The DNS response does not contain an answer to the question: axnhywnqb2huc29u.art. IN AAAA
[DEBUG] encountered error with dns_client.resolve(): The DNS response does not contain an answer to the question: axnhywnqb2huc29u.art. IN MX
[DEBUG] encountered error with dns_client.resolve(): The DNS response does not contain an answer to the question: axnhywnqb2huc29u.art. IN TXT
[DEBUG] Found IPV4 address: 3.166.118.39
[DEBUG] Found IPV4 address: 3.166.118.69
[DEBUG] Found IPV4 address: 3.166.118.125
[DEBUG] Found IPV4 address: 3.166.118.101
[DEBUG] encountered error with dns_client.resolve(): The DNS response does not contain an answer to the question: axnhywnqb2huc29u.art. IN NSEC
[DEBUG] encountered error with dns_client.resolve(): The DNS response does not contain an answer to the question: axnhywnqb2huc29u.art. IN CNAME
No CNAME Found :/
Starting [references] module with target [axnhywnqb2huc29u.art]
[DEBUG] in references dispatch
[DEBUG] Ready to make request to URL: http://axnhywnqb2huc29u.art/
[DEBUG] Ready to make request to URL: https://axnhywnqb2huc29u.art/
[DEBUG] HTTP dispatch complete
[DEBUG] Starting to parse headers
[DEBUG] Formatted headers string: server: CloudFront|date: Sat, 19 Apr 2025 13:20:36 GMT|content-type: text/html|content-length: 167|connection: keep-alive|location: https://axnhywnqb2huc29u.art/|x-cache: Redirect from cloudfront|via: 1.1 b8649fbd0c170fafec6916ea180929f8.cloudfront.net (CloudFront)|x-amz-cf-pop: MSP50-P3|alt-svc: h3=":443"; ma=86400|x-amz-cf-id: kxAEaqgd9IL2Qjklis-CIOETzc-ebSQLfshWzGL7Qu85NGESCf0iLg==
[DEBUG] Searching for Content-Security-Policy in headers...
[DEBUG] Content-Security-Policy header not found.
[DEBUG] Searching for Access-Control-Allow-Origin in headers...
[DEBUG] Access-Control-Allow-Origin header not found.
[DEBUG] Completed parsing headers. Total results: 0
[DEBUG] Starting to parse body content for JS and CSS sources...
[DEBUG] Looking for JS includes...
[DEBUG] Looking for CSS includes...
[DEBUG] Completed parsing body content. Total results: 0
[DEBUG] Starting to parse headers
[DEBUG] Formatted headers string: content-length: 0|connection: keep-alive|date: Sat, 19 Apr 2025 13:20:36 GMT|www-authenticate: Basic realm="Login"|x-cache: Error from cloudfront|via: 1.1 4ce240d68333f793046f933d1c12465e.cloudfront.net (CloudFront)|x-amz-cf-pop: MSP50-P3|alt-svc: h3=":443"; ma=86400|x-amz-cf-id: dHcM9xuw8iA-kaBfyYJeSaZOiymxy4YgK1bznFZ_ZZirirc84AU53w==
[DEBUG] Searching for Content-Security-Policy in headers...
[DEBUG] Content-Security-Policy header not found.
[DEBUG] Searching for Access-Control-Allow-Origin in headers...
[DEBUG] Access-Control-Allow-Origin header not found.
[DEBUG] Completed parsing headers. Total results: 0
[DEBUG] Starting to parse body content for JS and CSS sources...
[DEBUG] Looking for JS includes...
[DEBUG] Looking for CSS includes...
[DEBUG] Completed parsing body content. Total results: 0
[DEBUG] in references analyze
[DEBUG] HTTP client closed successfully.
[DEBUG] HTTP Manager cleaned up successfully.
Starting [zonetransfer] module with target [axnhywnqb2huc29u.art]
[DEBUG] attempting to resolve axnhywnqb2huc29u.art
[DEBUG] dispatching DNS with the following nameservers: 10.255.255.254
[DEBUG] Attempting Zone Transfer against NS [ns-141.awsdns-17.com] for target [axnhywnqb2huc29u.art]
[DEBUG] Found IPV4 address: 205.251.192.141
[DEBUG] resolved nameserver [ns-141.awsdns-17.com] ip: [205.251.192.141]
[DEBUG] ConnectionResetError attempting zone transfer
[DEBUG] Attempting Zone Transfer against NS [ns-1593.awsdns-07.co.uk] for target [axnhywnqb2huc29u.art]
[DEBUG] Found IPV4 address: 205.251.198.57
[DEBUG] resolved nameserver [ns-1593.awsdns-07.co.uk] ip: [205.251.198.57]
[DEBUG] ConnectionResetError attempting zone transfer
[DEBUG] Attempting Zone Transfer against NS [ns-802.awsdns-36.net] for target [axnhywnqb2huc29u.art]
[DEBUG] Found IPV4 address: 205.251.195.34
[DEBUG] resolved nameserver [ns-802.awsdns-36.net] ip: [205.251.195.34]
[DEBUG] ConnectionResetError attempting zone transfer
[DEBUG] Attempting Zone Transfer against NS [ns-1205.awsdns-22.org] for target [axnhywnqb2huc29u.art]
[DEBUG] Found IPV4 address: 205.251.196.181
[DEBUG] resolved nameserver [ns-1205.awsdns-22.org] ip: [205.251.196.181]
[DEBUG] ConnectionResetError attempting zone transfer
Starting [TXT] module with target [axnhywnqb2huc29u.art]
[DEBUG] attempting to resolve axnhywnqb2huc29u.art
[DEBUG] dispatching DNS with the following nameservers: 10.255.255.254
[DEBUG] encountered error with dns_client.resolve(): The DNS response does not contain an answer to the question: axnhywnqb2huc29u.art. IN TXT
[DEBUG] No TXT records found, aborting
[DEBUG] HTTP client closed successfully.
[DEBUG] HTTP Manager cleaned up successfully.
Starting [NSEC] module with target [axnhywnqb2huc29u.art]
[DEBUG] in dispatch
[DEBUG] attempting to resolve axnhywnqb2huc29u.art
[DEBUG] dispatching DNS with the following nameservers: 10.255.255.254
[DEBUG] encountered error with dns_client.resolve(): The DNS response does not contain an answer to the question: axnhywnqb2huc29u.art. IN NSEC
[DEBUG] No NSEC records found, aborting
Starting [MX] module with target [axnhywnqb2huc29u.art]
[DEBUG] attempting to resolve axnhywnqb2huc29u.art
[DEBUG] dispatching DNS with the following nameservers: 10.255.255.254
[DEBUG] encountered error with dns_client.resolve(): The DNS response does not contain an answer to the question: axnhywnqb2huc29u.art. IN MX
[DEBUG] No MX records found, aborting
Starting [NS] module with target [axnhywnqb2huc29u.art]
[DEBUG] attempting to resolve axnhywnqb2huc29u.art
[DEBUG] dispatching DNS with the following nameservers: 10.255.255.254
[DEBUG] Found IPV4 address: 3.166.118.69
[DEBUG] Found IPV4 address: 3.166.118.39
[DEBUG] Found IPV4 address: 3.166.118.125
[DEBUG] Found IPV4 address: 3.166.118.101
[DEBUG] encountered error with dns_client.resolve(): The DNS response does not contain an answer to the question: axnhywnqb2huc29u.art. IN AAAA
[DEBUG] encountered error with dns_client.resolve(): The DNS response does not contain an answer to the question: axnhywnqb2huc29u.art. IN TXT
[DEBUG] encountered error with dns_client.resolve(): The DNS response does not contain an answer to the question: axnhywnqb2huc29u.art. IN MX
[DEBUG] encountered error with dns_client.resolve(): The DNS response does not contain an answer to the question: axnhywnqb2huc29u.art. IN CNAME
[DEBUG] encountered error with dns_client.resolve(): The DNS response does not contain an answer to the question: axnhywnqb2huc29u.art. IN NSEC
[DEBUG] attempting to resolve axnhywnqb2huc29u.art
[DEBUG] dispatching DNS with the following nameservers: 10.255.255.254
[DEBUG] Found IPV4 address: 3.166.118.39
[DEBUG] Found IPV4 address: 3.166.118.69
[DEBUG] Found IPV4 address: 3.166.118.125
[DEBUG] Found IPV4 address: 3.166.118.101
[DEBUG] encountered error with dns_client.resolve(): The DNS response does not contain an answer to the question: axnhywnqb2huc29u.art. IN MX
[DEBUG] encountered error with dns_client.resolve(): The DNS response does not contain an answer to the question: axnhywnqb2huc29u.art. IN AAAA
[DEBUG] encountered error with dns_client.resolve(): The DNS response does not contain an answer to the question: axnhywnqb2huc29u.art. IN NSEC
[DEBUG] encountered error with dns_client.resolve(): The DNS response does not contain an answer to the question: axnhywnqb2huc29u.art. IN TXT
[DEBUG] Attempting to find NS records for axnhywnqb2huc29u.art
[DEBUG] Recursive instance: nameserver_ips [198.41.0.4 199.9.14.201 192.33.4.12 199.7.91.13 192.203.230.10 192.5.5.241 192.112.36.4 198.97.190.53 192.36.148.17 192.58.128.30 193.0.14.129 199.7.83.42 202.12.27.33] target [axnhywnqb2huc29u.art] at depth 0
[DEBUG] Asking nameserver [199.9.14.201] NS records on axnhywnqb2huc29u.art
[DEBUG] raw_query_with_retry: Had to fall back to TCP
[DEBUG] Got response message: 'id 42107\nopcode QUERY\nrcode NOERROR\nflags QR RD\n;QUESTION\naxnhywnqb2huc29u.art. IN NS\n;ANSWER\n;AUTHORITY\nart. 172800 IN NS a.nic.art.\nart. 172800 IN NS b.nic.art.\nart. 172800 IN NS c.nic.art.\nart. 172800 IN NS d.nic.art.\n;ADDITIONAL\na.nic.art. 172800 IN A 194.169.218.49\na.nic.art. 172800 IN AAAA 2001:67c:13cc::1:49\nb.nic.art. 172800 IN A 185.24.64.49\nb.nic.art. 172800 IN AAAA 2a04:2b00:13cc::1:49\nc.nic.art. 172800 IN A 212.18.248.49\nc.nic.art. 172800 IN AAAA 2a04:2b00:13ee::49\nd.nic.art. 172800 IN A 212.18.249.49\nd.nic.art. 172800 IN AAAA 2a04:2b00:13ff::49'
[DEBUG] Server [199.9.14.201] responded with authority section
[DEBUG] Received NS record for [a.nic.art]
[DEBUG] Found IPV4 address: 194.169.218.49
[DEBUG] Resolved [a.nic.art] to ip(s) [194.169.218.49]
[DEBUG] Adding a.nic.art to temp results list, pending deeper results
[DEBUG] Received NS record for [b.nic.art]
[DEBUG] Found IPV4 address: 185.24.64.49
[DEBUG] Resolved [b.nic.art] to ip(s) [185.24.64.49]
[DEBUG] Adding b.nic.art to temp results list, pending deeper results
[DEBUG] Received NS record for [c.nic.art]
[DEBUG] Found IPV4 address: 212.18.248.49
[DEBUG] Resolved [c.nic.art] to ip(s) [212.18.248.49]
[DEBUG] Adding c.nic.art to temp results list, pending deeper results
[DEBUG] Received NS record for [d.nic.art]
[DEBUG] Found IPV4 address: 212.18.249.49
[DEBUG] Resolved [d.nic.art] to ip(s) [212.18.249.49]
[DEBUG] Adding d.nic.art to temp results list, pending deeper results
[DEBUG] Resolvable authority results were found. Recursing deeper
[DEBUG] Recursive instance: nameserver_ips [185.24.64.49 194.169.218.49 212.18.249.49 212.18.248.49] target [axnhywnqb2huc29u.art] at depth 1
[DEBUG] Asking nameserver [194.169.218.49] NS records on axnhywnqb2huc29u.art
[DEBUG] raw_query_with_retry: Had to fall back to TCP
[DEBUG] Got response message: 'id 50400\nopcode QUERY\nrcode NOERROR\nflags QR RD\n;QUESTION\naxnhywnqb2huc29u.art. IN NS\n;ANSWER\n;AUTHORITY\naxnhywnqb2huc29u.art. 3600 IN NS ns-141.awsdns-17.com.\naxnhywnqb2huc29u.art. 3600 IN NS ns-802.awsdns-36.net.\naxnhywnqb2huc29u.art. 3600 IN NS ns-1205.awsdns-22.org.\naxnhywnqb2huc29u.art. 3600 IN NS ns-1593.awsdns-07.co.uk.\n;ADDITIONAL'
[DEBUG] Server [194.169.218.49] responded with authority section
[DEBUG] Received NS record for [ns-141.awsdns-17.com]
[DEBUG] Found IPV4 address: 205.251.192.141
[DEBUG] Resolved [ns-141.awsdns-17.com] to ip(s) [205.251.192.141]
[DEBUG] Adding ns-141.awsdns-17.com to temp results list, pending deeper results
[DEBUG] Received NS record for [ns-802.awsdns-36.net]
[DEBUG] Found IPV4 address: 205.251.195.34
[DEBUG] Resolved [ns-802.awsdns-36.net] to ip(s) [205.251.195.34]
[DEBUG] Adding ns-802.awsdns-36.net to temp results list, pending deeper results
[DEBUG] Received NS record for [ns-1205.awsdns-22.org]
[DEBUG] Found IPV4 address: 205.251.196.181
[DEBUG] Resolved [ns-1205.awsdns-22.org] to ip(s) [205.251.196.181]
[DEBUG] Adding ns-1205.awsdns-22.org to temp results list, pending deeper results
[DEBUG] Received NS record for [ns-1593.awsdns-07.co.uk]
[DEBUG] Found IPV4 address: 205.251.198.57
[DEBUG] Resolved [ns-1593.awsdns-07.co.uk] to ip(s) [205.251.198.57]
[DEBUG] Adding ns-1593.awsdns-07.co.uk to temp results list, pending deeper results
[DEBUG] Resolvable authority results were found. Recursing deeper
[DEBUG] Recursive instance: nameserver_ips [205.251.192.141 205.251.196.181 205.251.195.34 205.251.198.57] target [axnhywnqb2huc29u.art] at depth 2
[DEBUG] Asking nameserver [205.251.195.34] NS records on axnhywnqb2huc29u.art
[DEBUG] raw_query_with_retry: Had to fall back to TCP
[DEBUG] Got response message: 'id 28225\nopcode QUERY\nrcode NOERROR\nflags QR AA RD\n;QUESTION\naxnhywnqb2huc29u.art. IN NS\n;ANSWER\naxnhywnqb2huc29u.art. 172800 IN NS ns-1205.awsdns-22.org.\naxnhywnqb2huc29u.art. 172800 IN NS ns-141.awsdns-17.com.\naxnhywnqb2huc29u.art. 172800 IN NS ns-1593.awsdns-07.co.uk.\naxnhywnqb2huc29u.art. 172800 IN NS ns-802.awsdns-36.net.\n;AUTHORITY\n;ADDITIONAL'
[DEBUG] No Authority section was found. Checking for answers section...
[DEBUG] Found answer section!
[DEBUG] adding ns-1205.awsdns-22.org to results list
[DEBUG] adding ns-141.awsdns-17.com to results list
[DEBUG] adding ns-1593.awsdns-07.co.uk to results list
[DEBUG] adding ns-802.awsdns-36.net to results list
[DEBUG] Moving on to next nameserver at current recurse level
[DEBUG] Asking nameserver [205.251.196.181] NS records on axnhywnqb2huc29u.art
[DEBUG] raw_query_with_retry: Had to fall back to TCP
[DEBUG] Got response message: 'id 46593\nopcode QUERY\nrcode NOERROR\nflags QR AA RD\n;QUESTION\naxnhywnqb2huc29u.art. IN NS\n;ANSWER\naxnhywnqb2huc29u.art. 172800 IN NS ns-1205.awsdns-22.org.\naxnhywnqb2huc29u.art. 172800 IN NS ns-141.awsdns-17.com.\naxnhywnqb2huc29u.art. 172800 IN NS ns-1593.awsdns-07.co.uk.\naxnhywnqb2huc29u.art. 172800 IN NS ns-802.awsdns-36.net.\n;AUTHORITY\n;ADDITIONAL'
[DEBUG] No Authority section was found. Checking for answers section...
[DEBUG] Found answer section!
[DEBUG] adding ns-1205.awsdns-22.org to results list
[DEBUG] adding ns-141.awsdns-17.com to results list
[DEBUG] adding ns-1593.awsdns-07.co.uk to results list
[DEBUG] adding ns-802.awsdns-36.net to results list
[DEBUG] Moving on to next nameserver at current recurse level
[DEBUG] Asking nameserver [205.251.192.141] NS records on axnhywnqb2huc29u.art
[DEBUG] raw_query_with_retry: Had to fall back to TCP
[DEBUG] Got response message: 'id 9821\nopcode QUERY\nrcode NOERROR\nflags QR AA RD\n;QUESTION\naxnhywnqb2huc29u.art. IN NS\n;ANSWER\naxnhywnqb2huc29u.art. 172800 IN NS ns-1205.awsdns-22.org.\naxnhywnqb2huc29u.art. 172800 IN NS ns-141.awsdns-17.com.\naxnhywnqb2huc29u.art. 172800 IN NS ns-1593.awsdns-07.co.uk.\naxnhywnqb2huc29u.art. 172800 IN NS ns-802.awsdns-36.net.\n;AUTHORITY\n;ADDITIONAL'
[DEBUG] No Authority section was found. Checking for answers section...
[DEBUG] Found answer section!
[DEBUG] adding ns-1205.awsdns-22.org to results list
[DEBUG] adding ns-141.awsdns-17.com to results list
[DEBUG] adding ns-1593.awsdns-07.co.uk to results list
[DEBUG] adding ns-802.awsdns-36.net to results list
[DEBUG] Moving on to next nameserver at current recurse level
[DEBUG] Asking nameserver [205.251.198.57] NS records on axnhywnqb2huc29u.art
[DEBUG] raw_query_with_retry: Had to fall back to TCP
[DEBUG] Got response message: 'id 14111\nopcode QUERY\nrcode NOERROR\nflags QR AA RD\n;QUESTION\naxnhywnqb2huc29u.art. IN NS\n;ANSWER\naxnhywnqb2huc29u.art. 172800 IN NS ns-1205.awsdns-22.org.\naxnhywnqb2huc29u.art. 172800 IN NS ns-141.awsdns-17.com.\naxnhywnqb2huc29u.art. 172800 IN NS ns-1593.awsdns-07.co.uk.\naxnhywnqb2huc29u.art. 172800 IN NS ns-802.awsdns-36.net.\n;AUTHORITY\n;ADDITIONAL'
[DEBUG] No Authority section was found. Checking for answers section...
[DEBUG] Found answer section!
[DEBUG] adding ns-1205.awsdns-22.org to results list
[DEBUG] adding ns-141.awsdns-17.com to results list
[DEBUG] adding ns-1593.awsdns-07.co.uk to results list
[DEBUG] adding ns-802.awsdns-36.net to results list
[DEBUG] Moving on to next nameserver at current recurse level
[DEBUG] Exhausted entire list of nameservers. Returning any results found.
[DEBUG] Results were returned from downstream recurse. Forwarding the results up the stack.
[DEBUG] Results were returned from downstream recurse. Forwarding the results up the stack.
[DEBUG] Found the following name servers: ['ns-802.awsdns-36.net', 'ns-141.awsdns-17.com', 'ns-1593.awsdns-07.co.uk', 'ns-1205.awsdns-22.org']
[DEBUG] Staring analysis
[DEBUG] Nameserver(s) found. Continuing...
I tried a few of my domain names. The first time I saw anything was with steeped.site
$ baddns -m CNAME,references,TXT,NSEC,MX,NS steeped.site
__ ) | |
__ \ _` | _` | _` | __ \ __|
| | ( | ( | ( | | | \__ \
____/ \__,_| \__,_| \__,_| _| _| ____/
Version - 1.9.132
Starting [CNAME] module with target [steeped.site]
No CNAME Found :/
Starting [references] module with target [steeped.site]
Starting [TXT] module with target [steeped.site]
Found host [_mailcust.gandi.net] in TXT record [v=spf1 include:_mailcust.gandi.net ?all] and analyzing with CNAME module
Starting [NSEC] module with target [steeped.site]
Starting [MX] module with target [steeped.site]
Starting [NS] module with target [steeped.site]
This alerted me to the fact the MX (mail server) was directed to gandi.net. This is actually desired but good that it noticed the domain mismatch in case someone was hijacking my mail.
I gave one last check using the Google DNS server and a subdomain - all was well
$ baddns -n 8.8.8.8 -m CNAME,references,TXT,NSEC,MX,NS harbor.freshbrewed.sci
ence
__ ) | |
__ \ _` | _` | _` | __ \ __|
| | ( | ( | ( | | | \__ \
____/ \__,_| \__,_| \__,_| _| _| ____/
Version - 1.9.132
Using custom nameservers: [8.8.8.8]
Starting [CNAME] module with target [harbor.freshbrewed.science]
No CNAME Found :/
Starting [references] module with target [harbor.freshbrewed.science]
Starting [TXT] module with target [harbor.freshbrewed.science]
Starting [NSEC] module with target [harbor.freshbrewed.science]
Starting [MX] module with target [harbor.freshbrewed.science]
Starting [NS] module with target [harbor.freshbrewed.science]
There are few domains of which I was curious. For instance, we can see clearcareonline.com has some TXT records used for SPF (Sender Policy Framework) to authorize some third party mail senders
$ baddns -n 8.8.8.8 -m CNAME,references,TXT,NSEC,MX,NS clearcareonline.com
__ ) | |
__ \ _` | _` | _` | __ \ __|
| | ( | ( | ( | | | \__ \
____/ \__,_| \__,_| \__,_| _| _| ____/
Version - 1.9.132
Using custom nameservers: [8.8.8.8]
Starting [CNAME] module with target [clearcareonline.com]
No CNAME Found :/
Starting [references] module with target [clearcareonline.com]
Starting [TXT] module with target [clearcareonline.com]
Found host [sendgrid.net] in TXT record [v=spf1 include:sendgrid.net include:amazonses.com include:mktomail.com include:spf.protection.outlook.com ~all] and analyzing with CNAME module
Found host [amazonses.com] in TXT record [v=spf1 include:sendgrid.net include:amazonses.com include:mktomail.com include:spf.protection.outlook.com ~all] and analyzing with CNAME module
Found host [mktomail.com] in TXT record [v=spf1 include:sendgrid.net include:amazonses.com include:mktomail.com include:spf.protection.outlook.com ~all] and analyzing with CNAME module
Found host [spf.protection.outlook.com] in TXT record [v=spf1 include:sendgrid.net include:amazonses.com include:mktomail.com include:spf.protection.outlook.com ~all] and analyzing with CNAME module
Starting [NSEC] module with target [clearcareonline.com]
Starting [MX] module with target [clearcareonline.com]
Starting [NS] module with target [clearcareonline.com]
BBOT
I noted from the docs of BadDNS that it was also a submodule of BBOT, “Bighuge BLS OSINT Tool”. BBOT comes from the Black Lantern Security Organization.
I had some troubles getting BBOT installed on my older Focal WSL instance, so I moved to a newer linux host
builder@bosgamerz7:~$ pipx install bbot
installed package bbot 2.4.1, installed using Python 3.10.12
These apps are now globally available
- bbot
⚠️ Note: '/home/builder/.local/bin' is not on your PATH environment variable. These apps will not be globally
accessible until your PATH is updated. Run `pipx ensurepath` to automatically add it, or manually modify your PATH
in your shell's config file (i.e. ~/.bashrc).
done! ✨ 🌟 ✨
While I did do the ensurepath option
builder@bosgamerz7:~$ pipx ensurepath
Success! Added /home/builder/.local/bin to the PATH environment variable.
Consider adding shell completions for pipx. Run 'pipx completions' for instructions.
You will need to open a new terminal or re-login for the PATH changes to take effect.
Otherwise pipx is ready to go! ✨ 🌟 ✨
I did just modify my PATH env var locally so I could move forward without relogging in
builder@bosgamerz7:~$ export PATH=/home/builder/.local/bin:$PATH
builder@bosgamerz7:~$ bbot -t tpk.pw -p spider
______ _____ ____ _______
| ___ \| __ \ / __ \__ __|
| |___) | |__) | | | | | |
| ___ <| __ <| | | | | |
| |___) | |__) | |__| | | |
|______/|_____/ \____/ |_|
BIGHUGE BLS OSINT TOOL v2.4.1
www.blacklanternsecurity.com/bbot
[INFO] Creating BBOT config at /home/builder/.config/bbot/bbot.yml
[INFO] Creating BBOT secrets at /home/builder/.config/bbot/secrets.yml
[INFO] Scan seeded with 1 targets (1 in whitelist, 1 in blacklist)
[INFO] Installing Ansible Community General Collection
[INFO] Successfully installed Ansible Community General Collection
[INFO] Installing core BBOT dependencies: 7z,curl,gcc,git,make
[INFO] Installing module dependencies. Please be patient, this may take a while.
[INFO] Running 1 Ansible tasks for httpx
[INFO] Successfully ran 1 Ansible tasks for httpx
[INFO] Loaded 1/1 scan modules (httpx)
[INFO] Loaded 6/6 internal modules (aggregate,cloudcheck,dnsresolve,excavate,speculate,unarchive)
[INFO] Loaded 5/5 output modules, (csv,json,python,stdout,txt)
[INFO] internal.speculate: No portscanner enabled. Assuming open ports: 80, 443
[SUCC] Setup succeeded for 14/14 modules.
[SUCC] Scan ready. Press enter to execute molten_nicole
[SUCC] Starting scan molten_nicole
[SCAN] molten_nicole (SCAN:628032a1708a28883ef44d4ef723f5617ef21aef) TARGET
[DNS_NAME] tpk.pw TARGET (domain, in-scope, ns-record, soa-record, target)
[ORG_STUB] tpk speculate
[DNS_NAME] ns3-03.azure-dns.org NS (a-record, aaaa-record, affiliate, cloud-azure, cloud-domain, distance-1, subdomain)
[DNS_NAME] ns4-03.azure-dns.info NS (a-record, aaaa-record, affiliate, cloud-azure, cloud-domain, distance-1, subdomain)
[DNS_NAME] ns2-03.azure-dns.net NS (a-record, aaaa-record, affiliate, cloud-azure, cloud-domain, distance-1, subdomain)
[DNS_NAME] ns1-03.azure-dns.com SOA (a-record, aaaa-record, affiliate, cloud-azure, cloud-domain, distance-1, subdomain)
[DNS_NAME] ns1-03.azure-dns.com NS (a-record, aaaa-record, affiliate, cloud-azure, cloud-domain, distance-1, subdomain)
[INFO] Finishing scan
[SCAN] molten_nicole (SCAN:628032a1708a28883ef44d4ef723f5617ef21aef) TARGET
[INFO] aggregate: +------------+----------------+-----------------------------------+
[INFO] aggregate: | Module | Produced | Consumed |
[INFO] aggregate: +============+================+===================================+
[INFO] aggregate: | NS | 4 (4 DNS_NAME) | 0 |
[INFO] aggregate: +------------+----------------+-----------------------------------+
[INFO] aggregate: | speculate | 1 (1 ORG_STUB) | 5 (5 DNS_NAME) |
[INFO] aggregate: +------------+----------------+-----------------------------------+
[INFO] aggregate: | SOA | 1 (1 DNS_NAME) | 0 |
[INFO] aggregate: +------------+----------------+-----------------------------------+
[INFO] aggregate: | dnsresolve | 0 | 18 (10 DNS_NAME, 8 OPEN_TCP_PORT) |
[INFO] aggregate: +------------+----------------+-----------------------------------+
[INFO] aggregate: | cloudcheck | 0 | 14 (6 DNS_NAME, 8 OPEN_TCP_PORT) |
[INFO] aggregate: +------------+----------------+-----------------------------------+
[INFO] output.csv: Saved CSV output to /home/builder/.bbot/scans/molten_nicole/output.csv
[INFO] output.json: Saved JSON output to /home/builder/.bbot/scans/molten_nicole/output.json
[INFO] output.txt: Saved TXT output to /home/builder/.bbot/scans/molten_nicole/output.txt
[SUCC] Scan molten_nicole completed in 1 second with status FINISHED
\wsl.localhost\Ubuntu\home\builder\Workspaces\jekyll-blog\content\images\2025\04\bbot-01.png
Since the outputs of spider are in CSV, text and JSON, I can use JQ, for instance, to pull out the Nameservers
$ cat /home/builder/.bbot/scans/molten_nicole/output.json | jq " .host" | sort -u
"ns1-03.azure-dns.com"
"ns2-03.azure-dns.net"
"ns3-03.azure-dns.org"
"ns4-03.azure-dns.info"
"tpk.pw"
null
As I expected, steeped.space which I host in Cloud DNS came back with Google servers
builder@bosgamerz7:~$ bbot -t steeped.space -p spider
______ _____ ____ _______
| ___ \| __ \ / __ \__ __|
| |___) | |__) | | | | | |
| ___ <| __ <| | | | | |
| |___) | |__) | |__| | | |
|______/|_____/ \____/ |_|
BIGHUGE BLS OSINT TOOL v2.4.1
www.blacklanternsecurity.com/bbot
[INFO] Scan seeded with 1 targets (1 in whitelist, 1 in blacklist)
[INFO] Loaded 1/1 scan modules (httpx)
[INFO] Loaded 6/6 internal modules (aggregate,cloudcheck,dnsresolve,excavate,speculate,unarchive)
[INFO] Loaded 5/5 output modules, (csv,json,python,stdout,txt)
[INFO] internal.speculate: No portscanner enabled. Assuming open ports: 80, 443
[SUCC] Setup succeeded for 14/14 modules.
[SUCC] Scan ready. Press enter to execute childish_ethel
[SUCC] Starting scan childish_ethel
[SCAN] childish_ethel (SCAN:d049921606025a762dfe22213178898fd9289678) TARGET
[DNS_NAME] steeped.space TARGET (domain, in-scope, ns-record, soa-record, target)
[ORG_STUB] steeped speculate
[DNS_NAME] ns-cloud-a3.googledomains.com NS (a-record, aaaa-record, affiliate, distance-1, subdomain)
[DNS_NAME] ns-cloud-a1.googledomains.com NS (a-record, aaaa-record, affiliate, distance-1, subdomain)
[DNS_NAME] ns-cloud-a1.googledomains.com SOA (a-record, aaaa-record, affiliate, distance-1, subdomain)
[DNS_NAME] ns-cloud-a2.googledomains.com NS (a-record, aaaa-record, affiliate, distance-1, subdomain)
[DNS_NAME] ns-cloud-a4.googledomains.com NS (a-record, aaaa-record, affiliate, distance-1, subdomain)
[INFO] Finishing scan
[SCAN] childish_ethel (SCAN:d049921606025a762dfe22213178898fd9289678) TARGET
[INFO] aggregate: +------------+----------------+----------------------------------+
[INFO] aggregate: | Module | Produced | Consumed |
[INFO] aggregate: +============+================+==================================+
[INFO] aggregate: | NS | 4 (4 DNS_NAME) | 0 |
[INFO] aggregate: +------------+----------------+----------------------------------+
[INFO] aggregate: | speculate | 1 (1 ORG_STUB) | 5 (5 DNS_NAME) |
[INFO] aggregate: +------------+----------------+----------------------------------+
[INFO] aggregate: | SOA | 1 (1 DNS_NAME) | 0 |
[INFO] aggregate: +------------+----------------+----------------------------------+
[INFO] aggregate: | dnsresolve | 0 | 15 (7 DNS_NAME, 8 OPEN_TCP_PORT) |
[INFO] aggregate: +------------+----------------+----------------------------------+
[INFO] aggregate: | cloudcheck | 0 | 14 (6 DNS_NAME, 8 OPEN_TCP_PORT) |
[INFO] aggregate: +------------+----------------+----------------------------------+
[INFO] output.csv: Saved CSV output to /home/builder/.bbot/scans/childish_ethel/output.csv
[INFO] output.json: Saved JSON output to /home/builder/.bbot/scans/childish_ethel/output.json
[INFO] output.txt: Saved TXT output to /home/builder/.bbot/scans/childish_ethel/output.txt
[SUCC] Scan childish_ethel completed in 1 second with status FINISHED
builder@bosgamerz7:~$ cat /home/builder/.bbot/scans/childish_ethel/output.json | jq " .host" | sort -u
"ns-cloud-a1.googledomains.com"
"ns-cloud-a2.googledomains.com"
"ns-cloud-a3.googledomains.com"
"ns-cloud-a4.googledomains.com"
"steeped.space"
null
It was running on my primary freshbrewed.science that I saw some interesting outputs
\wsl.localhost\Ubuntu\home\builder\Workspaces\jekyll-blog\content\images\2025\04\bbot-02.png
We can see for 306 DNS names, 8 did not resolve, or at least had issues.
I can open the output in Excel
\wsl.localhost\Ubuntu\home\builder\Workspaces\jekyll-blog\content\images\2025\04\bbot-03.png
Subdomain scan
Let’s use the Subdomain scanner.
I’ll try active first, which did take a while to run
builder@bosgamerz7:~$ bbot -t freshbrewed.science -p subdomain-enum
______ _____ ____ _______
| ___ \| __ \ / __ \__ __|
| |___) | |__) | | | | | |
| ___ <| __ <| | | | | |
| |___) | |__) | |__| | | |
|______/|_____/ \____/ |_|
BIGHUGE BLS OSINT TOOL v2.4.1
www.blacklanternsecurity.com/bbot
[INFO] Scan seeded with 1 targets (1 in whitelist)
[INFO] Installing module dependencies. Please be patient, this may take a while.
[INFO] Installing the following OS packages: openssl
[INFO] Successfully installed OS packages "openssl"
[INFO] Installing the following pip packages: pyOpenSSL~=24.0.0
[INFO] Successfully installed cryptography-42.0.8 pyOpenSSL-24.0.0
[INFO] Running 5 Ansible tasks for dnsbrute
[INFO] Successfully ran 5 Ansible tasks for dnsbrute
[INFO] Installing the following pip packages: asyncpg
[INFO] Successfully installed async-timeout-5.0.1 asyncpg-0.30.0
[INFO] Installing the following pip packages: baddns~=1.4.13
[INFO] Successfully installed baddns-1.4.13 colorama-0.4.6 python-dateutil-2.9.0.post0 python-whois-0.9.5 setuptools-75.9.1 six-1.17.0
[INFO] Installing the following pip packages: baddns~=1.4.13
[INFO] Requirement already satisfied: typing_extensions>=4.5 in ./.local/pipx/venvs/bbot/lib/python3.10/site-packages (from anyio->httpx<0.28.0,>=0.27.2->baddns~=1.4.13) (4.13.2)
[INFO] Loaded 53/53 scan modules (anubisdb,asn,azure_realm,azure_tenant,baddns_direct,baddns_zone,bevigil,binaryedge,bufferoverrun,builtwith,c99,censys,certspotter,chaos,crt,crt_db,digitorus,dnsbimi,dnsbrute,dnsbrute_mutations,dnscaa,dnscommonsrv,dnsdumpster,dnstlsrpt,fullhunt,github_codesearch,github_org,hackertarget,httpx,hunterio,ipneighbor,leakix,myssl,oauth,otx,passivetotal,postman,postman_download,rapiddns,securitytrails,securitytxt,shodan_dns,shodan_idb,sitedossier,social,sslcert,subdomaincenter,subdomainradar,trickest,urlscan,virustotal,wayback,zoomeye)
[INFO] Loaded 6/6 internal modules (aggregate,cloudcheck,dnsresolve,excavate,speculate,unarchive)
[INFO] Loaded 6/6 output modules, (csv,json,python,stdout,subdomains,txt)
[INFO] internal.speculate: No portscanner enabled. Assuming open ports: 80, 443
[INFO] Setup soft-failed for c99: No API key set
[INFO] Setup soft-failed for censys: No API key set
[INFO] Setup soft-failed for shodan_dns: No API key set
[INFO] Setup soft-failed for zoomeye: No API key set
[INFO] Setup soft-failed for chaos: No API key set
[INFO] Setup soft-failed for fullhunt: No API key set
[INFO] Setup soft-failed for passivetotal: No API key set
[INFO] Setup soft-failed for github_codesearch: No API key set
[INFO] Setup soft-failed for postman: No API key set
[INFO] Setup soft-failed for bevigil: No API key set
[INFO] Setup soft-failed for subdomainradar: No API key set
[INFO] Setup soft-failed for postman_download: No API key set
[INFO] Setup soft-failed for binaryedge: No API key set
[INFO] Setup soft-failed for trickest: No API key set
[INFO] Setup soft-failed for bufferoverrun: No API key set
[INFO] Setup soft-failed for hunterio: No API key set
[INFO] Setup soft-failed for securitytrails: No API key set
[INFO] Setup soft-failed for builtwith: No API key set
[INFO] Setup soft-failed for virustotal: No API key set
[INFO] Setup soft-failed for github_org: Error with API ({
"message": "Bad credentials",
"documentation_url": "https://docs.github.com/rest",
"status": "401"
})
[SUCC] Setup succeeded for 47/67 modules.
[SUCC] Scan ready. Press enter to execute fierce_theresa
[SUCC] Starting scan fierce_theresa
[SCAN] fierce_theresa (SCAN:067b99a1cf6b98defdcfda489142da692f247c2a) TARGET
[DNS_NAME] freshbrewed.science TARGET (a-record, aaaa-record, cdn-cloudfront, cdn-ip, cloud-amazon, cloud-ip, domain, in-scope, mx-record, ns-record, soa-record, target, txt-record)
[ORG_STUB] freshbrewed speculate
[INFO] dnsbrute: Brute-forcing 4,989 subdomains for freshbrewed.science (source: freshbrewed.science)
[DNS_NAME] ns-947.awsdns-54.net NS (a-record, aaaa-record, affiliate, cloud-amazon, cloud-ip, distance-1, subdomain)
[DNS_NAME] ns-1185.awsdns-20.org NS (a-record, aaaa-record, affiliate, cloud-amazon, cloud-ip, distance-1, subdomain)
[DNS_NAME] ns-414.awsdns-51.com NS (a-record, aaaa-record, affiliate, cloud-amazon, cloud-ip, distance-1, subdomain)
[DNS_NAME] ns-414.awsdns-51.com SOA (a-record, aaaa-record, affiliate, cloud-amazon, cloud-ip, distance-1, subdomain)
[DNS_NAME] spool.mail.gandi.net MX (a-record, aaaa-record, affiliate, distance-1, subdomain)
[DNS_NAME] fb.mail.gandi.net MX (a-record, aaaa-record, affiliate, distance-1, subdomain)
[DNS_NAME] ns-1961.awsdns-53.co.uk NS (a-record, aaaa-record, affiliate, cloud-amazon, cloud-ip, distance-1, subdomain)
[INFO] anubisdb: Error parsing results for query "freshbrewed.science" (status code 502)
[INFO] leakix: Error parsing results for query "freshbrewed.science" (status code 401)
[OPEN_TCP_PORT] freshbrewed.science:80 shodan_idb (cdn-cloudfront, cdn-ip, cloud-amazon, cloud-ip, in-scope)
[FINDING] {"description": "OpenID Connect Endpoint (domain: freshbrewed.science) found at https://login.windows.net/freshbrewed.science/.well-known/openid-configuration", "host": "freshbrewed.science", "url": "https://login.windows.net/freshbrewed.science/.well-known/openid-configuration"} oauth (cdn-cloudfront, cdn-ip, cloud-amazon, cloud-ip, in-scope)
[FINDING] {"description": "OpenID Connect Endpoint (domain: freshbrewed.science) found at https://login.windows.net/freshbrewed.science/.well-known/openid-configuration", "host": "freshbrewed.science", "url": "https://login.windows.net/freshbrewed.science/.well-known/openid-configuration"} oauth (cdn-cloudfront, cdn-ip, cloud-amazon, cloud-ip, in-scope)
[TECHNOLOGY] {"host": "freshbrewed.science", "technology": "cpe:/a:amazon:amazon_cloudfront"} shodan_idb (cdn-cloudfront, cdn-ip, cloud-amazon, cloud-ip, in-scope)
[OPEN_TCP_PORT] freshbrewed.science:443 shodan_idb (cdn-cloudfront, cdn-ip, cloud-amazon, cloud-ip, in-scope)
[URL] https://freshbrewed.science/ httpx (cdn-cloudfront, cdn-ip, cloud-amazon, cloud-ip, dir, http-title-fresh-brewed-fresh-brewed, in-scope, ip-54-230-202-26, status-200)
[DNS_NAME] core.freshbrewed.science hackertarget (a-record, in-scope, subdomain)
[DNS_NAME] movary.freshbrewed.science hackertarget (a-record, in-scope, subdomain)
[DNS_NAME] core.freshbrewed.science otx (a-record, in-scope, subdomain)
[DNS_NAME] cloudcustodian.freshbrewed.science hackertarget (a-record, in-scope, subdomain)
[DNS_NAME] hedgedoc.freshbrewed.science hackertarget (a-record, in-scope, subdomain)
[DNS_NAME] workflows.freshbrewed.science otx (a-record, in-scope, subdomain)
[DNS_NAME] standardapp.freshbrewed.science hackertarget (a-record, aaaa-record, in-scope, subdomain)
[DNS_NAME] code.freshbrewed.science hackertarget (a-record, in-scope, subdomain)
[DNS_NAME] bitwarden.freshbrewed.science hackertarget (a-record, in-scope, subdomain)
[DNS_NAME] aksdemo2.freshbrewed.science otx (a-record, cdn-github, cdn-ip, cloud-azure, cloud-ip, in-scope, subdomain)
[DNS_NAME] junkins.freshbrewed.science hackertarget (a-record, in-scope, subdomain)
[DNS_NAME] signoz.freshbrewed.science otx (a-record, in-scope, subdomain)
[DNS_NAME] noisedash.freshbrewed.science hackertarget (a-record, in-scope, subdomain)
[DNS_NAME] standardapp.freshbrewed.science otx (a-record, aaaa-record, in-scope, subdomain)
[DNS_NAME] workflows.freshbrewed.science hackertarget (a-record, in-scope, subdomain)
[DNS_NAME] sonarqube.freshbrewed.science otx (a-record, in-scope, subdomain)
[DNS_NAME] bitwarden.freshbrewed.science otx (a-record, in-scope, subdomain)
[DNS_NAME] junkins.freshbrewed.science otx (a-record, in-scope, subdomain)
[DNS_NAME] cloudcustodian.freshbrewed.science otx (a-record, in-scope, subdomain)
[AZURE_TENANT] {"domains": ["freshbrewed.science", "freshbrewedscience.onmicrosoft.com"], "tenant-id": "9399df66-afc3-411c-9a7f-eacacbbe8e5a", "tenant-names": ["freshbrewedscience"]} azure_tenant
[DNS_NAME] code.freshbrewed.science otx (a-record, in-scope, subdomain)
[DNS_NAME] standardapp.freshbrewed.science subdomaincenter (a-record, aaaa-record, in-scope, subdomain)
[DNS_NAME] pomodoro.freshbrewed.science hackertarget (a-record, in-scope, subdomain)
[DNS_NAME] movary.freshbrewed.science subdomaincenter (a-record, in-scope, subdomain)
[DNS_NAME] code.freshbrewed.science subdomaincenter (a-record, in-scope, subdomain)
[DNS_NAME] hedgedoc.freshbrewed.science subdomaincenter (a-record, in-scope, subdomain)
[DNS_NAME] www.freshbrewed.science otx (a-record, aaaa-record, cdn-cloudfront, cdn-ip, cloud-amazon, cloud-ip, in-scope, subdomain)
[DNS_NAME] loft.freshbrewed.science otx (a-record, in-scope, subdomain)
[DNS_NAME] awx.freshbrewed.science hackertarget (a-record, in-scope, subdomain)
[DNS_NAME] zulip.freshbrewed.science hackertarget (a-record, in-scope, subdomain)
[DNS_NAME] junkins.freshbrewed.science subdomaincenter (a-record, in-scope, subdomain)
[DNS_NAME] noisedash.freshbrewed.science subdomaincenter (a-record, in-scope, subdomain)
[DNS_NAME] foo4.freshbrewed.science hackertarget (a-record, in-scope, subdomain)
[DNS_NAME] core.freshbrewed.science subdomaincenter (a-record, in-scope, subdomain)
[DNS_NAME] myflexapp.freshbrewed.science hackertarget (a-record, aaaa-record, in-scope, subdomain, txt-record)
[DNS_NAME] registry.freshbrewed.science hackertarget (a-record, in-scope, subdomain)
[DNS_NAME] notary.freshbrewed.science hackertarget (a-record, in-scope, subdomain)
[DNS_NAME] pomodoreapp.freshbrewed.science hackertarget (a-record, in-scope, subdomain)
[DNS_NAME] foo2.freshbrewed.science otx (a-record, in-scope, subdomain)
[DNS_NAME] rancher.freshbrewed.science hackertarget (a-record, in-scope, subdomain)
[DNS_NAME] awx.freshbrewed.science otx (a-record, in-scope, subdomain)
[DNS_NAME] bitwarden.freshbrewed.science subdomaincenter (a-record, in-scope, subdomain)
[DNS_NAME] sonarqube.freshbrewed.science subdomaincenter (a-record, in-scope, subdomain)
[DNS_NAME] photos.freshbrewed.science hackertarget (a-record, in-scope, subdomain)
[DNS_NAME] status.freshbrewed.science subdomaincenter (a-record, in-scope, subdomain)
[DNS_NAME] myflexapp.freshbrewed.science otx (a-record, aaaa-record, in-scope, subdomain, txt-record)
[DNS_NAME] foo4.freshbrewed.science otx (a-record, in-scope, subdomain)
[DNS_NAME] notary.freshbrewed.science otx (a-record, in-scope, subdomain)
[DNS_NAME] loft2.freshbrewed.science otx (a-record, cdn-github, cdn-ip, in-scope, subdomain)
[DNS_NAME] rancher.freshbrewed.science otx (a-record, in-scope, subdomain)
[DNS_NAME] registry.freshbrewed.science otx (a-record, in-scope, subdomain)
[DNS_NAME] beszel.freshbrewed.science subdomaincenter (a-record, in-scope, subdomain)
[DNS_NAME] uptime.freshbrewed.science hackertarget (a-record, in-scope, subdomain)
[DNS_NAME] www.freshbrewed.science subdomaincenter (a-record, aaaa-record, cdn-cloudfront, cdn-ip, cloud-amazon, cloud-ip, in-scope, subdomain)
[DNS_NAME] whiteboard.freshbrewed.science hackertarget (a-record, in-scope, subdomain)
[DNS_NAME] pomodoreapp.freshbrewed.science subdomaincenter (a-record, in-scope, subdomain)
[DNS_NAME] codex.freshbrewed.science hackertarget (a-record, in-scope, subdomain)
[DNS_NAME] registry.freshbrewed.science subdomaincenter (a-record, in-scope, subdomain)
[DNS_NAME] dufs.freshbrewed.science hackertarget (a-record, in-scope, subdomain)
[DNS_NAME] rundeck.freshbrewed.science otx (a-record, in-scope, subdomain)
[DNS_NAME] harbor.freshbrewed.science hackertarget (a-record, in-scope, subdomain)
[DNS_NAME] notary.freshbrewed.science subdomaincenter (a-record, in-scope, subdomain)
[DNS_NAME] argoci.freshbrewed.science otx (a-record, in-scope, subdomain)
[DNS_NAME] zulip.freshbrewed.science subdomaincenter (a-record, in-scope, subdomain)
[DNS_NAME] guestbook.freshbrewed.science otx (a-record, in-scope, subdomain)
[DNS_NAME] photos.freshbrewed.science subdomaincenter (a-record, in-scope, subdomain)
[DNS_NAME] www.myflexapp.freshbrewed.science otx (a-record, aaaa-record, cname-record, in-scope, subdomain)
[DNS_NAME] rundeck.freshbrewed.science hackertarget (a-record, in-scope, subdomain)
[DNS_NAME] kasarest.freshbrewed.science hackertarget (a-record, in-scope, subdomain)
[DNS_NAME] workflows.freshbrewed.science subdomaincenter (a-record, in-scope, subdomain)
[DNS_NAME] jenkins.freshbrewed.science subdomaincenter (a-record, in-scope, subdomain)
[DNS_NAME] awx.freshbrewed.science subdomaincenter (a-record, in-scope, subdomain)
[DNS_NAME] workflows2.freshbrewed.science hackertarget (a-record, in-scope, subdomain)
[DNS_NAME] forgejo.freshbrewed.science hackertarget (a-record, in-scope, subdomain)
[DNS_NAME] uptime.freshbrewed.science otx (a-record, in-scope, subdomain)
[DNS_NAME] logstream.freshbrewed.science otx (a-record, in-scope, subdomain)
[DNS_NAME] zabbix.freshbrewed.science otx (a-record, in-scope, subdomain)
[DNS_NAME] harbor.freshbrewed.science otx (a-record, in-scope, subdomain)
[DNS_NAME] kasarest.freshbrewed.science otx (a-record, in-scope, subdomain)
[DNS_NAME] foo4.freshbrewed.science subdomaincenter (a-record, in-scope, subdomain)
[DNS_NAME] pomodoro.freshbrewed.science subdomaincenter (a-record, in-scope, subdomain)
[DNS_NAME] dufs.freshbrewed.science urlscan (a-record, in-scope, subdomain)
[DNS_NAME] uptime.freshbrewed.science subdomaincenter (a-record, in-scope, subdomain)
[DNS_NAME] cinny.freshbrewed.science urlscan (a-record, in-scope, subdomain)
[DNS_NAME] www.standardapp.freshbrewed.science otx (a-record, aaaa-record, cname-record, in-scope, subdomain)
[DNS_NAME] www.standardapp.freshbrewed.science urlscan (a-record, aaaa-record, cname-record, in-scope, subdomain)
[INFO] digitorus: Query "freshbrewed.science" failed (no response)
[DNS_NAME] logstream.freshbrewed.science subdomaincenter (a-record, in-scope, subdomain)
[DNS_NAME] standardapp.freshbrewed.science certspotter (a-record, aaaa-record, in-scope, subdomain)
[DNS_NAME] beszel.freshbrewed.science certspotter (a-record, in-scope, subdomain)
[DNS_NAME] rundeck.freshbrewed.science certspotter (a-record, in-scope, subdomain)
[DNS_NAME] status.freshbrewed.science certspotter (a-record, in-scope, subdomain)
[DNS_NAME] timesy.freshbrewed.science hackertarget (a-record, in-scope, subdomain)
[DNS_NAME] opengist.freshbrewed.science hackertarget (a-record, in-scope, subdomain)
[DNS_NAME] python-crfunction.freshbrewed.science otx (a-record, in-scope, subdomain)
[DNS_NAME] myflexapp.freshbrewed.science subdomaincenter (a-record, aaaa-record, in-scope, subdomain, txt-record)
[DNS_NAME] rundeck.freshbrewed.science subdomaincenter (a-record, in-scope, subdomain)
[DNS_NAME] codex.freshbrewed.science certspotter (a-record, in-scope, subdomain)
[DNS_NAME] element.freshbrewed.science hackertarget (a-record, in-scope, subdomain)
[DNS_NAME] firebase.freshbrewed.science hackertarget (a-record, in-scope, subdomain)
[DNS_NAME] wishlist.freshbrewed.science hackertarget (a-record, in-scope, subdomain)
[DNS_NAME] azurevote.freshbrewed.science otx (a-record, in-scope, subdomain)
[DNS_NAME] aksdemo4.freshbrewed.science otx (a-record, cdn-github, cdn-ip, in-scope, subdomain)
[DNS_NAME] workflows2.freshbrewed.science otx (a-record, in-scope, subdomain)
[DNS_NAME] standardapp.freshbrewed.science urlscan (a-record, aaaa-record, in-scope, subdomain)
[DNS_NAME] harbor.freshbrewed.science subdomaincenter (a-record, in-scope, subdomain)
[DNS_NAME] christmas.freshbrewed.science hackertarget (a-record, in-scope, subdomain)
[DNS_NAME] bitwarden.freshbrewed.science certspotter (a-record, in-scope, subdomain)
[DNS_NAME] kasarest.freshbrewed.science certspotter (a-record, in-scope, subdomain)
[DNS_NAME] guestbook.freshbrewed.science subdomaincenter (a-record, in-scope, subdomain)
[DNS_NAME] hedgedoc.freshbrewed.science certspotter (a-record, in-scope, subdomain)
[DNS_NAME] christmas.freshbrewed.science certspotter (a-record, in-scope, subdomain)
[DNS_NAME] publish.freshbrewed.science hackertarget (a-record, in-scope, subdomain)
[DNS_NAME] test.freshbrewed.science otx (a-record, in-scope, subdomain)
[DNS_NAME] vault.freshbrewed.science otx (a-record, in-scope, subdomain)
[DNS_NAME] argocd.freshbrewed.science otx (a-record, in-scope, subdomain)
[DNS_NAME] gbwebui.freshbrewed.science otx (a-record, in-scope, subdomain)
[DNS_NAME] aksdemo.freshbrewed.science otx (a-record, in-scope, subdomain)
[DNS_NAME] zulip.freshbrewed.science certspotter (a-record, in-scope, subdomain)
[DNS_NAME] publish.freshbrewed.science otx (a-record, in-scope, subdomain)
[DNS_NAME] christmas.freshbrewed.science urlscan (a-record, in-scope, subdomain)
[DNS_NAME] opengist.freshbrewed.science certspotter (a-record, in-scope, subdomain)
[DNS_NAME] azurevote.freshbrewed.science subdomaincenter (a-record, in-scope, subdomain)
[DNS_NAME] noisedash.freshbrewed.science certspotter (a-record, in-scope, subdomain)
[DNS_NAME] firebase.freshbrewed.science otx (a-record, in-scope, subdomain)
[DNS_NAME] code.freshbrewed.science certspotter (a-record, in-scope, subdomain)
[DNS_NAME] dufs.freshbrewed.science subdomaincenter (a-record, in-scope, subdomain)
[DNS_NAME] whiteboard.freshbrewed.science subdomaincenter (a-record, in-scope, subdomain)
[DNS_NAME] opengist.freshbrewed.science subdomaincenter (a-record, in-scope, subdomain)
[DNS_NAME] planereport.freshbrewed.science urlscan (a-record, in-scope, subdomain)
[DNS_NAME] forgejo.freshbrewed.science subdomaincenter (a-record, in-scope, subdomain)
[DNS_NAME] wpblog.freshbrewed.science otx (a-record, in-scope, subdomain)
[DNS_NAME] timesy.freshbrewed.science otx (a-record, in-scope, subdomain)
[DNS_NAME] codex.freshbrewed.science subdomaincenter (a-record, in-scope, subdomain)
[DNS_NAME] workflows2.freshbrewed.science subdomaincenter (a-record, in-scope, subdomain)
[DNS_NAME] kasarest.freshbrewed.science subdomaincenter (a-record, in-scope, subdomain)
[DNS_NAME] dufs.freshbrewed.science certspotter (a-record, in-scope, subdomain)
[DNS_NAME] movary.freshbrewed.science urlscan (a-record, in-scope, subdomain)
[DNS_NAME] element.freshbrewed.science certspotter (a-record, in-scope, subdomain)
[DNS_NAME] awx.freshbrewed.science certspotter (a-record, in-scope, subdomain)
[DNS_NAME] photos.freshbrewed.science certspotter (a-record, in-scope, subdomain)
[DNS_NAME] gitea.freshbrewed.science subdomaincenter (a-record, in-scope, subdomain)
[DNS_NAME] gitea.freshbrewed.science hackertarget (a-record, in-scope, subdomain)
[DNS_NAME] gitea.freshbrewed.science otx (a-record, in-scope, subdomain)
[DNS_NAME] movary.freshbrewed.science certspotter (a-record, in-scope, subdomain)
[DNS_NAME] uptime.freshbrewed.science certspotter (a-record, in-scope, subdomain)
[DNS_NAME] timesy.freshbrewed.science certspotter (a-record, in-scope, subdomain)
[DNS_NAME] christmas.freshbrewed.science subdomaincenter (a-record, in-scope, subdomain)
[DNS_NAME] firebase.freshbrewed.science certspotter (a-record, in-scope, subdomain)
[DNS_NAME] whiteboard.freshbrewed.science certspotter (a-record, in-scope, subdomain)
[INFO] dnsbrute: Brute-forcing 4,989 subdomains for myflexapp.freshbrewed.science (source: www.myflexapp.freshbrewed.science)
[DNS_NAME] pomodoro.freshbrewed.science certspotter (a-record, in-scope, subdomain)
[DNS_NAME] pomodoreapp.freshbrewed.science certspotter (a-record, in-scope, subdomain)
[DNS_NAME] firebase.freshbrewed.science subdomaincenter (a-record, in-scope, subdomain)
[DNS_NAME] element.freshbrewed.science subdomaincenter (a-record, in-scope, subdomain)
[DNS_NAME] publish.freshbrewed.science subdomaincenter (a-record, in-scope, subdomain)
[DNS_NAME] foo4.freshbrewed.science certspotter (a-record, in-scope, subdomain)
[DNS_NAME] harbor.freshbrewed.science certspotter (a-record, in-scope, subdomain)
[DNS_NAME] timesy.freshbrewed.science subdomaincenter (a-record, in-scope, subdomain)
[DNS_NAME] gitea.freshbrewed.science certspotter (a-record, in-scope, subdomain)
[DNS_NAME] forgejo.freshbrewed.science certspotter (a-record, in-scope, subdomain)
[DNS_NAME] loft2.freshbrewed.science crt_db (a-record, cdn-github, cdn-ip, in-scope, subdomain)
[DNS_NAME] bitwarden.freshbrewed.science crt_db (a-record, in-scope, subdomain)
[DNS_NAME] status.freshbrewed.science crt_db (a-record, in-scope, subdomain)
[DNS_NAME] notary.freshbrewed.science crt_db (a-record, in-scope, subdomain)
[DNS_NAME] sonarqube.freshbrewed.science crt_db (a-record, in-scope, subdomain)
[DNS_NAME] cloudcustodian.freshbrewed.science crt_db (a-record, in-scope, subdomain)
[DNS_NAME] standardapp.freshbrewed.science crt_db (a-record, aaaa-record, in-scope, subdomain)
[DNS_NAME] loft.freshbrewed.science crt_db (a-record, in-scope, subdomain)
[DNS_NAME] awxvm.freshbrewed.science crt_db (a-record, in-scope, subdomain)
[DNS_NAME] beszel.freshbrewed.science crt_db (a-record, in-scope, subdomain)
[DNS_NAME] harbor.freshbrewed.science rapiddns (a-record, in-scope, subdomain)
[DNS_NAME] kasarest.freshbrewed.science crt_db (a-record, in-scope, subdomain)
[DNS_NAME] cinny.freshbrewed.science crt_db (a-record, in-scope, subdomain)
[DNS_NAME] logstream.freshbrewed.science crt_db (a-record, in-scope, subdomain)
[DNS_NAME] azurevote.freshbrewed.science crt_db (a-record, in-scope, subdomain)
[DNS_NAME] standardapp.freshbrewed.science rapiddns (a-record, aaaa-record, in-scope, subdomain)
[DNS_NAME] publish.freshbrewed.science rapiddns (a-record, in-scope, subdomain)
[DNS_NAME] core.freshbrewed.science rapiddns (a-record, in-scope, subdomain)
[DNS_NAME] junkins.freshbrewed.science rapiddns (a-record, in-scope, subdomain)
[DNS_NAME] pingtest.freshbrewed.science crt_db (a-record, in-scope, subdomain)
[DNS_NAME] vault.freshbrewed.science crt_db (a-record, in-scope, subdomain)
[DNS_NAME] codex.freshbrewed.science crt_db (a-record, in-scope, subdomain)
[DNS_NAME] awx.freshbrewed.science crt_db (a-record, in-scope, subdomain)
[DNS_NAME] publish.freshbrewed.science crt_db (a-record, in-scope, subdomain)
[DNS_NAME] rundeck.freshbrewed.science crt_db (a-record, in-scope, subdomain)
[DNS_NAME] zulip.freshbrewed.science crt_db (a-record, in-scope, subdomain)
[DNS_NAME] fluffychat.freshbrewed.science crt_db (a-record, in-scope, subdomain)
[DNS_NAME] gitness.freshbrewed.science crt_db (a-record, in-scope, subdomain)
[DNS_NAME] dokemon.freshbrewed.science crt_db (a-record, in-scope, subdomain)
[DNS_NAME] christmas.freshbrewed.science crt_db (a-record, in-scope, subdomain)
[DNS_NAME] hedgedoc.freshbrewed.science crt_db (a-record, in-scope, subdomain)
[DNS_NAME] foo3.freshbrewed.science crt_db (a-record, cdn-github, cdn-ip, in-scope, subdomain)
[DNS_NAME] registry.freshbrewed.science crt_db (a-record, in-scope, subdomain)
[DNS_NAME] planereport.freshbrewed.science crt_db (a-record, in-scope, subdomain)
[DNS_NAME] rancher.freshbrewed.science crt_db (a-record, in-scope, subdomain)
[DNS_NAME] python-crfunction.freshbrewed.science crt_db (a-record, in-scope, subdomain)
[DNS_NAME] dufs.freshbrewed.science crt_db (a-record, in-scope, subdomain)
[DNS_NAME] opengist.freshbrewed.science crt_db (a-record, in-scope, subdomain)
[DNS_NAME] uptime.freshbrewed.science crt_db (a-record, in-scope, subdomain)
[DNS_NAME] noisedash.freshbrewed.science crt_db (a-record, in-scope, subdomain)
[DNS_NAME] punq.freshbrewed.science crt_db (a-record, in-scope, subdomain)
[DNS_NAME] code.freshbrewed.science crt_db (a-record, in-scope, subdomain)
[DNS_NAME] aksdemo2.freshbrewed.science crt_db (a-record, cdn-github, cdn-ip, cloud-azure, cloud-ip, in-scope, subdomain)
[DNS_NAME] disabledsvc.freshbrewed.science crt_db (a-record, in-scope, subdomain)
[DNS_NAME] test.freshbrewed.science crt_db (a-record, in-scope, subdomain)
[DNS_NAME] nexus.freshbrewed.science crt_db (a-record, in-scope, subdomain)
[DNS_NAME] zentao.freshbrewed.science crt_db (a-record, in-scope, subdomain)
[DNS_NAME] pomodoro.freshbrewed.science crt_db (a-record, in-scope, subdomain)
[DNS_NAME] nodesite.freshbrewed.science crt_db (a-record, in-scope, subdomain)
[DNS_NAME] element.freshbrewed.science crt_db (a-record, in-scope, subdomain)
[DNS_NAME] recipes.freshbrewed.science wayback (a-record, in-scope, subdomain)
[DNS_NAME] whiteboard.freshbrewed.science crt_db (a-record, in-scope, subdomain)
[DNS_NAME] wpblog.freshbrewed.science wayback (a-record, in-scope, subdomain)
[DNS_NAME] pomodoreapp.freshbrewed.science crt_db (a-record, in-scope, subdomain)
[DNS_NAME] jenkins.freshbrewed.science crt_db (a-record, in-scope, subdomain)
[DNS_NAME] dufs.freshbrewed.science wayback (a-record, in-scope, subdomain)
[DNS_NAME] guestbook.freshbrewed.science crt_db (a-record, in-scope, subdomain)
[DNS_NAME] mattermost.freshbrewed.science crt_db (a-record, in-scope, subdomain)
[DNS_NAME] aksloft2.freshbrewed.science crt_db (a-record, cdn-github, cdn-ip, cloud-azure, cloud-ip, in-scope, subdomain)
[DNS_NAME] foo2.freshbrewed.science crt_db (a-record, in-scope, subdomain)
[DNS_NAME] disabledsvc.freshbrewed.science wayback (a-record, in-scope, subdomain)
[DNS_NAME] codex.freshbrewed.science wayback (a-record, in-scope, subdomain)
[DNS_NAME] sonarqube.freshbrewed.science wayback (a-record, in-scope, subdomain)
[DNS_NAME] zulip.freshbrewed.science wayback (a-record, in-scope, subdomain)
[DNS_NAME] registry.freshbrewed.science wayback (a-record, in-scope, subdomain)
[DNS_NAME] python-crfunction.freshbrewed.science wayback (a-record, in-scope, subdomain)
[DNS_NAME] pingtest.freshbrewed.science wayback (a-record, in-scope, subdomain)
[DNS_NAME] grafana.freshbrewed.science crt_db (cname-record, in-scope, subdomain)
[INFO] fierce_theresa: Modules running (incoming:processing:outgoing) dnsresolve(621:25:0), dnscommonsrv(208:1:0), dnsbrute(148:1:0), baddns_zone(0:3:0), dnscaa(0:1:0)
[INFO] fierce_theresa: Events produced so far: DNS_NAME: 234, OPEN_TCP_PORT: 2, SCAN: 1, ORG_STUB: 1, FINDING: 1, TECHNOLOGY: 1, URL: 1, AZURE_TENANT: 1
[INFO] fierce_theresa: No events in queue (4,257 processed in the past 15 seconds)
[DNS_NAME] www.myflexapp.freshbrewed.science crt_db (a-record, aaaa-record, cname-record, in-scope, subdomain)
[DNS_NAME] www.standardapp.freshbrewed.science certspotter (a-record, aaaa-record, cname-record, in-scope, subdomain)
[DNS_NAME] www.standardapp.freshbrewed.science crt_db (a-record, aaaa-record, cname-record, in-scope, subdomain)
[DNS_NAME] www.standardapp.freshbrewed.science subdomaincenter (a-record, aaaa-record, cname-record, in-scope, subdomain)
[DNS_NAME] www.standardapp.freshbrewed.science rapiddns (a-record, aaaa-record, cname-record, in-scope, subdomain)
[DNS_NAME] www.myflexapp.freshbrewed.science rapiddns (a-record, aaaa-record, cname-record, in-scope, subdomain)
[DNS_NAME] www.myflexapp.freshbrewed.science subdomaincenter (a-record, aaaa-record, cname-record, in-scope, subdomain)
[DNS_NAME] instance1.cloudrun.freshbrewed.science subdomaincenter (a-record, aaaa-record, cname-record, in-scope, subdomain)
[DNS_NAME] instance1.cloudrun.freshbrewed.science otx (a-record, aaaa-record, cname-record, in-scope, subdomain)
[DNS_NAME] instance1.cloudrun.freshbrewed.science crt_db (a-record, aaaa-record, cname-record, in-scope, subdomain)
[DNS_NAME] instance1.cloudrun.freshbrewed.science certspotter (a-record, aaaa-record, cname-record, in-scope, subdomain)
[DNS_NAME] wishlist.freshbrewed.science subdomaincenter (a-record, in-scope, subdomain)
[DNS_NAME] wishlist.freshbrewed.science certspotter (a-record, in-scope, subdomain)
[DNS_NAME] wishlist.freshbrewed.science crt_db (a-record, in-scope, subdomain)
[DNS_NAME] instance1.cloudrun.freshbrewed.science wayback (a-record, aaaa-record, cname-record, in-scope, subdomain)
[DNS_NAME] movary.freshbrewed.science wayback (a-record, in-scope, subdomain)
[DNS_NAME] vault.freshbrewed.science wayback (a-record, in-scope, subdomain)
[DNS_NAME] recipes.freshbrewed.science crt_db (a-record, in-scope, subdomain)
[DNS_NAME] nexus.freshbrewed.science wayback (a-record, in-scope, subdomain)
[DNS_NAME] pomodoreapp.freshbrewed.science wayback (a-record, in-scope, subdomain)
[DNS_NAME] timesy.freshbrewed.science wayback (a-record, in-scope, subdomain)
[DNS_NAME] filebrowser.freshbrewed.science crt_db (a-record, in-scope, subdomain)
[DNS_NAME] forgejo.freshbrewed.science wayback (a-record, in-scope, subdomain)
[DNS_NAME] giteatest.freshbrewed.science crt_db (a-record, in-scope, subdomain)
[DNS_NAME] matrix.freshbrewed.science certspotter (a-record, in-scope, subdomain)
[DNS_NAME] matrix.freshbrewed.science otx (a-record, in-scope, subdomain)
[DNS_NAME] matrix.freshbrewed.science subdomaincenter (a-record, in-scope, subdomain)
[DNS_NAME] argocd.freshbrewed.science crt_db (a-record, in-scope, subdomain)
[DNS_NAME] forgejo.freshbrewed.science crt_db (a-record, in-scope, subdomain)
[DNS_NAME] matrix.freshbrewed.science crt_db (a-record, in-scope, subdomain)
[DNS_NAME] aksdemo4.freshbrewed.science crt_db (a-record, cdn-github, cdn-ip, in-scope, subdomain)
[DNS_NAME] uptime.freshbrewed.science wayback (a-record, in-scope, subdomain)
[DNS_NAME] matrix.freshbrewed.science hackertarget (a-record, aaaa-error, cname-error, in-scope, subdomain)
[DNS_NAME] hedgedoc.freshbrewed.science wayback (a-record, in-scope, subdomain)
[DNS_NAME] workflows.freshbrewed.science crt_db (a-record, in-scope, subdomain)
[DNS_NAME] www.standardapp.freshbrewed.science wayback (a-record, aaaa-record, cname-record, in-scope, subdomain)
[DNS_NAME] junkins.freshbrewed.science crt_db (a-record, in-scope, subdomain)
[DNS_NAME] core.freshbrewed.science crt_db (a-record, in-scope, subdomain)
[DNS_NAME] portainer.freshbrewed.science crt_db (a-record, in-scope, subdomain)
[DNS_NAME] docusaurus.freshbrewed.science crt_db (a-record, in-scope, subdomain)
[DNS_NAME] foo4.freshbrewed.science crt_db (a-record, in-scope, subdomain)
[DNS_NAME] signoz.freshbrewed.science crt_db (a-record, in-scope, subdomain)
[DNS_NAME] timesy.freshbrewed.science crt_db (a-record, in-scope, subdomain)
[DNS_NAME] photos.freshbrewed.science wayback (a-record, in-scope, subdomain)
[DNS_NAME] photos.freshbrewed.science crt_db (a-record, in-scope, subdomain)
[DNS_NAME] movary.freshbrewed.science crt_db (a-record, in-scope, subdomain)
[DNS_NAME] code.freshbrewed.science wayback (a-record, in-scope, subdomain)
[DNS_NAME] foo4.freshbrewed.science wayback (a-record, in-scope, subdomain)
[DNS_NAME] standardapp.freshbrewed.science wayback (a-record, aaaa-record, in-scope, subdomain)
[DNS_NAME] gitness.freshbrewed.science wayback (a-record, in-scope, subdomain)
[DNS_NAME] awxvm.freshbrewed.science wayback (a-record, in-scope, subdomain)
[DNS_NAME] bitwarden.freshbrewed.science wayback (a-record, in-scope, subdomain)
[DNS_NAME] harbor.freshbrewed.science crt_db (a-record, in-scope, subdomain)
[DNS_NAME] matrix.freshbrewed.science wayback (a-record, in-scope, subdomain)
[DNS_NAME] harbor.freshbrewed.science wayback (a-record, in-scope, subdomain)
[DNS_NAME] beszel.freshbrewed.science wayback (a-record, in-scope, subdomain)
[DNS_NAME] wishlist.freshbrewed.science wayback (a-record, in-scope, subdomain)
[DNS_NAME] status.freshbrewed.science wayback (a-record, in-scope, subdomain)
[DNS_NAME] gitea.freshbrewed.science crt_db (a-record, in-scope, subdomain)
[DNS_NAME] awx.freshbrewed.science wayback (a-record, in-scope, subdomain)
[DNS_NAME] strapi.freshbrewed.science crt_db (a-record, in-scope, subdomain)
[DNS_NAME] openproject.freshbrewed.science crt_db (a-record, in-scope, subdomain)
[DNS_NAME] rancher.freshbrewed.science wayback (a-record, in-scope, subdomain)
[DNS_NAME] gbwebui.freshbrewed.science crt_db (a-record, in-scope, subdomain)
[DNS_NAME] workflows2.freshbrewed.science crt_db (a-record, in-scope, subdomain)
[DNS_NAME] wpblog.freshbrewed.science crt_db (a-record, in-scope, subdomain)
[DNS_NAME] argoci.freshbrewed.science crt_db (a-record, in-scope, subdomain)
[DNS_NAME] zabbix.freshbrewed.science crt_db (a-record, in-scope, subdomain)
[DNS_NAME] element.freshbrewed.science wayback (a-record, in-scope, subdomain)
[DNS_NAME] opendocman.freshbrewed.science crt_db (a-record, in-scope, subdomain)
[DNS_NAME] signoz.freshbrewed.science wayback (a-record, in-scope, subdomain)
[DNS_NAME] nodesite.freshbrewed.science wayback (a-record, in-scope, subdomain)
[DNS_NAME] argocd.freshbrewed.science wayback (a-record, in-scope, subdomain)
[DNS_NAME] pashword.freshbrewed.science crt_db (a-record, in-scope, subdomain)
[DNS_NAME] pashword.freshbrewed.science wayback (a-record, in-scope, subdomain)
[DNS_NAME] gbwebui.freshbrewed.science wayback (a-record, in-scope, subdomain)
[DNS_NAME] login.windows.net oauth->host (a-record, aaaa-record, affiliate, cdn-github, cdn-ip, cloud-azure, cloud-domain, cloud-ip, cname-record, distance-1, subdomain)
[URL] http://freshbrewed.science/ httpx (cdn-cloudfront, cdn-ip, cloud-amazon, cloud-ip, dir, http-title-301-moved-permanently, in-scope, ip-54-230-202-26, status-301)
[DNS_NAME] christmas.freshbrewed.science wayback (a-record, in-scope, subdomain)
[DNS_NAME] loft.freshbrewed.science wayback (a-record, in-scope, subdomain)
[DNS_NAME] kasarest.freshbrewed.science wayback (a-record, in-scope, subdomain)
[DNS_NAME] pomodoro.freshbrewed.science wayback (a-record, in-scope, subdomain)
[DNS_NAME] gitea.freshbrewed.science wayback (a-record, in-scope, subdomain)
[DNS_NAME] opengist.freshbrewed.science wayback (a-record, in-scope, subdomain)
[DNS_NAME] www.freshbrewed.science wayback (a-record, aaaa-record, cdn-cloudfront, cdn-ip, cloud-amazon, cloud-ip, in-scope, subdomain)
[DNS_NAME] noisedash.freshbrewed.science wayback (a-record, in-scope, subdomain)
[DNS_NAME] sts.windows.net oauth->host (a-record, aaaa-record, affiliate, cdn-github, cdn-ip, cloud-azure, cloud-domain, cloud-ip, cname-record, distance-1, subdomain)
[DNS_NAME] rundeck.freshbrewed.science wayback (a-record, in-scope, subdomain)
[DNS_NAME] whiteboard.freshbrewed.science wayback (a-record, in-scope, subdomain)
[OPEN_TCP_PORT] freshbrewed.science:443 speculate (cdn-cloudfront, cdn-ip, cloud-amazon, cloud-ip, in-scope)
[DNS_NAME] pas.windows.net oauth->host (a-record, aaaa-record, affiliate, cdn-github, cdn-ip, cloud-azure, cloud-domain, cloud-ip, cname-record, distance-1, subdomain)
[DNS_NAME] freshbrewed.science httpx->excavate (a-record, aaaa-record, cdn-cloudfront, cdn-ip, cloud-amazon, cloud-ip, domain, in-scope, mx-record, ns-record, soa-record, txt-record)
[FINDING] {"description": "Potentially Sprayable OAUTH Endpoint (domain: freshbrewed.science) at https://login.windows.net/9399df66-afc3-411c-9a7f-eacacbbe8e5a/oauth2/token", "host": "login.windows.net", "url": "https://login.windows.net/9399df66-afc3-411c-9a7f-eacacbbe8e5a/oauth2/token"} oauth->oauth (affiliate, cdn-github, cdn-ip, cloud-azure, cloud-domain, cloud-ip, distance-1)
[FINDING] {"description": "Potentially Sprayable OAUTH Endpoint (domain: freshbrewed.science) at https://login.windows.net/9399df66-afc3-411c-9a7f-eacacbbe8e5a/oauth2/token", "host": "login.windows.net", "url": "https://login.windows.net/9399df66-afc3-411c-9a7f-eacacbbe8e5a/oauth2/token"} oauth->oauth (affiliate, cdn-github, cdn-ip, cloud-azure, cloud-domain, cloud-ip, distance-1)
[DNS_NAME] status.freshbrewed.science httpx->excavate (a-record, in-scope, subdomain)
[DNS_NAME] freshbrewed.science speculate (a-record, aaaa-record, cdn-cloudfront, cdn-ip, cloud-amazon, cloud-ip, domain, in-scope, mx-record, ns-record, soa-record, txt-record)
[DNS_NAME] myflexapp.freshbrewed.science wayback (a-record, aaaa-record, in-scope, subdomain, txt-record)
[DNS_NAME] myflexapp.freshbrewed.science crt_db (a-record, aaaa-record, in-scope, subdomain, txt-record)
[DNS_NAME] awx2.freshbrewed.science crt_db (a-record, in-scope, mx-error, srv-error, subdomain)
[OPEN_TCP_PORT] core.freshbrewed.science:1723 shodan_idb (in-scope)
[OPEN_TCP_PORT] core.freshbrewed.science:1194 shodan_idb (in-scope)
[DNS_NAME] myflexapp.freshbrewed.science rapiddns (a-record, aaaa-record, cname-error, in-scope, subdomain, txt-record)
[OPEN_TCP_PORT] standardapp.freshbrewed.science:80 shodan_idb (in-scope)
[OPEN_TCP_PORT] core.freshbrewed.science:5050 shodan_idb (in-scope)
[TECHNOLOGY] {"host": "core.freshbrewed.science", "technology": "cpe:/a:f5:nginx:1.25.4"} shodan_idb (in-scope)
[OPEN_TCP_PORT] core.freshbrewed.science:9443 shodan_idb (in-scope)
[DNS_NAME] registry.freshbrewed.science shodan_idb (a-record, in-scope, subdomain)
[OPEN_TCP_PORT] core.freshbrewed.science:80 shodan_idb (in-scope)
[OPEN_TCP_PORT] core.freshbrewed.science:8443 shodan_idb (in-scope)
[OPEN_TCP_PORT] core.freshbrewed.science:443 shodan_idb (in-scope)
[TECHNOLOGY] {"host": "core.freshbrewed.science", "technology": "cpe:/a:f5:nginx"} shodan_idb (in-scope)
[OPEN_TCP_PORT] standardapp.freshbrewed.science:443 shodan_idb (in-scope)
[ORG_STUB] freshbrewedscience speculate
[DNS_NAME] aksdemo.freshbrewed.science crt_db (a-record, in-scope, subdomain, txt-error)
[DNS_NAME] cloudcustodian.freshbrewed.science wayback (a-record, in-scope, ns-error, soa-error, subdomain, txt-error)
[DNS_NAME] firebase.freshbrewed.science wayback (a-record, in-scope, subdomain)
[DNS_NAME] azurevote.freshbrewed.science wayback (a-record, aaaa-error, cname-error, in-scope, subdomain)
[DNS_NAME] ghs.googlehosted.com CNAME (a-record, aaaa-record, affiliate, distance-1, subdomain)
[INFO] dnsbrute: Brute-forcing 4,989 subdomains for standardapp.freshbrewed.science (source: www.standardapp.freshbrewed.science)
[DNS_NAME] firebase.freshbrewed.science crt_db (a-record, aaaa-error, in-scope, subdomain)
[OPEN_TCP_PORT] www.myflexapp.freshbrewed.science:80 shodan_idb (in-scope)
[OPEN_TCP_PORT] www.myflexapp.freshbrewed.science:443 shodan_idb (in-scope)
[DNS_NAME] myflexapp.freshbrewed.science speculate (a-record, aaaa-record, in-scope, subdomain, txt-record)
[DNS_NAME] ghs.googlehosted.com CNAME (a-record, aaaa-record, affiliate, distance-1, subdomain)
[OPEN_TCP_PORT] www.standardapp.freshbrewed.science:443 shodan_idb (in-scope)
[OPEN_TCP_PORT] www.standardapp.freshbrewed.science:80 shodan_idb (in-scope)
[DNS_NAME] standardapp.freshbrewed.science speculate (a-record, aaaa-record, in-scope, subdomain)
[OPEN_TCP_PORT] firebase.freshbrewed.science:443 shodan_idb (in-scope)
[DNS_NAME] beszel.freshbrewed.science crt (a-record, in-scope, subdomain)
[OPEN_TCP_PORT] firebase.freshbrewed.science:80 shodan_idb (in-scope)
[DNS_NAME] bitwarden.freshbrewed.science crt (a-record, in-scope, subdomain)
[DNS_NAME] standardapp.freshbrewed.science crt (a-record, aaaa-record, in-scope, subdomain)
[DNS_NAME] sonarqube.freshbrewed.science crt (a-record, in-scope, subdomain)
[DNS_NAME] cloudcustodian.freshbrewed.science crt (a-record, in-scope, subdomain)
[DNS_NAME] kasarest.freshbrewed.science crt (a-record, in-scope, subdomain)
[DNS_NAME] status.freshbrewed.science crt (a-record, in-scope, subdomain)
[DNS_NAME] loft2.freshbrewed.science crt (a-record, cdn-github, cdn-ip, in-scope, subdomain)
[DNS_NAME] awx2.freshbrewed.science crt (a-record, in-scope, subdomain)
[DNS_NAME] loft.freshbrewed.science crt (a-record, in-scope, subdomain)
[DNS_NAME] codex.freshbrewed.science crt (a-record, in-scope, subdomain)
[DNS_NAME] azurevote.freshbrewed.science crt (a-record, in-scope, subdomain)
[DNS_NAME] cinny.freshbrewed.science crt (a-record, in-scope, subdomain)
[DNS_NAME] wishlist.freshbrewed.science crt (a-record, in-scope, subdomain)
[DNS_NAME] logstream.freshbrewed.science crt (a-record, in-scope, subdomain)
[DNS_NAME] awxvm.freshbrewed.science crt (a-record, in-scope, subdomain)
[DNS_NAME] pingtest.freshbrewed.science crt (a-record, in-scope, subdomain)
[DNS_NAME] dokemon.freshbrewed.science crt (a-record, in-scope, subdomain)
[DNS_NAME] vault.freshbrewed.science crt (a-record, in-scope, subdomain)
[OPEN_TCP_PORT] aksdemo4.freshbrewed.science:443 shodan_idb (cdn-github, cdn-ip, in-scope)
[DNS_NAME] christmas.freshbrewed.science crt (a-record, in-scope, subdomain)
[DNS_NAME] rundeck.freshbrewed.science crt (a-record, in-scope, subdomain)
[DNS_NAME] publish.freshbrewed.science crt (a-record, in-scope, subdomain)
[DNS_NAME] zulip.freshbrewed.science crt (a-record, in-scope, subdomain)
[DNS_NAME] hedgedoc.freshbrewed.science crt (a-record, in-scope, subdomain)
[DNS_NAME] foo3.freshbrewed.science crt (a-record, cdn-github, cdn-ip, in-scope, subdomain)
[DNS_NAME] gitness.freshbrewed.science crt (a-record, in-scope, subdomain)
[DNS_NAME] fluffychat.freshbrewed.science crt (a-record, in-scope, subdomain)
[DNS_NAME] registry.freshbrewed.science crt (a-record, in-scope, subdomain)
[DNS_NAME] opengist.freshbrewed.science crt (a-record, in-scope, subdomain)
[DNS_NAME] awx.freshbrewed.science crt (a-record, in-scope, subdomain)
[DNS_NAME] rancher.freshbrewed.science crt (a-record, in-scope, subdomain)
[DNS_NAME] www.standardapp.freshbrewed.science crt (a-record, aaaa-record, cname-record, in-scope, subdomain)
[DNS_NAME] www.myflexapp.freshbrewed.science crt (a-record, aaaa-record, cname-record, in-scope, subdomain)
[DNS_NAME] dufs.freshbrewed.science crt (a-record, in-scope, subdomain)
[DNS_NAME] python-crfunction.freshbrewed.science crt (a-record, in-scope, subdomain)
[DNS_NAME] planereport.freshbrewed.science crt (a-record, in-scope, subdomain)
[DNS_NAME] instance1.cloudrun.freshbrewed.science crt (a-record, aaaa-record, cname-record, in-scope, subdomain)
[DNS_NAME] punq.freshbrewed.science crt (a-record, in-scope, subdomain)
[DNS_NAME] uptime.freshbrewed.science crt (a-record, in-scope, subdomain)
[DNS_NAME] noisedash.freshbrewed.science crt (a-record, in-scope, subdomain)
[DNS_NAME] test.freshbrewed.science crt (a-record, in-scope, subdomain)
[DNS_NAME] nodesite.freshbrewed.science crt (a-record, in-scope, subdomain)
[DNS_NAME] code.freshbrewed.science crt (a-record, in-scope, subdomain)
[DNS_NAME] zentao.freshbrewed.science crt (a-record, in-scope, subdomain)
[DNS_NAME] aksdemo2.freshbrewed.science crt (a-record, cdn-github, cdn-ip, cloud-azure, cloud-ip, in-scope, subdomain)
[DNS_NAME] nexus.freshbrewed.science crt (a-record, in-scope, subdomain)
[DNS_NAME] element.freshbrewed.science crt (a-record, in-scope, subdomain)
[DNS_NAME] disabledsvc.freshbrewed.science crt (a-record, in-scope, subdomain)
[DNS_NAME] myflexapp.freshbrewed.science crt (a-record, aaaa-record, in-scope, subdomain, txt-record)
[DNS_NAME] aksloft2.freshbrewed.science crt (a-record, cdn-github, cdn-ip, cloud-azure, cloud-ip, in-scope, subdomain)
[DNS_NAME] foo2.freshbrewed.science crt (a-record, in-scope, subdomain)
[DNS_NAME] jenkins.freshbrewed.science crt (a-record, in-scope, subdomain)
[ASN] {"asn": "16509", "country": "US", "description": "Amazon.com, Inc.", "name": "AMAZON-02", "subnet": "2600:9000:2043::/48"} asn
[DNS_NAME] guestbook.freshbrewed.science crt (a-record, in-scope, subdomain)
[DNS_NAME] pomodoreapp.freshbrewed.science crt (a-record, in-scope, subdomain)
[DNS_NAME] pomodoro.freshbrewed.science crt (a-record, in-scope, subdomain)
[DNS_NAME] whiteboard.freshbrewed.science crt (a-record, in-scope, subdomain)
[DNS_NAME] mattermost.freshbrewed.science crt (a-record, in-scope, subdomain)
[DNS_NAME] grafana.freshbrewed.science crt (cname-record, in-scope, subdomain)
[DNS_NAME] firebase.freshbrewed.science crt (a-record, in-scope, subdomain)
[DNS_NAME] matrix.freshbrewed.science crt (a-record, in-scope, subdomain)
[DNS_NAME] aksdemo.freshbrewed.science crt (a-record, in-scope, subdomain)
[DNS_NAME] aksdemo4.freshbrewed.science crt (a-record, cdn-github, cdn-ip, in-scope, subdomain)
[DNS_NAME] forgejo.freshbrewed.science crt (a-record, in-scope, subdomain)
[DNS_NAME] signoz.freshbrewed.science crt (a-record, in-scope, subdomain)
[DNS_NAME] giteatest.freshbrewed.science crt (a-record, in-scope, subdomain)
[DNS_NAME] argocd.freshbrewed.science crt (a-record, in-scope, subdomain)
[DNS_NAME] recipes.freshbrewed.science crt (a-record, in-scope, subdomain)
[DNS_NAME] filebrowser.freshbrewed.science crt (a-record, in-scope, subdomain)
[ASN] {"asn": "16509", "country": "US", "description": "Amazon.com, Inc.", "name": "AMAZON-02", "subnet": "2600:9000:2043::/48"} asn
[DNS_NAME] junkins.freshbrewed.science crt (a-record, in-scope, subdomain)
[DNS_NAME] foo4.freshbrewed.science crt (a-record, in-scope, subdomain)
[DNS_NAME] workflows.freshbrewed.science crt (a-record, in-scope, subdomain)
[DNS_NAME] movary.freshbrewed.science crt (a-record, in-scope, subdomain)
[DNS_NAME] zabbix.freshbrewed.science crt (a-record, in-scope, subdomain)
[DNS_NAME] argoci.freshbrewed.science crt (a-record, in-scope, subdomain)
[DNS_NAME] strapi.freshbrewed.science crt (a-record, in-scope, subdomain)
[DNS_NAME] portainer.freshbrewed.science crt (a-record, in-scope, subdomain)
[DNS_NAME] photos.freshbrewed.science crt (a-record, in-scope, subdomain)
[DNS_NAME] docusaurus.freshbrewed.science crt (a-record, in-scope, subdomain)
[DNS_NAME] core.freshbrewed.science crt (a-record, in-scope, subdomain)
[DNS_NAME] openproject.freshbrewed.science crt (a-record, in-scope, subdomain)
[DNS_NAME] wpblog.freshbrewed.science crt (a-record, in-scope, subdomain)
[DNS_NAME] gbwebui.freshbrewed.science crt (a-record, in-scope, subdomain)
[DNS_NAME] harbor.freshbrewed.science crt (a-record, in-scope, subdomain)
[DNS_NAME] gitea.freshbrewed.science crt (a-record, in-scope, subdomain)
[DNS_NAME] opendocman.freshbrewed.science crt (a-record, in-scope, subdomain)
[DNS_NAME] workflows2.freshbrewed.science crt (a-record, in-scope, subdomain)
[DNS_NAME] pashword.freshbrewed.science crt (a-record, in-scope, subdomain)
[DNS_NAME] zabbix.freshbrewed.science dnsbrute (a-record, in-scope, subdomain)
[DNS_NAME] www.freshbrewed.science dnsbrute (a-record, aaaa-record, cdn-cloudfront, cdn-ip, cloud-amazon, cloud-ip, in-scope, subdomain)
[DNS_NAME] uptime.freshbrewed.science dnsbrute (a-record, in-scope, subdomain)
[DNS_NAME] notary.freshbrewed.science crt (a-record, in-scope, subdomain)
[DNS_NAME] codex.freshbrewed.science dnsbrute (a-record, in-scope, subdomain)
[DNS_NAME] test.freshbrewed.science dnsbrute (a-record, in-scope, subdomain)
[DNS_NAME] publish.freshbrewed.science dnsbrute (a-record, in-scope, subdomain)
[DNS_NAME] status.freshbrewed.science dnsbrute (a-record, in-scope, subdomain)
[DNS_NAME] nexus.freshbrewed.science dnsbrute (a-record, in-scope, subdomain)
[DNS_NAME] core.freshbrewed.science dnsbrute (a-record, in-scope, subdomain)
[DNS_NAME] code.freshbrewed.science dnsbrute (a-record, in-scope, subdomain)
[DNS_NAME] matrix.freshbrewed.science dnsbrute (a-record, in-scope, subdomain)
[DNS_NAME] photos.freshbrewed.science dnsbrute (a-record, in-scope, subdomain)
[DNS_NAME] jenkins.freshbrewed.science dnsbrute (a-record, in-scope, subdomain)
[DNS_NAME] notary.freshbrewed.science wayback (a-record, aaaa-error, in-scope, subdomain)
[DNS_NAME] foo.freshbrewed.science dnsbrute (a-record, cdn-github, cdn-ip, cloud-azure, cloud-ip, in-scope, subdomain)
[DNS_NAME] ghs.googlehosted.com CNAME (a-record, aaaa-record, affiliate, distance-1, subdomain)
[OPEN_TCP_PORT] instance1.cloudrun.freshbrewed.science:443 shodan_idb (in-scope)
[TECHNOLOGY] {"host": "aksloft2.freshbrewed.science", "technology": "cpe:/a:f5:nginx"} shodan_idb (cdn-github, cdn-ip, cloud-azure, cloud-ip, in-scope)
[OPEN_TCP_PORT] aksloft2.freshbrewed.science:80 shodan_idb (cdn-github, cdn-ip, cloud-azure, cloud-ip, in-scope)
[OPEN_TCP_PORT] instance1.cloudrun.freshbrewed.science:80 shodan_idb (in-scope)
[OPEN_TCP_PORT] freshbrewed.science:80 speculate (cdn-cloudfront, cdn-ip, cloud-amazon, cloud-ip, in-scope)
[DNS_NAME] cloudrun.freshbrewed.science speculate (in-scope, subdomain, txt-record)
[SOCIAL] {"platform": "linkedin", "profile_name": "isaac-johnson-9b8974", "url": "https://linkedin.com/in/isaac-johnson-9b8974"} httpx->excavate->social (distance-2)
[URL] https://bitwarden.freshbrewed.science/ httpx (dir, http-title-bitwarden-web-vault, in-scope, ip-75-73-224-240, status-200)
[URL] https://code.freshbrewed.science/ httpx (dir, in-scope, ip-75-73-224-240, status-302)
[URL] https://movary.freshbrewed.science/ httpx (dir, http-title-502-bad-gateway, in-scope, ip-75-73-224-240, status-502)
[DNS_NAME] registry.freshbrewed.science sslcert (a-record, in-scope, subdomain)
[URL] https://standardapp.freshbrewed.science/ httpx (dir, in-scope, ip-216-239-38-21, status-200)
[URL] https://hedgedoc.freshbrewed.science/ httpx (dir, http-title-hedgedoc-ideas-grow-better-tog, in-scope, ip-75-73-224-240, status-200)
[ASN] {"asn": "7922", "country": "", "description": "Comcast Cable Communications Inc", "name": "COMCAST-7922", "subnet": "75.72.0.0/15"} asn
[URL] http://bitwarden.freshbrewed.science/ httpx (dir, http-title-301-moved-permanently, in-scope, ip-75-73-224-240, status-301)
[URL] http://workflows.freshbrewed.science:443/ httpx (dir, http-title-400-the-plain-http-request-was, in-scope, ip-75-73-224-240, status-400)
[URL] http://hedgedoc.freshbrewed.science/ httpx (dir, http-title-301-moved-permanently, in-scope, ip-75-73-224-240, status-301)
[URL] http://code.freshbrewed.science/ httpx (dir, http-title-301-moved-permanently, in-scope, ip-75-73-224-240, status-301)
[URL] http://workflows.freshbrewed.science/ httpx (dir, http-title-404-not-found, in-scope, ip-75-73-224-240, status-404)
[URL] http://noisedash.freshbrewed.science/ httpx (dir, http-title-301-moved-permanently, in-scope, ip-75-73-224-240, status-301)
[URL] http://movary.freshbrewed.science/ httpx (dir, http-title-301-moved-permanently, in-scope, ip-75-73-224-240, status-301)
[URL] http://standardapp.freshbrewed.science/ httpx (dir, in-scope, ip-216-239-38-21, status-200)
[DNS_NAME] firebaseapp.com sslcert (a-record, aaaa-record, affiliate, distance-1, domain)
[ASN] {"asn": "15169", "country": "US", "description": "Google LLC", "name": "GOOGLE", "subnet": "216.239.36.0/24"} asn
[ASN] {"asn": "15169", "country": "US", "description": "Google LLC", "name": "GOOGLE", "subnet": "216.239.36.0/24"} asn
[ASN] {"asn": "15169", "country": "US", "description": "Google LLC", "name": "GOOGLE", "subnet": "216.239.36.0/24"} asn
[DNS_NAME] celanese.us.enablon.io sslcert (a-record, affiliate, cdn-github, cdn-ip, distance-1, subdomain)
[DNS_NAME] timesy.freshbrewed.science crt (a-record, in-scope, mx-error, subdomain)
[ASN] {"asn": "8075", "country": "US", "description": "Microsoft Corporation", "name": "MICROSOFT-CORP-MSN-AS-BLOCK", "subnet": "20.36.0.0/14"}asn
[ASN] {"asn": "54113", "country": "US", "description": "Fastly, Inc.", "name": "FASTLY", "subnet": "199.36.158.0/24"} asn
[ASN] {"asn": "15169", "country": "US", "description": "Google LLC", "name": "GOOGLE", "subnet": "216.239.36.0/24"} asn
[ASN] {"asn": "8075", "country": "US", "description": "Microsoft Corporation", "name": "MICROSOFT-CORP-MSN-AS-BLOCK", "subnet": "20.36.0.0/14"}asn
[OPEN_TCP_PORT] code.freshbrewed.science:443 speculate (in-scope)
[OPEN_TCP_PORT] bitwarden.freshbrewed.science:443 speculate (in-scope)
[OPEN_TCP_PORT] movary.freshbrewed.science:443 speculate (in-scope)
[FINDING] {"description": "HTTP response (body) contains file upload functionality", "host": "hedgedoc.freshbrewed.science", "url": "https://hedgedoc.freshbrewed.science/"} httpx->excavate
[FINDING] {"description": "HTTP response (body) contains file upload functionality", "host": "hedgedoc.freshbrewed.science", "url": "https://hedgedoc.freshbrewed.science/"} httpx->excavate
[ASN] {"asn": "15169", "country": "US", "description": "Google LLC", "name": "GOOGLE", "subnet": "216.239.36.0/24"} asn
[OPEN_TCP_PORT] standardapp.freshbrewed.science:443 speculate (in-scope)
[DNS_NAME] hedgedoc.freshbrewed.science httpx->excavate (a-record, in-scope, subdomain)
[OPEN_TCP_PORT] hedgedoc.freshbrewed.science:443 speculate (in-scope)
[ASN] {"asn": "15169", "country": "US", "description": "Google LLC", "name": "GOOGLE", "subnet": "216.239.36.0/24"} asn
[INFO] dnsbrute: Brute-forcing 4,989 subdomains for cloudrun.freshbrewed.science (source: instance1.cloudrun.freshbrewed.science)
[ASN] {"asn": "15169", "country": "US", "description": "Google LLC", "name": "GOOGLE", "subnet": "216.239.36.0/24"} asn
[ASN] {"asn": "8075", "country": "US", "description": "Microsoft Corporation", "name": "MICROSOFT-CORP-MSN-AS-BLOCK", "subnet": "20.36.0.0/14"}asn
[ASN] {"asn": "8075", "country": "US", "description": "Microsoft Corporation", "name": "MICROSOFT-CORP-MSN-AS-BLOCK", "subnet": "20.36.0.0/14"}asn
[URL] https://status.freshbrewed.science/ httpx->excavate->httpx (dir, http-title-fresh-brewed-science, in-scope, ip-75-73-224-240, spider-danger, status-200)
[FINDING] {"description": "Non-HTTP URI: wss://hedgedoc.freshbrewed.science", "host": "hedgedoc.freshbrewed.science"} httpx->excavate (in-scope)
[FINDING] {"description": "Non-HTTP URI: wss://hedgedoc.freshbrewed.science", "host": "hedgedoc.freshbrewed.science"} httpx->excavate (in-scope)
[PROTOCOL] {"host": "hedgedoc.freshbrewed.science", "protocol": "WSS"} httpx->excavate (in-scope)
[OPEN_TCP_PORT] hedgedoc.freshbrewed.science:80 speculate (in-scope)
[DNS_NAME] hedgedoc.freshbrewed.science httpx->excavate (a-record, affiliate, in-scope, subdomain)
[OPEN_TCP_PORT] bitwarden.freshbrewed.science:80 speculate (in-scope)
[DNS_NAME] freshbrewed.science httpx->excavate (a-record, aaaa-record, cdn-cloudfront, cdn-ip, cloud-amazon, cloud-ip, domain, in-scope, mx-record, ns-record, soa-record, txt-record)
[OPEN_TCP_PORT] workflows.freshbrewed.science:80 speculate (in-scope)
[OPEN_TCP_PORT] workflows.freshbrewed.science:443 speculate (in-scope)
[OPEN_TCP_PORT] code.freshbrewed.science:80 speculate (in-scope)
[DNS_NAME] status.freshbrewed.science httpx->excavate->host (a-record, aaaa-error, cname-error, in-scope, subdomain)
[OPEN_TCP_PORT] movary.freshbrewed.science:80 speculate (in-scope)
[OPEN_TCP_PORT] noisedash.freshbrewed.science:80 speculate (in-scope)
[OPEN_TCP_PORT] firebase.freshbrewed.science:443 speculate (in-scope)
[ASN] {"asn": "8075", "country": "US", "description": "Microsoft Corporation", "name": "MICROSOFT-CORP-MSN-AS-BLOCK", "subnet": "20.36.0.0/14"}asn
[OPEN_TCP_PORT] aksdemo4.freshbrewed.science:443 speculate (cdn-github, cdn-ip, in-scope)
[SOCIAL] {"platform": "github", "profile_name": "hedgedoc", "url": "https://github.com/hedgedoc"} httpx->excavate->social (distance-2, spider-danger)
[URL] https://core.freshbrewed.science:8443/ httpx (dir, http-title-404-not-found, in-scope, ip-75-73-224-240, status-404)
[URL] http://core.freshbrewed.science:5050/ httpx (dir, in-scope, ip-75-73-224-240, status-200)
[URL] http://core.freshbrewed.science/ httpx (dir, http-title-404-not-found, in-scope, ip-75-73-224-240, status-404)
[URL] http://core.freshbrewed.science:443/ httpx (dir, http-title-400-the-plain-http-request-was, in-scope, ip-75-73-224-240, status-400)
[OPEN_TCP_PORT] core.freshbrewed.science:80 speculate (in-scope)
[INFO] sslcert: Malformed DNS_NAME "kubernetes ingress controller fake certificate" at community.hedgedoc.org:443
[OPEN_TCP_PORT] core.freshbrewed.science:8443 speculate (in-scope)
[OPEN_TCP_PORT] core.freshbrewed.science:5050 speculate (in-scope)
[OPEN_TCP_PORT] core.freshbrewed.science:443 speculate (in-scope)
[INFO] fierce_theresa: Modules running (incoming:processing:outgoing) httpx(470:22:0), dnscommonsrv(444:1:0), dnsbrute(374:1:0), sslcert(0:2:0)
[INFO] fierce_theresa: Events produced so far: DNS_NAME: 453, OPEN_TCP_PORT: 41, URL: 20, ASN: 16, IP_ADDRESS: 16, FINDING: 4, TECHNOLOGY: 4, ORG_STUB: 2, SOCIAL: 2, SCAN: 1, AZURE_TENANT: 1, PROTOCOL: 1
[INFO] fierce_theresa: No events in queue (7,357 processed in the past 15 seconds)
[URL] https://aksdemo4.freshbrewed.science/ httpx (cdn-github, cdn-ip, dir, http-title-404-not-found, in-scope, ip-20-80-65-123, status-404)
[URL] https://beszel.freshbrewed.science/ httpx (dir, http-title-beszel, in-scope, ip-75-73-224-240, status-200)
[URL] https://foo4.freshbrewed.science/ httpx (dir, http-title-welcome-to-nginx, in-scope, ip-75-73-224-240, status-200)
[URL] https://element.freshbrewed.science/ httpx (dir, http-title-element, in-scope, ip-75-73-224-240, status-200)
[URL] https://christmas.freshbrewed.science/ httpx (dir, in-scope, ip-75-73-224-240, status-302)
[URL] https://awx.freshbrewed.science/ httpx (dir, http-title-awx, in-scope, ip-75-73-224-240, status-200)
[URL] https://dufs.freshbrewed.science/ httpx (dir, in-scope, ip-75-73-224-240, status-200)
[URL] https://firebase.freshbrewed.science/ httpx (dir, http-title-welcome-to-firebase-hosting, in-scope, ip-199-36-158-100, status-200)
[URL] https://codex.freshbrewed.science/ httpx (dir, in-scope, ip-75-73-224-240, status-302)
[URL] https://forgejo.freshbrewed.science/ httpx (dir, http-title-forgejo-beyond-coding-we-forge, in-scope, ip-75-73-224-240, status-200)
[URL] https://gitea.freshbrewed.science/ httpx (dir, http-title-gitea-git-with-a-cup-of-tea, in-scope, ip-75-73-224-240, status-200)
[OPEN_TCP_PORT] codex.freshbrewed.science:443 speculate (in-scope)
[OPEN_TCP_PORT] foo4.freshbrewed.science:443 speculate (in-scope)
[OPEN_TCP_PORT] dufs.freshbrewed.science:443 speculate (in-scope)
[OPEN_TCP_PORT] awx.freshbrewed.science:443 speculate (in-scope)
[OPEN_TCP_PORT] beszel.freshbrewed.science:443 speculate (in-scope)
[FINDING] {"description": "HTTP response (body) contains file upload functionality", "host": "dufs.freshbrewed.science", "url": "https://dufs.freshbrewed.science/"} httpx->excavate
[FINDING] {"description": "HTTP response (body) contains file upload functionality", "host": "dufs.freshbrewed.science", "url": "https://dufs.freshbrewed.science/"} httpx->excavate
[OPEN_TCP_PORT] element.freshbrewed.science:443 speculate (in-scope)
[OPEN_TCP_PORT] forgejo.freshbrewed.science:443 speculate (in-scope)
[OPEN_TCP_PORT] christmas.freshbrewed.science:443 speculate (in-scope)
[DNS_NAME] forgejo.freshbrewed.science excavate (a-record, in-scope, subdomain)
[OPEN_TCP_PORT] gitea.freshbrewed.science:443 speculate (in-scope)
[SOCIAL] {"platform": "github", "profile_name": "go-gitea", "url": "https://github.com/go-gitea"} excavate->social (distance-2, spider-danger)
[DNS_NAME] gitea.freshbrewed.science excavate (a-record, in-scope, subdomain)
[URL] http://fluffychat.freshbrewed.science/ httpx (dir, http-title-404-not-found, in-scope, ip-75-73-224-240, status-404)
[URL] http://fluffychat.freshbrewed.science:443/ httpx (dir, http-title-400-the-plain-http-request-was, in-scope, ip-75-73-224-240, status-400)
[URL] http://argocd.freshbrewed.science/ httpx (dir, http-title-404-not-found, in-scope, ip-75-73-224-240, status-404)
[URL] http://argocd.freshbrewed.science:443/ httpx (dir, http-title-400-the-plain-http-request-was, in-scope, ip-75-73-224-240, status-400)
[OPEN_TCP_PORT] fluffychat.freshbrewed.science:80 speculate (in-scope)
[OPEN_TCP_PORT] fluffychat.freshbrewed.science:443 speculate (in-scope)
[URL] http://cloudcustodian.freshbrewed.science:443/ httpx (dir, http-title-400-the-plain-http-request-was, in-scope, ip-75-73-224-240, status-400)
[URL] http://argoci.freshbrewed.science:443/ httpx (dir, http-title-400-the-plain-http-request-was, in-scope, ip-75-73-224-240, status-400)
[URL] http://azurevote.freshbrewed.science:443/ httpx (dir, http-title-400-the-plain-http-request-was, in-scope, ip-75-73-224-240, status-400)
[URL] http://element.freshbrewed.science/ httpx (dir, http-title-301-moved-permanently, in-scope, ip-75-73-224-240, status-301)
[OPEN_TCP_PORT] argocd.freshbrewed.science:443 speculate (in-scope)
[OPEN_TCP_PORT] argocd.freshbrewed.science:80 speculate (in-scope)
[URL] http://filebrowser.freshbrewed.science/ httpx (dir, http-title-404-not-found, in-scope, ip-75-73-224-240, status-404)
[URL] http://filebrowser.freshbrewed.science:443/ httpx (dir, http-title-400-the-plain-http-request-was, in-scope, ip-75-73-224-240, status-400)
[URL] http://gbwebui.freshbrewed.science:443/ httpx (dir, http-title-400-the-plain-http-request-was, in-scope, ip-75-73-224-240, status-400)
[URL] http://disabledsvc.freshbrewed.science/ httpx (dir, http-title-404-not-found, in-scope, ip-75-73-224-240, status-404)
[URL] http://disabledsvc.freshbrewed.science:443/ httpx (dir, http-title-400-the-plain-http-request-was, in-scope, ip-75-73-224-240, status-400)
[URL] http://firebase.freshbrewed.science/ httpx (dir, in-scope, ip-199-36-158-100, status-301)
[URL] http://awxvm.freshbrewed.science/ httpx (dir, http-title-404-not-found, in-scope, ip-75-73-224-240, status-404)
[URL] http://cinny.freshbrewed.science:443/ httpx (dir, http-title-400-the-plain-http-request-was, in-scope, ip-75-73-224-240, status-400)
[URL] http://gitness.freshbrewed.science:443/ httpx (dir, http-title-400-the-plain-http-request-was, in-scope, ip-75-73-224-240, status-400)
[URL] https://harbor.freshbrewed.science/ httpx (dir, http-title-harbor, in-scope, ip-75-73-224-240, status-200)
[URL] http://aksloft2.freshbrewed.science/ httpx (cdn-github, cdn-ip, cloud-azure, cloud-ip, dir, in-scope, ip-13-86-57-27, status-200)
[URL] https://opengist.freshbrewed.science/ httpx (dir, in-scope, ip-75-73-224-240, status-302)
[URL] http://awx.freshbrewed.science/ httpx (dir, http-title-301-moved-permanently, in-scope, ip-75-73-224-240, status-301)
[URL] http://awx2.freshbrewed.science:443/ httpx (dir, http-title-400-the-plain-http-request-was, in-scope, ip-75-73-224-240, status-400)
[URL] http://awx2.freshbrewed.science/ httpx (dir, http-title-404-not-found, in-scope, ip-75-73-224-240, status-404)
[URL] http://gbwebui.freshbrewed.science/ httpx (dir, http-title-404-not-found, in-scope, ip-75-73-224-240, status-404)
[URL] https://kasarest.freshbrewed.science/ httpx (dir, in-scope, ip-75-73-224-240, status-200)
[URL] http://foo2.freshbrewed.science:443/ httpx (dir, http-title-400-the-plain-http-request-was, in-scope, ip-75-73-224-240, status-400)
[URL] http://dokemon.freshbrewed.science/ httpx (dir, http-title-404-not-found, in-scope, ip-75-73-224-240, status-404)
[URL] http://dufs.freshbrewed.science/ httpx (dir, http-title-301-moved-permanently, in-scope, ip-75-73-224-240, status-301)
[URL] http://giteatest.freshbrewed.science:443/ httpx (dir, http-title-400-the-plain-http-request-was, in-scope, ip-75-73-224-240, status-400)
[URL] http://beszel.freshbrewed.science/ httpx (dir, http-title-301-moved-permanently, in-scope, ip-75-73-224-240, status-301)
[URL] http://dokemon.freshbrewed.science:443/ httpx (dir, http-title-400-the-plain-http-request-was, in-scope, ip-75-73-224-240, status-400)
[URL] http://aksdemo.freshbrewed.science/ httpx (dir, http-title-404-not-found, in-scope, ip-75-73-224-240, status-404)
[URL] https://instance1.cloudrun.freshbrewed.science/ httpx (dir, in-scope, ip-142-250-191-179, status-200)
[URL] http://cinny.freshbrewed.science/ httpx (dir, http-title-404-not-found, in-scope, ip-75-73-224-240, status-404)
[URL] http://aksdemo.freshbrewed.science:443/ httpx (dir, http-title-400-the-plain-http-request-was, in-scope, ip-75-73-224-240, status-400)
[URL] http://gitea.freshbrewed.science/ httpx (dir, http-title-301-moved-permanently, in-scope, ip-75-73-224-240, status-301)
[URL] http://foo4.freshbrewed.science/ httpx (dir, http-title-301-moved-permanently, in-scope, ip-75-73-224-240, status-301)
[URL] http://christmas.freshbrewed.science/ httpx (dir, http-title-301-moved-permanently, in-scope, ip-75-73-224-240, status-301)
[URL] https://matrix.freshbrewed.science/ httpx (dir, http-title-404-not-found, in-scope, ip-75-73-224-240, status-404)
[URL] http://forgejo.freshbrewed.science/ httpx (dir, http-title-301-moved-permanently, in-scope, ip-75-73-224-240, status-301)
[URL] https://noisedash.freshbrewed.science/ httpx (dir, http-title-noisedash, in-scope, ip-75-73-224-240, status-200)
[URL] http://azurevote.freshbrewed.science/ httpx (dir, http-title-404-not-found, in-scope, ip-75-73-224-240, status-404)
[URL] http://foo2.freshbrewed.science/ httpx (dir, http-title-404-not-found, in-scope, ip-75-73-224-240, status-404)
[URL] https://code.freshbrewed.science/login httpx->excavate->httpx (affiliate, endpoint, http-title-code-server-login, in-scope, ip-75-73-224-240, status-200)
[URL] http://awxvm.freshbrewed.science:443/ httpx (dir, http-title-400-the-plain-http-request-was, in-scope, ip-75-73-224-240, status-400)
[URL] http://giteatest.freshbrewed.science/ httpx (dir, http-title-404-not-found, in-scope, ip-75-73-224-240, status-404)
[URL] http://codex.freshbrewed.science/ httpx (dir, http-title-301-moved-permanently, in-scope, ip-75-73-224-240, status-301)
[URL] http://docusaurus.freshbrewed.science/ httpx (dir, http-title-404-not-found, in-scope, ip-75-73-224-240, status-404)
[URL] http://docusaurus.freshbrewed.science:443/ httpx (dir, http-title-400-the-plain-http-request-was, in-scope, ip-75-73-224-240, status-400)
[URL] http://argoci.freshbrewed.science/ httpx (dir, http-title-404-not-found, in-scope, ip-75-73-224-240, status-404)
[URL] https://pomodoreapp.freshbrewed.science/ httpx (dir, in-scope, ip-75-73-224-240, status-302)
[URL] https://pomodoro.freshbrewed.science/ httpx (dir, http-title-flipdown-example, in-scope, ip-75-73-224-240, status-200)
[URL] https://photos.freshbrewed.science/ httpx (dir, in-scope, ip-75-73-224-240, status-200)
[OPEN_TCP_PORT] firebase.freshbrewed.science:80 speculate (in-scope)
[OPEN_TCP_PORT] element.freshbrewed.science:80 speculate (in-scope)
[OPEN_TCP_PORT] disabledsvc.freshbrewed.science:80 speculate (in-scope)
[OPEN_TCP_PORT] harbor.freshbrewed.science:443 speculate (in-scope)
[OPEN_TCP_PORT] gbwebui.freshbrewed.science:443 speculate (in-scope)
[OPEN_TCP_PORT] azurevote.freshbrewed.science:443 speculate (in-scope)
[OPEN_TCP_PORT] disabledsvc.freshbrewed.science:443 speculate (in-scope)
[OPEN_TCP_PORT] cinny.freshbrewed.science:443 speculate (in-scope)
[OPEN_TCP_PORT] filebrowser.freshbrewed.science:80 speculate (in-scope)
[OPEN_TCP_PORT] awxvm.freshbrewed.science:80 speculate (in-scope)
[OPEN_TCP_PORT] filebrowser.freshbrewed.science:443 speculate (in-scope)
[OPEN_TCP_PORT] argoci.freshbrewed.science:443 speculate (in-scope)
[OPEN_TCP_PORT] gitness.freshbrewed.science:443 speculate (in-scope)
[OPEN_TCP_PORT] aksdemo.freshbrewed.science:443 speculate (in-scope)
[OPEN_TCP_PORT] foo2.freshbrewed.science:443 speculate (in-scope)
[OPEN_TCP_PORT] kasarest.freshbrewed.science:443 speculate (in-scope)
[OPEN_TCP_PORT] dokemon.freshbrewed.science:80 speculate (in-scope)
[OPEN_TCP_PORT] awx2.freshbrewed.science:443 speculate (in-scope)
[OPEN_TCP_PORT] opengist.freshbrewed.science:443 speculate (in-scope)
[OPEN_TCP_PORT] gbwebui.freshbrewed.science:80 speculate (in-scope)
[OPEN_TCP_PORT] awx.freshbrewed.science:80 speculate (in-scope)
[OPEN_TCP_PORT] beszel.freshbrewed.science:80 speculate (in-scope)
[OPEN_TCP_PORT] instance1.cloudrun.freshbrewed.science:443 speculate (in-scope)
[OPEN_TCP_PORT] awx2.freshbrewed.science:80 speculate (in-scope)
[OPEN_TCP_PORT] giteatest.freshbrewed.science:443 speculate (in-scope)
[OPEN_TCP_PORT] cinny.freshbrewed.science:80 speculate (in-scope)
[OPEN_TCP_PORT] aksdemo.freshbrewed.science:80 speculate (in-scope)
[OPEN_TCP_PORT] dokemon.freshbrewed.science:443 speculate (in-scope)
[OPEN_TCP_PORT] dufs.freshbrewed.science:80 speculate (in-scope)
[OPEN_TCP_PORT] gitea.freshbrewed.science:80 speculate (in-scope)
[OPEN_TCP_PORT] awxvm.freshbrewed.science:443 speculate (in-scope)
[OPEN_TCP_PORT] foo4.freshbrewed.science:80 speculate (in-scope)
[OPEN_TCP_PORT] matrix.freshbrewed.science:443 speculate (in-scope)
[OPEN_TCP_PORT] noisedash.freshbrewed.science:443 speculate (in-scope)
[OPEN_TCP_PORT] azurevote.freshbrewed.science:80 speculate (in-scope)
[OPEN_TCP_PORT] foo2.freshbrewed.science:80 speculate (in-scope)
[OPEN_TCP_PORT] forgejo.freshbrewed.science:80 speculate (in-scope)
[OPEN_TCP_PORT] christmas.freshbrewed.science:80 speculate (in-scope)
[OPEN_TCP_PORT] pomodoreapp.freshbrewed.science:443 speculate (in-scope)
[OPEN_TCP_PORT] pomodoro.freshbrewed.science:443 speculate (in-scope)
[OPEN_TCP_PORT] docusaurus.freshbrewed.science:80 speculate (in-scope)
[OPEN_TCP_PORT] docusaurus.freshbrewed.science:443 speculate (in-scope)
[OPEN_TCP_PORT] photos.freshbrewed.science:443 speculate (in-scope)
[OPEN_TCP_PORT] argoci.freshbrewed.science:80 speculate (in-scope)
[OPEN_TCP_PORT] codex.freshbrewed.science:80 speculate (in-scope)
[URL] http://junkins.freshbrewed.science/ httpx (dir, http-title-404-not-found, in-scope, ip-75-73-224-240, status-404)
[URL] http://matrix.freshbrewed.science/ httpx (dir, http-title-301-moved-permanently, in-scope, ip-75-73-224-240, status-301)
[OPEN_TCP_PORT] giteatest.freshbrewed.science:80 speculate (in-scope)
[URL] http://gitness.freshbrewed.science/ httpx (dir, http-title-404-not-found, in-scope, ip-75-73-224-240, status-404)
[URL] http://jenkins.freshbrewed.science/ httpx (dir, http-title-404-not-found, in-scope, ip-75-73-224-240, status-404)
[URL] http://harbor.freshbrewed.science/ httpx (dir, http-title-301-moved-permanently, in-scope, ip-75-73-224-240, status-301)
[URL] http://kasarest.freshbrewed.science/ httpx (dir, http-title-301-moved-permanently, in-scope, ip-75-73-224-240, status-301)
[URL] http://junkins.freshbrewed.science:443/ httpx (dir, http-title-400-the-plain-http-request-was, in-scope, ip-75-73-224-240, status-400)
[URL] http://guestbook.freshbrewed.science:443/ httpx (dir, http-title-400-the-plain-http-request-was, in-scope, ip-75-73-224-240, status-400)
[URL] http://jenkins.freshbrewed.science:443/ httpx (dir, http-title-400-the-plain-http-request-was, in-scope, ip-75-73-224-240, status-400)
[URL] http://guestbook.freshbrewed.science/ httpx (dir, http-title-404-not-found, in-scope, ip-75-73-224-240, status-404)
[URL] http://opendocman.freshbrewed.science/ httpx (dir, http-title-404-not-found, in-scope, ip-75-73-224-240, status-404)
[URL] http://photos.freshbrewed.science/ httpx (dir, http-title-301-moved-permanently, in-scope, ip-75-73-224-240, status-301)
[URL] http://openproject.freshbrewed.science:443/ httpx (dir, http-title-400-the-plain-http-request-was, in-scope, ip-75-73-224-240, status-400)
[URL] http://pashword.freshbrewed.science:443/ httpx (dir, http-title-400-the-plain-http-request-was, in-scope, ip-75-73-224-240, status-400)
[URL] http://pashword.freshbrewed.science/ httpx (dir, http-title-404-not-found, in-scope, ip-75-73-224-240, status-404)
[URL] http://opendocman.freshbrewed.science:443/ httpx (dir, http-title-400-the-plain-http-request-was, in-scope, ip-75-73-224-240, status-400)
[URL] http://loft.freshbrewed.science/ httpx (dir, http-title-404-not-found, in-scope, ip-75-73-224-240, status-404)
[URL] http://nexus.freshbrewed.science:443/ httpx (dir, http-title-400-the-plain-http-request-was, in-scope, ip-75-73-224-240, status-400)
[URL] https://uptime.freshbrewed.science/ httpx (dir, in-scope, ip-75-73-224-240, status-302)
[URL] http://openproject.freshbrewed.science/ httpx (dir, http-title-404-not-found, in-scope, ip-75-73-224-240, status-404)
[URL] http://nodesite.freshbrewed.science/ httpx (dir, http-title-404-not-found, in-scope, ip-75-73-224-240, status-404)
[URL] http://mattermost.freshbrewed.science/ httpx (dir, http-title-404-not-found, in-scope, ip-75-73-224-240, status-404)
[URL] http://pingtest.freshbrewed.science:443/ httpx (dir, http-title-400-the-plain-http-request-was, in-scope, ip-75-73-224-240, status-400)
[URL] http://nodesite.freshbrewed.science:443/ httpx (dir, http-title-400-the-plain-http-request-was, in-scope, ip-75-73-224-240, status-400)
[URL] http://mattermost.freshbrewed.science:443/ httpx (dir, http-title-400-the-plain-http-request-was, in-scope, ip-75-73-224-240, status-400)
[URL] http://planereport.freshbrewed.science:443/ httpx (dir, http-title-400-the-plain-http-request-was, in-scope, ip-75-73-224-240, status-400)
[URL] http://loft.freshbrewed.science:443/ httpx (dir, http-title-400-the-plain-http-request-was, in-scope, ip-75-73-224-240, status-400)
[URL] http://notary.freshbrewed.science:443/ httpx (dir, http-title-400-the-plain-http-request-was, in-scope, ip-75-73-224-240, status-400)
[URL] http://pingtest.freshbrewed.science/ httpx (dir, http-title-404-not-found, in-scope, ip-75-73-224-240, status-404)
[URL] http://nexus.freshbrewed.science/ httpx (dir, http-title-404-not-found, in-scope, ip-75-73-224-240, status-404)
[URL] http://planereport.freshbrewed.science/ httpx (dir, http-title-404-not-found, in-scope, ip-75-73-224-240, status-404)
[URL] http://logstream.freshbrewed.science/ httpx (dir, http-title-404-not-found, in-scope, ip-75-73-224-240, status-404)
[URL] http://pomodoro.freshbrewed.science/ httpx (dir, http-title-301-moved-permanently, in-scope, ip-75-73-224-240, status-301)
[URL] http://logstream.freshbrewed.science:443/ httpx (dir, http-title-400-the-plain-http-request-was, in-scope, ip-75-73-224-240, status-400)
[URL] http://notary.freshbrewed.science/ httpx (dir, http-title-404-not-found, in-scope, ip-75-73-224-240, status-404)
[URL] http://pomodoreapp.freshbrewed.science/ httpx (dir, http-title-301-moved-permanently, in-scope, ip-75-73-224-240, status-301)
[URL] http://opengist.freshbrewed.science/ httpx (dir, http-title-301-moved-permanently, in-scope, ip-75-73-224-240, status-301)
[URL] https://rundeck.freshbrewed.science/ httpx (dir, in-scope, ip-75-73-224-240, status-302)
[URL] https://wishlist.freshbrewed.science/ httpx (dir, in-scope, ip-75-73-224-240, status-302)
[URL] https://www.freshbrewed.science/ httpx (cdn-cloudfront, cdn-ip, cloud-amazon, cloud-ip, dir, http-title-fresh-brewed-fresh-brewed, in-scope, ip-54-230-202-121, status-200)
[URL] https://whiteboard.freshbrewed.science/ httpx (dir, http-title-wbo-collaborative-whiteboard, in-scope, ip-75-73-224-240, status-200)
[OPEN_TCP_PORT] junkins.freshbrewed.science:80 speculate (in-scope)
[URL] https://timesy.freshbrewed.science/ httpx (dir, http-title-timesy-a-distraction-free-onli, in-scope, ip-75-73-224-240, status-200)
[URL] http://portainer.freshbrewed.science:443/ httpx (dir, http-title-400-the-plain-http-request-was, in-scope, ip-75-73-224-240, status-400)
[URL] http://instance1.cloudrun.freshbrewed.science/ httpx (dir, in-scope, ip-142-250-191-179, status-302)
[OPEN_TCP_PORT] guestbook.freshbrewed.science:443 speculate (in-scope)
[URL] http://myflexapp.freshbrewed.science/ httpx (dir, http-title-error-404-not-found-1, in-scope, ip-216-239-36-21, status-404)
[OPEN_TCP_PORT] matrix.freshbrewed.science:80 speculate (in-scope)
[URL] https://www.standardapp.freshbrewed.science/ httpx (dir, in-scope, ip-142-250-191-179, status-200)
[OPEN_TCP_PORT] gitness.freshbrewed.science:80 speculate (in-scope)
[OPEN_TCP_PORT] jenkins.freshbrewed.science:443 speculate (in-scope)
[OPEN_TCP_PORT] harbor.freshbrewed.science:80 speculate (in-scope)
[OPEN_TCP_PORT] jenkins.freshbrewed.science:80 speculate (in-scope)
[OPEN_TCP_PORT] guestbook.freshbrewed.science:80 speculate (in-scope)
[OPEN_TCP_PORT] photos.freshbrewed.science:80 speculate (in-scope)
[OPEN_TCP_PORT] junkins.freshbrewed.science:443 speculate (in-scope)
[OPEN_TCP_PORT] kasarest.freshbrewed.science:80 speculate (in-scope)
[OPEN_TCP_PORT] opendocman.freshbrewed.science:80 speculate (in-scope)
[OPEN_TCP_PORT] pashword.freshbrewed.science:443 speculate (in-scope)
[OPEN_TCP_PORT] nodesite.freshbrewed.science:80 speculate (in-scope)
[OPEN_TCP_PORT] pingtest.freshbrewed.science:443 speculate (in-scope)
[OPEN_TCP_PORT] mattermost.freshbrewed.science:443 speculate (in-scope)
[OPEN_TCP_PORT] mattermost.freshbrewed.science:80 speculate (in-scope)
[OPEN_TCP_PORT] opendocman.freshbrewed.science:443 speculate (in-scope)
[OPEN_TCP_PORT] uptime.freshbrewed.science:443 speculate (in-scope)
[OPEN_TCP_PORT] pashword.freshbrewed.science:80 speculate (in-scope)
[OPEN_TCP_PORT] nodesite.freshbrewed.science:443 speculate (in-scope)
[OPEN_TCP_PORT] loft.freshbrewed.science:80 speculate (in-scope)
[OPEN_TCP_PORT] openproject.freshbrewed.science:443 speculate (in-scope)
[OPEN_TCP_PORT] openproject.freshbrewed.science:80 speculate (in-scope)
[OPEN_TCP_PORT] nexus.freshbrewed.science:443 speculate (in-scope)
[OPEN_TCP_PORT] logstream.freshbrewed.science:443 speculate (in-scope)
[OPEN_TCP_PORT] pomodoro.freshbrewed.science:80 speculate (in-scope)
[OPEN_TCP_PORT] loft.freshbrewed.science:443 speculate (in-scope)
[OPEN_TCP_PORT] notary.freshbrewed.science:443 speculate (in-scope)
[OPEN_TCP_PORT] pomodoreapp.freshbrewed.science:80 speculate (in-scope)
[OPEN_TCP_PORT] rundeck.freshbrewed.science:443 speculate (in-scope)
[OPEN_TCP_PORT] logstream.freshbrewed.science:80 speculate (in-scope)
[OPEN_TCP_PORT] opengist.freshbrewed.science:80 speculate (in-scope)
[OPEN_TCP_PORT] notary.freshbrewed.science:80 speculate (in-scope)
[OPEN_TCP_PORT] planereport.freshbrewed.science:443 speculate (in-scope)
[OPEN_TCP_PORT] pingtest.freshbrewed.science:80 speculate (in-scope)
[OPEN_TCP_PORT] planereport.freshbrewed.science:80 speculate (in-scope)
[OPEN_TCP_PORT] nexus.freshbrewed.science:80 speculate (in-scope)
[OPEN_TCP_PORT] instance1.cloudrun.freshbrewed.science:80 speculate (in-scope)
[OPEN_TCP_PORT] whiteboard.freshbrewed.science:443 speculate (in-scope)
[OPEN_TCP_PORT] wishlist.freshbrewed.science:443 speculate (in-scope)
[OPEN_TCP_PORT] portainer.freshbrewed.science:443 speculate (in-scope)
[OPEN_TCP_PORT] myflexapp.freshbrewed.science:80 speculate (in-scope)
[OPEN_TCP_PORT] timesy.freshbrewed.science:443 speculate (in-scope)
[OPEN_TCP_PORT] www.freshbrewed.science:443 speculate (cdn-cloudfront, cdn-ip, cloud-amazon, cloud-ip, in-scope)
[URL] http://portainer.freshbrewed.science/ httpx (dir, http-title-404-not-found, in-scope, ip-75-73-224-240, status-404)
[URL] http://rancher.freshbrewed.science/ httpx (dir, http-title-404-not-found, in-scope, ip-75-73-224-240, status-404)
[DNS_NAME] whiteboard.freshbrewed.science excavate (a-record, in-scope, subdomain)
[URL] http://rancher.freshbrewed.science:443/ httpx (dir, http-title-400-the-plain-http-request-was, in-scope, ip-75-73-224-240, status-400)
[URL] http://publish.freshbrewed.science/ httpx (dir, http-title-404-not-found, in-scope, ip-75-73-224-240, status-404)
[URL] http://publish.freshbrewed.science:443/ httpx (dir, http-title-400-the-plain-http-request-was, in-scope, ip-75-73-224-240, status-400)
[URL] http://signoz.freshbrewed.science:443/ httpx (dir, http-title-400-the-plain-http-request-was, in-scope, ip-75-73-224-240, status-400)
[URL] http://recipes.freshbrewed.science/ httpx (dir, http-title-404-not-found, in-scope, ip-75-73-224-240, status-404)
[URL] http://recipes.freshbrewed.science:443/ httpx (dir, http-title-400-the-plain-http-request-was, in-scope, ip-75-73-224-240, status-400)
[URL] http://signoz.freshbrewed.science/ httpx (dir, http-title-404-not-found, in-scope, ip-75-73-224-240, status-404)
[URL] http://rundeck.freshbrewed.science/ httpx (dir, http-title-301-moved-permanently, in-scope, ip-75-73-224-240, status-301)
[URL] http://punq.freshbrewed.science/ httpx (dir, http-title-404-not-found, in-scope, ip-75-73-224-240, status-404)
[URL] http://python-crfunction.freshbrewed.science/ httpx (dir, http-title-404-not-found, in-scope, ip-75-73-224-240, status-404)
[URL] http://python-crfunction.freshbrewed.science:443/ httpx (dir, http-title-400-the-plain-http-request-was, in-scope, ip-75-73-224-240, status-400)
[SOCIAL] {"platform": "github", "profile_name": "lovasoa", "url": "https://github.com/lovasoa"} excavate->social (distance-2, spider-danger)
[SOCIAL] {"platform": "github", "profile_name": "remvze", "url": "https://github.com/remvze"} httpx->excavate->social (distance-2, spider-danger)
[URL] http://punq.freshbrewed.science:443/ httpx (dir, http-title-400-the-plain-http-request-was, in-scope, ip-75-73-224-240, status-400)
[URL] https://zulip.freshbrewed.science/ httpx (dir, in-scope, ip-75-73-224-240, status-302)
[URL] http://uptime.freshbrewed.science/ httpx (dir, http-title-301-moved-permanently, in-scope, ip-75-73-224-240, status-301)
[URL] http://sonarqube.freshbrewed.science:443/ httpx (dir, http-title-400-the-plain-http-request-was, in-scope, ip-75-73-224-240, status-400)
[URL] http://vault.freshbrewed.science:443/ httpx (dir, http-title-400-the-plain-http-request-was, in-scope, ip-75-73-224-240, status-400)
[URL] http://strapi.freshbrewed.science/ httpx (dir, http-title-404-not-found, in-scope, ip-75-73-224-240, status-404)
[URL] http://sonarqube.freshbrewed.science/ httpx (dir, http-title-404-not-found, in-scope, ip-75-73-224-240, status-404)
[URL] http://registry.freshbrewed.science/ httpx (dir, http-title-404-not-found, in-scope, ip-75-73-224-240, status-404)
[URL] http://strapi.freshbrewed.science:443/ httpx (dir, http-title-400-the-plain-http-request-was, in-scope, ip-75-73-224-240, status-400)
[URL] http://registry.freshbrewed.science:443/ httpx (dir, http-title-400-the-plain-http-request-was, in-scope, ip-75-73-224-240, status-400)
[URL] http://status.freshbrewed.science/ httpx (dir, http-title-301-moved-permanently, in-scope, ip-75-73-224-240, status-301)
[URL] http://vault.freshbrewed.science/ httpx (dir, http-title-404-not-found, in-scope, ip-75-73-224-240, status-404)
[SOCIAL] {"platform": "twitter", "profile_name": "remvze", "url": "https://twitter.com/remvze"} httpx->excavate->social (distance-2, spider-danger)
[SOCIAL] {"platform": "instagram", "profile_name": "wbo_whiteboard", "url": "https://instagram.com/wbo_whiteboard"} excavate->social (distance-2)
[OPEN_TCP_PORT] portainer.freshbrewed.science:80 speculate (in-scope)
[URL] http://timesy.freshbrewed.science/ httpx (dir, http-title-301-moved-permanently, in-scope, ip-75-73-224-240, status-301)
[OPEN_TCP_PORT] rancher.freshbrewed.science:443 speculate (in-scope)
[OPEN_TCP_PORT] publish.freshbrewed.science:80 speculate (in-scope)
[URL] http://test.freshbrewed.science:443/ httpx (dir, http-title-400-the-plain-http-request-was, in-scope, ip-75-73-224-240, status-400)
[URL] http://whiteboard.freshbrewed.science/ httpx (dir, http-title-301-moved-permanently, in-scope, ip-75-73-224-240, status-301)
[URL] http://workflows2.freshbrewed.science/ httpx (dir, http-title-404-not-found, in-scope, ip-75-73-224-240, status-404)
[URL] http://wpblog.freshbrewed.science/ httpx (dir, http-title-404-not-found, in-scope, ip-75-73-224-240, status-404)
[URL] http://wishlist.freshbrewed.science/ httpx (dir, http-title-301-moved-permanently, in-scope, ip-75-73-224-240, status-301)
[URL] http://workflows2.freshbrewed.science:443/ httpx (dir, http-title-400-the-plain-http-request-was, in-scope, ip-75-73-224-240, status-400)
[OPEN_TCP_PORT] rancher.freshbrewed.science:80 speculate (in-scope)
[OPEN_TCP_PORT] rundeck.freshbrewed.science:80 speculate (in-scope)
[URL] http://test.freshbrewed.science/ httpx (dir, http-title-404-not-found, in-scope, ip-75-73-224-240, status-404)
[OPEN_TCP_PORT] publish.freshbrewed.science:443 speculate (in-scope)
[URL] http://zabbix.freshbrewed.science/ httpx (dir, http-title-404-not-found, in-scope, ip-75-73-224-240, status-404)
[OPEN_TCP_PORT] recipes.freshbrewed.science:80 speculate (in-scope)
[URL] http://zabbix.freshbrewed.science:443/ httpx (dir, http-title-400-the-plain-http-request-was, in-scope, ip-75-73-224-240, status-400)
[OPEN_TCP_PORT] signoz.freshbrewed.science:443 speculate (in-scope)
[URL] http://www.freshbrewed.science/ httpx (cdn-cloudfront, cdn-ip, cloud-amazon, cloud-ip, dir, http-title-301-moved-permanently, in-scope, ip-54-230-202-121, status-301)
[OPEN_TCP_PORT] punq.freshbrewed.science:80 speculate (in-scope)
[OPEN_TCP_PORT] python-crfunction.freshbrewed.science:443 speculate (in-scope)
[OPEN_TCP_PORT] signoz.freshbrewed.science:80 speculate (in-scope)
[OPEN_TCP_PORT] python-crfunction.freshbrewed.science:80 speculate (in-scope)
[OPEN_TCP_PORT] recipes.freshbrewed.science:443 speculate (in-scope)
[URL] http://wpblog.freshbrewed.science:443/ httpx (dir, http-title-400-the-plain-http-request-was, in-scope, ip-75-73-224-240, status-400)
[URL] http://www.myflexapp.freshbrewed.science/ httpx (dir, http-title-error-404-not-found-1, in-scope, ip-142-250-191-179, status-404)
[OPEN_TCP_PORT] zulip.freshbrewed.science:443 speculate (in-scope)
[OPEN_TCP_PORT] vault.freshbrewed.science:443 speculate (in-scope)
[OPEN_TCP_PORT] registry.freshbrewed.science:80 speculate (in-scope)
[OPEN_TCP_PORT] sonarqube.freshbrewed.science:443 speculate (in-scope)
[OPEN_TCP_PORT] strapi.freshbrewed.science:80 speculate (in-scope)
[OPEN_TCP_PORT] uptime.freshbrewed.science:80 speculate (in-scope)
[OPEN_TCP_PORT] strapi.freshbrewed.science:443 speculate (in-scope)
[URL] http://www.standardapp.freshbrewed.science/ httpx (dir, in-scope, ip-142-250-191-179, status-200)
[OPEN_TCP_PORT] sonarqube.freshbrewed.science:80 speculate (in-scope)
[OPEN_TCP_PORT] status.freshbrewed.science:80 speculate (in-scope)
[OPEN_TCP_PORT] registry.freshbrewed.science:443 speculate (in-scope)
[OPEN_TCP_PORT] test.freshbrewed.science:443 speculate (in-scope)
[OPEN_TCP_PORT] timesy.freshbrewed.science:80 speculate (in-scope)
[OPEN_TCP_PORT] vault.freshbrewed.science:80 speculate (in-scope)
[OPEN_TCP_PORT] whiteboard.freshbrewed.science:80 speculate (in-scope)
[OPEN_TCP_PORT] wishlist.freshbrewed.science:80 speculate (in-scope)
[OPEN_TCP_PORT] wpblog.freshbrewed.science:80 speculate (in-scope)
[OPEN_TCP_PORT] test.freshbrewed.science:80 speculate (in-scope)
[OPEN_TCP_PORT] workflows2.freshbrewed.science:443 speculate (in-scope)
[OPEN_TCP_PORT] workflows2.freshbrewed.science:80 speculate (in-scope)
[OPEN_TCP_PORT] zabbix.freshbrewed.science:80 speculate (in-scope)
[URL] http://zulip.freshbrewed.science/ httpx (dir, http-title-301-moved-permanently, in-scope, ip-75-73-224-240, status-301)
[URL] http://zentao.freshbrewed.science:443/ httpx (dir, http-title-400-the-plain-http-request-was, in-scope, ip-75-73-224-240, status-400)
[URL] http://zentao.freshbrewed.science/ httpx (dir, http-title-404-not-found, in-scope, ip-75-73-224-240, status-404)
[OPEN_TCP_PORT] www.standardapp.freshbrewed.science:80 speculate (in-scope)
[OPEN_TCP_PORT] www.freshbrewed.science:80 speculate (cdn-cloudfront, cdn-ip, cloud-amazon, cloud-ip, in-scope)
[OPEN_TCP_PORT] wpblog.freshbrewed.science:443 speculate (in-scope)
[OPEN_TCP_PORT] zabbix.freshbrewed.science:443 speculate (in-scope)
[OPEN_TCP_PORT] zentao.freshbrewed.science:80 speculate (in-scope)
[OPEN_TCP_PORT] zulip.freshbrewed.science:80 speculate (in-scope)
[OPEN_TCP_PORT] zentao.freshbrewed.science:443 speculate (in-scope)
[INFO] fierce_theresa: Modules running (incoming:processing:outgoing) httpx(681:165:0), dnsresolve(0:20:0), oauth(8:0:0), social(8:0:0), speculate(8:0:0)
[INFO] fierce_theresa: Events produced so far: DNS_NAME: 456, OPEN_TCP_PORT: 185, URL: 172, ASN: 16, IP_ADDRESS: 16, SOCIAL: 7, FINDING: 5, TECHNOLOGY: 4, ORG_STUB: 2, SCAN: 1, AZURE_TENANT: 1, PROTOCOL: 1
[INFO] fierce_theresa: No events in queue (6,534 processed in the past 15 seconds)
[OPEN_TCP_PORT] cloudcustodian.freshbrewed.science:443 speculate (in-scope)
[URL] http://cloudcustodian.freshbrewed.science/ httpx (dir, http-title-404-not-found, in-scope, ip-75-73-224-240, status-404)
[OPEN_TCP_PORT] cloudcustodian.freshbrewed.science:80 speculate (in-scope)
[OPEN_TCP_PORT] punq.freshbrewed.science:443 speculate (in-scope)
[INFO] fierce_theresa: Modules running (incoming:processing:outgoing) httpx(702:165:0)
[INFO] fierce_theresa: Events produced so far: DNS_NAME: 456, OPEN_TCP_PORT: 188, URL: 173, ASN: 16, IP_ADDRESS: 16, SOCIAL: 7, FINDING: 5, TECHNOLOGY: 4, ORG_STUB: 2, SCAN: 1, AZURE_TENANT: 1, PROTOCOL: 1
[INFO] fierce_theresa: No events in queue (100 processed in the past 15 seconds)
[URL] https://uptime.freshbrewed.science/dashboard httpx->excavate->httpx (affiliate, endpoint, http-title-uptime-kuma, in-scope, ip-75-73-224-240, status-200)
[URL] https://christmas.freshbrewed.science/setup httpx->excavate->httpx (affiliate, endpoint, http-title-christmas-community-setup, in-scope, ip-75-73-224-240, status-200)
[URL] https://opengist.freshbrewed.science/all httpx->excavate->httpx (affiliate, endpoint, http-title-all-gists-opengist, in-scope, ip-75-73-224-240, status-200)
[URL] https://wishlist.freshbrewed.science/login httpx->excavate->httpx (affiliate, endpoint, http-title-log-in, in-scope, ip-75-73-224-240, status-200)
[URL] https://codex.freshbrewed.science/infra-playbooks httpx->excavate->httpx (affiliate, endpoint, http-title-infra-playbooks, in-scope, ip-75-73-224-240, status-200)
[URL] https://zulip.freshbrewed.science/login/ httpx->excavate->httpx (affiliate, dir, http-title-log-in-zulip, in-scope, ip-75-73-224-240, status-200)
[SOCIAL] {"platform": "github", "profile_name": "codex-team", "url": "https://github.com/codex-team"} httpx->excavate->social (distance-2, spider-danger)
[DNS_NAME] zulip.freshbrewed.science excavate (a-record, affiliate, in-scope, subdomain)
[SOCIAL] {"platform": "github", "profile_name": "thomiceli", "url": "https://github.com/thomiceli"} excavate->social (distance-2, spider-danger)
[URL] http://pomodoreapp.freshbrewed.science/login httpx->excavate->httpx (affiliate, endpoint, http-title-301-moved-permanently, in-scope, ip-75-73-224-240, status-301)
[URL] http://rundeck.freshbrewed.science/user/login httpx->excavate->httpx (affiliate, endpoint, http-title-301-moved-permanently, in-scope, ip-75-73-224-240, status-301)
[URL] https://pomodoreapp.freshbrewed.science/login httpx->excavate->httpx (affiliate, endpoint, http-title-log-in-with-your-account, in-scope, ip-75-73-224-240, status-200)
[URL] https://rundeck.freshbrewed.science/user/login httpx->excavate->httpx (affiliate, endpoint, http-title-rundeck-login, in-scope, ip-75-73-224-240, status-200)
[URL] http://rundeck.freshbrewed.science/user/ speculate->httpx (affiliate, dir, http-title-301-moved-permanently, in-scope, ip-75-73-224-240, status-301)
[URL] https://rundeck.freshbrewed.science/user/ speculate->httpx (affiliate, dir, in-scope, ip-75-73-224-240, status-302)
[INFO] Finishing scan
[INFO] dnsbrute_mutations: Trying 85,371 mutations against freshbrewed.science (1/4)
[INFO] fierce_theresa: Modules running (incoming:processing:outgoing) dnsbrute_mutations(0:1:0)
[INFO] fierce_theresa: Events produced so far: DNS_NAME: 457, OPEN_TCP_PORT: 188, URL: 185, ASN: 16, IP_ADDRESS: 16, SOCIAL: 9, FINDING: 5, TECHNOLOGY: 4, ORG_STUB: 2, SCAN: 1, AZURE_TENANT: 1, PROTOCOL: 1
[INFO] fierce_theresa: No events in queue (787 processed in the past 15 seconds)
[INFO] fierce_theresa: Modules running (incoming:processing:outgoing) dnsbrute_mutations(0:1:0)
[INFO] fierce_theresa: Events produced so far: DNS_NAME: 457, OPEN_TCP_PORT: 188, URL: 185, ASN: 16, IP_ADDRESS: 16, SOCIAL: 9, FINDING: 5, TECHNOLOGY: 4, ORG_STUB: 2, SCAN: 1, AZURE_TENANT: 1, PROTOCOL: 1
[INFO] fierce_theresa: No events in queue (0 processed in the past 15 seconds)
[INFO] fierce_theresa: Modules running (incoming:processing:outgoing) dnsbrute_mutations(0:1:0)
[INFO] fierce_theresa: Events produced so far: DNS_NAME: 457, OPEN_TCP_PORT: 188, URL: 185, ASN: 16, IP_ADDRESS: 16, SOCIAL: 9, FINDING: 5, TECHNOLOGY: 4, ORG_STUB: 2, SCAN: 1, AZURE_TENANT: 1, PROTOCOL: 1
[INFO] fierce_theresa: No events in queue (0 processed in the past 15 seconds)
[DNS_NAME] aksdemo3.freshbrewed.science dnsbrute_mutations (a-record, cdn-github, cdn-ip, cloud-azure, cloud-ip, in-scope, mutation-1, subdomain)
[DNS_NAME] foo5.freshbrewed.science dnsbrute_mutations (a-record, in-scope, mutation-1, subdomain)
[DNS_NAME] punqdemo.freshbrewed.science dnsbrute_mutations (a-record, in-scope, mutation-1, subdomain)
[INFO] dnsbrute_mutations: Trying 1,091 mutations against myflexapp.freshbrewed.science (2/4)
[INFO] dnsbrute_mutations: Trying 1,091 mutations against standardapp.freshbrewed.science (3/4)
[INFO] fierce_theresa: Modules running (incoming:processing:outgoing) httpx(5:1:0), dnsbrute_mutations(3:1:0)
[INFO] fierce_theresa: Events produced so far: DNS_NAME: 460, OPEN_TCP_PORT: 188, URL: 185, ASN: 16, IP_ADDRESS: 16, SOCIAL: 9, FINDING: 5, TECHNOLOGY: 4, ORG_STUB: 2, SCAN: 1, AZURE_TENANT: 1, PROTOCOL: 1
[INFO] fierce_theresa: No events in queue (298 processed in the past 15 seconds)
[INFO] dnsbrute_mutations: Trying 1,293 mutations against cloudrun.freshbrewed.science (4/4)
[URL] http://foo5.freshbrewed.science/ httpx (dir, http-title-404-not-found, in-scope, ip-75-73-224-240, mutation-1, status-404)
[URL] http://foo5.freshbrewed.science:443/ httpx (dir, http-title-400-the-plain-http-request-was, in-scope, ip-75-73-224-240, mutation-1, status-400)
[INFO] fierce_theresa: Modules running (incoming:processing:outgoing) httpx(3:5:0), dnsresolve(0:4:0), excavate(0:2:1), speculate(2:0:1), baddns_direct(1:0:0), csv(1:0:0), json(1:0:0), python(1:0:0), stdout(1:0:0), txt(1:0:0)
[URL] http://punqdemo.freshbrewed.science/ httpx (dir, http-title-404-not-found, in-scope, ip-75-73-224-240, mutation-1, status-404)
[INFO] fierce_theresa: Events produced so far: DNS_NAME: 460, OPEN_TCP_PORT: 188, URL: 187, ASN: 16, IP_ADDRESS: 16, SOCIAL: 9, FINDING: 5, TECHNOLOGY: 4, ORG_STUB: 2, SCAN: 1, AZURE_TENANT: 1, PROTOCOL: 1
[URL] http://punqdemo.freshbrewed.science:443/ httpx (dir, http-title-400-the-plain-http-request-was, in-scope, ip-75-73-224-240, mutation-1, status-400)
[INFO] fierce_theresa: 2 events in queue (63 processed in the past 15 seconds)
[OPEN_TCP_PORT] foo5.freshbrewed.science:80 speculate (in-scope, mutation-1)
[OPEN_TCP_PORT] foo5.freshbrewed.science:443 speculate (in-scope, mutation-1)
[OPEN_TCP_PORT] punqdemo.freshbrewed.science:443 speculate (in-scope, mutation-1)
[OPEN_TCP_PORT] punqdemo.freshbrewed.science:80 speculate (in-scope, mutation-1)
[INFO] fierce_theresa: Modules running (incoming:processing:outgoing) httpx(12:5:0)
[INFO] fierce_theresa: Events produced so far: DNS_NAME: 460, OPEN_TCP_PORT: 192, URL: 189, ASN: 16, IP_ADDRESS: 16, SOCIAL: 9, FINDING: 5, TECHNOLOGY: 4, ORG_STUB: 2, SCAN: 1, AZURE_TENANT: 1, PROTOCOL: 1
[INFO] fierce_theresa: No events in queue (73 processed in the past 15 seconds)
[INFO] Finishing scan
[INFO] dnsbrute_mutations: Trying 2,615 mutations against freshbrewed.science (1/4)
[INFO] fierce_theresa: Modules running (incoming:processing:outgoing) dnsbrute_mutations(0:1:0)
[INFO] fierce_theresa: Events produced so far: DNS_NAME: 460, OPEN_TCP_PORT: 192, URL: 189, ASN: 16, IP_ADDRESS: 16, SOCIAL: 9, FINDING: 5, TECHNOLOGY: 4, ORG_STUB: 2, SCAN: 1, AZURE_TENANT: 1, PROTOCOL: 1
[INFO] fierce_theresa: No events in queue (0 processed in the past 15 seconds)
[SCAN] fierce_theresa (SCAN:067b99a1cf6b98defdcfda489142da692f247c2a) TARGET
[INFO] asn: +---------+---------------------+--------------+-----------------------------+----------------------------------+-----------+
[INFO] asn: | ASN | Subnet | Host Count | Name | Description | Country |
[INFO] asn: +=========+=====================+==============+=============================+==================================+===========+
[INFO] asn: | AS7922 | 75.72.0.0/15 | 80 | COMCAST-7922 | Comcast Cable Communications Inc | |
[INFO] asn: +---------+---------------------+--------------+-----------------------------+----------------------------------+-----------+
[INFO] asn: | AS16509 | 2600:9000:2043::/48 | 17 | AMAZON-02 | Amazon.com, Inc. | US |
[INFO] asn: +---------+---------------------+--------------+-----------------------------+----------------------------------+-----------+
[INFO] asn: | AS16509 | 54.230.200.0/22 | 9 | AMAZON-02 | Amazon.com, Inc. | US |
[INFO] asn: +---------+---------------------+--------------+-----------------------------+----------------------------------+-----------+
[INFO] asn: | AS15169 | 2001:4860::/32 | 9 | GOOGLE | Google LLC | US |
[INFO] asn: +---------+---------------------+--------------+-----------------------------+----------------------------------+-----------+
[INFO] asn: | AS15169 | 142.250.0.0/15 | 4 | GOOGLE | Google LLC | US |
[INFO] asn: +---------+---------------------+--------------+-----------------------------+----------------------------------+-----------+
[INFO] asn: | AS15169 | 2607:f8b0:4009::/48 | 4 | GOOGLE | Google LLC | US |
[INFO] asn: +---------+---------------------+--------------+-----------------------------+----------------------------------+-----------+
[INFO] asn: | AS15169 | 216.239.38.0/24 | 3 | GOOGLE | Google LLC | US |
[INFO] asn: +---------+---------------------+--------------+-----------------------------+----------------------------------+-----------+
[INFO] asn: | AS15169 | 216.239.34.0/24 | 3 | GOOGLE | Google LLC | US |
[INFO] asn: +---------+---------------------+--------------+-----------------------------+----------------------------------+-----------+
[INFO] asn: | AS8075 | 20.64.0.0/10 | 3 | MICROSOFT-CORP-MSN-AS-BLOCK | Microsoft Corporation | US |
[INFO] asn: +---------+---------------------+--------------+-----------------------------+----------------------------------+-----------+
[INFO] asn: | AS15169 | 216.239.32.0/24 | 3 | GOOGLE | Google LLC | US |
[INFO] asn: +---------+---------------------+--------------+-----------------------------+----------------------------------+-----------+
[INFO] asn: | AS15169 | 216.239.36.0/24 | 3 | GOOGLE | Google LLC | US |
[INFO] asn: +---------+---------------------+--------------+-----------------------------+----------------------------------+-----------+
[INFO] asn: | AS8075 | 52.160.0.0/11 | 3 | MICROSOFT-CORP-MSN-AS-BLOCK | Microsoft Corporation | US |
[INFO] asn: +---------+---------------------+--------------+-----------------------------+----------------------------------+-----------+
[INFO] asn: | AS54113 | 199.36.158.0/24 | 2 | FASTLY | Fastly, Inc. | US |
[INFO] asn: +---------+---------------------+--------------+-----------------------------+----------------------------------+-----------+
[INFO] asn: | AS8075 | 13.64.0.0/11 | 2 | MICROSOFT-CORP-MSN-AS-BLOCK | Microsoft Corporation | US |
[INFO] asn: +---------+---------------------+--------------+-----------------------------+----------------------------------+-----------+
[INFO] asn: | AS8075 | 20.192.0.0/10 | 2 | MICROSOFT-CORP-MSN-AS-BLOCK | Microsoft Corporation | US |
[INFO] asn: +---------+---------------------+--------------+-----------------------------+----------------------------------+-----------+
[INFO] asn: | AS8075 | 20.36.0.0/14 | 2 | MICROSOFT-CORP-MSN-AS-BLOCK | Microsoft Corporation | US |
[INFO] asn: +---------+---------------------+--------------+-----------------------------+----------------------------------+-----------+
[INFO] aggregate: +--------------------+----------------------------------------+------------------------------------------+
[INFO] aggregate: | Module | Produced | Consumed |
[INFO] aggregate: +====================+========================================+==========================================+
[INFO] aggregate: | httpx | 189 (189 URL) | 208 (194 OPEN_TCP_PORT, 14 |
[INFO] aggregate: | | | URL_UNVERIFIED) |
[INFO] aggregate: +--------------------+----------------------------------------+------------------------------------------+
[INFO] aggregate: | speculate | 177 (4 DNS_NAME, 171 OPEN_TCP_PORT, 2 | 1,112 (1 AZURE_TENANT, 177 DNS_NAME, 12 |
[INFO] aggregate: | | ORG_STUB) | DNS_NAME_UNRESOLVED, 189 HTTP_RESPONSE, |
[INFO] aggregate: | | | 39 IP_ADDRESS, 189 URL, 505 |
[INFO] aggregate: | | | URL_UNVERIFIED) |
[INFO] aggregate: +--------------------+----------------------------------------+------------------------------------------+
[INFO] aggregate: | crt | 89 (89 DNS_NAME) | 1 (1 DNS_NAME) |
[INFO] aggregate: +--------------------+----------------------------------------+------------------------------------------+
[INFO] aggregate: | crt_db | 89 (89 DNS_NAME) | 1 (1 DNS_NAME) |
[INFO] aggregate: +--------------------+----------------------------------------+------------------------------------------+
[INFO] aggregate: | wayback | 55 (55 DNS_NAME) | 1 (1 DNS_NAME) |
[INFO] aggregate: +--------------------+----------------------------------------+------------------------------------------+
[INFO] aggregate: | subdomaincenter | 47 (47 DNS_NAME) | 1 (1 DNS_NAME) |
[INFO] aggregate: +--------------------+----------------------------------------+------------------------------------------+
[INFO] aggregate: | otx | 46 (46 DNS_NAME) | 1 (1 DNS_NAME) |
[INFO] aggregate: +--------------------+----------------------------------------+------------------------------------------+
[INFO] aggregate: | hackertarget | 38 (38 DNS_NAME) | 1 (1 DNS_NAME) |
[INFO] aggregate: +--------------------+----------------------------------------+------------------------------------------+
[INFO] aggregate: | certspotter | 32 (32 DNS_NAME) | 1 (1 DNS_NAME) |
[INFO] aggregate: +--------------------+----------------------------------------+------------------------------------------+
[INFO] aggregate: | shodan_idb | 26 (1 DNS_NAME, 21 OPEN_TCP_PORT, 4 | 14 (14 DNS_NAME) |
[INFO] aggregate: | | TECHNOLOGY) | |
[INFO] aggregate: +--------------------+----------------------------------------+------------------------------------------+
[INFO] aggregate: | dnsbrute | 14 (14 DNS_NAME) | 4 (4 DNS_NAME) |
[INFO] aggregate: +--------------------+----------------------------------------+------------------------------------------+
[INFO] aggregate: | excavate | 13 (9 DNS_NAME, 3 FINDING, 1 PROTOCOL) | 189 (189 HTTP_RESPONSE) |
[INFO] aggregate: +--------------------+----------------------------------------+------------------------------------------+
[INFO] aggregate: | A | 13 (13 IP_ADDRESS) | 0 |
[INFO] aggregate: +--------------------+----------------------------------------+------------------------------------------+
[INFO] aggregate: | social | 9 (9 SOCIAL) | 505 (505 URL_UNVERIFIED) |
[INFO] aggregate: +--------------------+----------------------------------------+------------------------------------------+
[INFO] aggregate: | rapiddns | 8 (8 DNS_NAME) | 1 (1 DNS_NAME) |
[INFO] aggregate: +--------------------+----------------------------------------+------------------------------------------+
[INFO] aggregate: | urlscan | 7 (7 DNS_NAME) | 1 (1 DNS_NAME) |
[INFO] aggregate: +--------------------+----------------------------------------+------------------------------------------+
[INFO] aggregate: | NS | 4 (4 DNS_NAME) | 0 |
[INFO] aggregate: +--------------------+----------------------------------------+------------------------------------------+
[INFO] aggregate: | host | 4 (4 DNS_NAME) | 0 |
[INFO] aggregate: +--------------------+----------------------------------------+------------------------------------------+
[INFO] aggregate: | dnsbrute_mutations | 3 (3 DNS_NAME) | 96 (96 DNS_NAME) |
[INFO] aggregate: +--------------------+----------------------------------------+------------------------------------------+
[INFO] aggregate: | sslcert | 3 (3 DNS_NAME) | 220 (220 OPEN_TCP_PORT) |
[INFO] aggregate: +--------------------+----------------------------------------+------------------------------------------+
[INFO] aggregate: | CNAME | 3 (3 DNS_NAME) | 0 |
[INFO] aggregate: +--------------------+----------------------------------------+------------------------------------------+
[INFO] aggregate: | AAAA | 3 (3 IP_ADDRESS) | 0 |
[INFO] aggregate: +--------------------+----------------------------------------+------------------------------------------+
[INFO] aggregate: | oauth | 2 (2 FINDING) | 36 (26 DNS_NAME, 10 URL_UNVERIFIED) |
[INFO] aggregate: +--------------------+----------------------------------------+------------------------------------------+
[INFO] aggregate: | MX | 2 (2 DNS_NAME) | 0 |
[INFO] aggregate: +--------------------+----------------------------------------+------------------------------------------+
[INFO] aggregate: | azure_tenant | 1 (1 AZURE_TENANT) | 1 (1 DNS_NAME) |
[INFO] aggregate: +--------------------+----------------------------------------+------------------------------------------+
[INFO] aggregate: | SOA | 1 (1 DNS_NAME) | 0 |
[INFO] aggregate: +--------------------+----------------------------------------+------------------------------------------+
[INFO] aggregate: | dnsresolve | 0 | 2,987 (657 DNS_NAME, 25 EMAIL_ADDRESS, 5 |
[INFO] aggregate: | | | FINDING, 189 HTTP_RESPONSE, 719 |
[INFO] aggregate: | | | IP_ADDRESS, 624 OPEN_TCP_PORT, 1 |
[INFO] aggregate: | | | PROTOCOL, 9 SOCIAL, 4 TECHNOLOGY, 189 |
[INFO] aggregate: | | | URL, 565 URL_UNVERIFIED) |
[INFO] aggregate: +--------------------+----------------------------------------+------------------------------------------+
[INFO] aggregate: | cloudcheck | 0 | 2,312 (535 DNS_NAME, 49 |
[INFO] aggregate: | | | DNS_NAME_UNRESOLVED, 2 EMAIL_ADDRESS, 5 |
[INFO] aggregate: | | | FINDING, 189 HTTP_RESPONSE, 149 |
[INFO] aggregate: | | | IP_ADDRESS, 624 OPEN_TCP_PORT, 1 |
[INFO] aggregate: | | | PROTOCOL, 4 TECHNOLOGY, 189 URL, 565 |
[INFO] aggregate: | | | URL_UNVERIFIED) |
[INFO] aggregate: +--------------------+----------------------------------------+------------------------------------------+
[INFO] aggregate: | azure_realm | 0 | 96 (96 DNS_NAME) |
[INFO] aggregate: +--------------------+----------------------------------------+------------------------------------------+
[INFO] aggregate: | baddns_zone | 0 | 96 (96 DNS_NAME) |
[INFO] aggregate: +--------------------+----------------------------------------+------------------------------------------+
[INFO] aggregate: | dnsbimi | 0 | 4 (4 DNS_NAME) |
[INFO] aggregate: +--------------------+----------------------------------------+------------------------------------------+
[INFO] aggregate: | dnscaa | 0 | 96 (96 DNS_NAME) |
[INFO] aggregate: +--------------------+----------------------------------------+------------------------------------------+
[INFO] aggregate: | dnscommonsrv | 0 | 4 (4 DNS_NAME) |
[INFO] aggregate: +--------------------+----------------------------------------+------------------------------------------+
[INFO] aggregate: | dnstlsrpt | 0 | 4 (4 DNS_NAME) |
[INFO] aggregate: +--------------------+----------------------------------------+------------------------------------------+
[INFO] aggregate: | securitytxt | 0 | 4 (4 DNS_NAME) |
[INFO] aggregate: +--------------------+----------------------------------------+------------------------------------------+
[INFO] aggregate: | anubisdb | 0 | 1 (1 DNS_NAME) |
[INFO] aggregate: +--------------------+----------------------------------------+------------------------------------------+
[INFO] aggregate: | digitorus | 0 | 1 (1 DNS_NAME) |
[INFO] aggregate: +--------------------+----------------------------------------+------------------------------------------+
[INFO] aggregate: | dnsdumpster | 0 | 1 (1 DNS_NAME) |
[INFO] aggregate: +--------------------+----------------------------------------+------------------------------------------+
[INFO] aggregate: | leakix | 0 | 1 (1 DNS_NAME) |
[INFO] aggregate: +--------------------+----------------------------------------+------------------------------------------+
[INFO] aggregate: | myssl | 0 | 1 (1 DNS_NAME) |
[INFO] aggregate: +--------------------+----------------------------------------+------------------------------------------+
[INFO] aggregate: | sitedossier | 0 | 1 (1 DNS_NAME) |
[INFO] aggregate: +--------------------+----------------------------------------+------------------------------------------+
[INFO] aggregate: | ipneighbor | 0 | 39 (39 IP_ADDRESS) |
[INFO] aggregate: +--------------------+----------------------------------------+------------------------------------------+
[INFO] output.csv: Saved CSV output to /home/builder/.bbot/scans/fierce_theresa/output.csv
[INFO] output.json: Saved JSON output to /home/builder/.bbot/scans/fierce_theresa/output.json
[INFO] output.subdomains: Saved 96 subdomains to /home/builder/.bbot/scans/fierce_theresa/subdomains.txt
[INFO] output.txt: Saved TXT output to /home/builder/.bbot/scans/fierce_theresa/output.txt
[SUCC] Scan fierce_theresa completed in 2 minutes, 46 seconds with status FINISHED
It took nearly 3 minutes, but when done, I had a full list of all the subdomains I’ve used over the years
$ cat /home/builder/.bbot/scans/fierce_theresa/subdomains.txt | sort -u
aksdemo.freshbrewed.science
aksdemo2.freshbrewed.science
aksdemo3.freshbrewed.science
aksdemo4.freshbrewed.science
aksloft2.freshbrewed.science
argocd.freshbrewed.science
argoci.freshbrewed.science
awx.freshbrewed.science
awx2.freshbrewed.science
awxvm.freshbrewed.science
azurevote.freshbrewed.science
beszel.freshbrewed.science
bitwarden.freshbrewed.science
christmas.freshbrewed.science
cinny.freshbrewed.science
cloudcustodian.freshbrewed.science
cloudrun.freshbrewed.science
code.freshbrewed.science
codex.freshbrewed.science
core.freshbrewed.science
disabledsvc.freshbrewed.science
docusaurus.freshbrewed.science
dokemon.freshbrewed.science
dufs.freshbrewed.science
element.freshbrewed.science
filebrowser.freshbrewed.science
firebase.freshbrewed.science
fluffychat.freshbrewed.science
foo.freshbrewed.science
foo2.freshbrewed.science
foo3.freshbrewed.science
foo4.freshbrewed.science
foo5.freshbrewed.science
forgejo.freshbrewed.science
freshbrewed.science
gbwebui.freshbrewed.science
gitea.freshbrewed.science
giteatest.freshbrewed.science
gitness.freshbrewed.science
grafana.freshbrewed.science
guestbook.freshbrewed.science
harbor.freshbrewed.science
hedgedoc.freshbrewed.science
instance1.cloudrun.freshbrewed.science
jenkins.freshbrewed.science
junkins.freshbrewed.science
kasarest.freshbrewed.science
loft.freshbrewed.science
loft2.freshbrewed.science
logstream.freshbrewed.science
matrix.freshbrewed.science
mattermost.freshbrewed.science
movary.freshbrewed.science
myflexapp.freshbrewed.science
nexus.freshbrewed.science
nodesite.freshbrewed.science
noisedash.freshbrewed.science
notary.freshbrewed.science
opendocman.freshbrewed.science
opengist.freshbrewed.science
openproject.freshbrewed.science
pashword.freshbrewed.science
photos.freshbrewed.science
pingtest.freshbrewed.science
planereport.freshbrewed.science
pomodoreapp.freshbrewed.science
pomodoro.freshbrewed.science
portainer.freshbrewed.science
publish.freshbrewed.science
punq.freshbrewed.science
punqdemo.freshbrewed.science
python-crfunction.freshbrewed.science
rancher.freshbrewed.science
recipes.freshbrewed.science
registry.freshbrewed.science
rundeck.freshbrewed.science
signoz.freshbrewed.science
sonarqube.freshbrewed.science
standardapp.freshbrewed.science
status.freshbrewed.science
strapi.freshbrewed.science
test.freshbrewed.science
timesy.freshbrewed.science
uptime.freshbrewed.science
vault.freshbrewed.science
whiteboard.freshbrewed.science
wishlist.freshbrewed.science
workflows.freshbrewed.science
workflows2.freshbrewed.science
wpblog.freshbrewed.science
www.freshbrewed.science
www.myflexapp.freshbrewed.science
www.standardapp.freshbrewed.science
zabbix.freshbrewed.science
zentao.freshbrewed.science
zulip.freshbrewed.science
Email Enum
Let’s use email-enum to gather emails.
$ bbot -t freshbrewed.science -p email-enum
______ _____ ____ _______
| ___ \| __ \ / __ \__ __|
| |___) | |__) | | | | | |
| ___ <| __ <| | | | | |
| |___) | |__) | |__| | | |
|______/|_____/ \____/ |_|
BIGHUGE BLS OSINT TOOL v2.4.1
www.blacklanternsecurity.com/bbot
[INFO] Scan seeded with 1 targets (1 in whitelist)
[INFO] Loaded 8/8 scan modules (dehashed,dnscaa,dnstlsrpt,emailformat,hunterio,pgp,skymem,sslcert)
[INFO] Loaded 6/6 internal modules (aggregate,cloudcheck,dnsresolve,excavate,speculate,unarchive)
[INFO] Loaded 6/6 output modules, (csv,emails,json,python,stdout,txt)
[INFO] internal.speculate: No portscanner enabled. Assuming open ports: 80, 443
[INFO] Setup soft-failed for hunterio: No API key set
[INFO] Setup soft-failed for dehashed: No username / API key set
[SUCC] Setup succeeded for 20/22 modules.
[SUCC] Scan ready. Press enter to execute encrypted_heather
[SUCC] Starting scan encrypted_heather
[SCAN] encrypted_heather (SCAN:e576b444f720504f5a13200034772c0bb6fa8683) TARGET
[DNS_NAME] freshbrewed.science TARGET (a-record, aaaa-record, cdn-cloudfront, cdn-ip, cloud-amazon, cloud-ip, domain, in-scope, mx-record, ns-record, soa-record, target, txt-record)
[ORG_STUB] freshbrewed speculate
[DNS_NAME] ns-414.awsdns-51.com SOA (a-record, aaaa-record, affiliate, cloud-amazon, cloud-ip, distance-1, subdomain)
[DNS_NAME] ns-414.awsdns-51.com NS (a-record, aaaa-record, affiliate, cloud-amazon, cloud-ip, distance-1, subdomain)
[DNS_NAME] ns-947.awsdns-54.net NS (a-record, aaaa-record, affiliate, cloud-amazon, cloud-ip, distance-1, subdomain)
[DNS_NAME] ns-1961.awsdns-53.co.uk NS (a-record, aaaa-record, affiliate, cloud-amazon, cloud-ip, distance-1, subdomain)
[DNS_NAME] ns-1185.awsdns-20.org NS (a-record, aaaa-record, affiliate, cloud-amazon, cloud-ip, distance-1, subdomain)
[DNS_NAME] spool.mail.gandi.net MX (a-record, aaaa-record, affiliate, distance-1, subdomain)
[DNS_NAME] fb.mail.gandi.net MX (a-record, aaaa-record, affiliate, distance-1, subdomain)
[INFO] encrypted_heather: Modules running (incoming:processing:outgoing) pgp(8:1:0)
[INFO] encrypted_heather: Events produced so far: DNS_NAME: 8, SCAN: 1, ORG_STUB: 1
[INFO] encrypted_heather: No events in queue (356 processed in the past 15 seconds)
[INFO] Finishing scan
[SCAN] encrypted_heather (SCAN:e576b444f720504f5a13200034772c0bb6fa8683) TARGET
[INFO] aggregate: +-------------+----------------+------------------------------------------+
[INFO] aggregate: | Module | Produced | Consumed |
[INFO] aggregate: +=============+================+==========================================+
[INFO] aggregate: | NS | 4 (4 DNS_NAME) | 0 |
[INFO] aggregate: +-------------+----------------+------------------------------------------+
[INFO] aggregate: | MX | 2 (2 DNS_NAME) | 0 |
[INFO] aggregate: +-------------+----------------+------------------------------------------+
[INFO] aggregate: | speculate | 1 (1 ORG_STUB) | 20 (7 DNS_NAME, 1 DNS_NAME_UNRESOLVED, |
[INFO] aggregate: | | | 12 IP_ADDRESS) |
[INFO] aggregate: +-------------+----------------+------------------------------------------+
[INFO] aggregate: | SOA | 1 (1 DNS_NAME) | 0 |
[INFO] aggregate: +-------------+----------------+------------------------------------------+
[INFO] aggregate: | dnsresolve | 0 | 66 (14 DNS_NAME, 1 DNS_NAME_UNRESOLVED, |
[INFO] aggregate: | | | 1 EMAIL_ADDRESS, 12 IP_ADDRESS, 38 |
[INFO] aggregate: | | | OPEN_TCP_PORT) |
[INFO] aggregate: +-------------+----------------+------------------------------------------+
[INFO] aggregate: | cloudcheck | 0 | 60 (8 DNS_NAME, 1 DNS_NAME_UNRESOLVED, 1 |
[INFO] aggregate: | | | EMAIL_ADDRESS, 12 IP_ADDRESS, 38 |
[INFO] aggregate: | | | OPEN_TCP_PORT) |
[INFO] aggregate: +-------------+----------------+------------------------------------------+
[INFO] aggregate: | dnscaa | 0 | 1 (1 DNS_NAME) |
[INFO] aggregate: +-------------+----------------+------------------------------------------+
[INFO] aggregate: | dnstlsrpt | 0 | 1 (1 DNS_NAME) |
[INFO] aggregate: +-------------+----------------+------------------------------------------+
[INFO] aggregate: | emailformat | 0 | 1 (1 DNS_NAME) |
[INFO] aggregate: +-------------+----------------+------------------------------------------+
[INFO] aggregate: | skymem | 0 | 1 (1 DNS_NAME) |
[INFO] aggregate: +-------------+----------------+------------------------------------------+
[INFO] aggregate: | sslcert | 0 | 19 (19 OPEN_TCP_PORT) |
[INFO] aggregate: +-------------+----------------+------------------------------------------+
[INFO] aggregate: | pgp | 0 | 1 (1 DNS_NAME) |
[INFO] aggregate: +-------------+----------------+------------------------------------------+
[INFO] output.csv: Saved CSV output to /home/builder/.bbot/scans/encrypted_heather/output.csv
[INFO] output.json: Saved JSON output to /home/builder/.bbot/scans/encrypted_heather/output.json
[INFO] output.txt: Saved TXT output to /home/builder/.bbot/scans/encrypted_heather/output.txt
[SUCC] Scan encrypted_heather completed in 22 seconds with status FINISHED
If we look at the output, we can see we use gandi.net for the mail host but AWS Route53 for the rest
$ cat /home/builder/.bbot/scans/encrypted_heather/output.txt
[SCAN] encrypted_heather (SCAN:e576b444f720504f5a13200034772c0bb6fa8683) TARGET
[DNS_NAME] freshbrewed.science TARGET (a-record, aaaa-record, cdn-cloudfront, cdn-ip, cloud-amazon, cloud-ip, domain, in-scope, mx-record, ns-record, soa-record, target, txt-record)
[ORG_STUB] freshbrewed speculate
[DNS_NAME] ns-414.awsdns-51.com SOA (a-record, aaaa-record, affiliate, cloud-amazon, cloud-ip, distance-1, subdomain)
[DNS_NAME] ns-414.awsdns-51.com NS (a-record, aaaa-record, affiliate, cloud-amazon, cloud-ip, distance-1, subdomain)
[DNS_NAME] ns-947.awsdns-54.net NS (a-record, aaaa-record, affiliate, cloud-amazon, cloud-ip, distance-1, subdomain)
[DNS_NAME] ns-1961.awsdns-53.co.uk NS (a-record, aaaa-record, affiliate, cloud-amazon, cloud-ip, distance-1, subdomain)
[DNS_NAME] ns-1185.awsdns-20.org NS (a-record, aaaa-record, affiliate, cloud-amazon, cloud-ip, distance-1, subdomain)
[DNS_NAME] spool.mail.gandi.net MX (a-record, aaaa-record, affiliate, distance-1, subdomain)
[DNS_NAME] fb.mail.gandi.net MX (a-record, aaaa-record, affiliate, distance-1, subdomain)
[SCAN] encrypted_heather (SCAN:e576b444f720504f5a13200034772c0bb6fa8683) TARGET
Summary
Today, we embarked on an exploration of BadDNS , setting it up and examining its outputs across various domains. This hands-on approach provided valuable insights into the tool’s capabilities.
Next, we delved into BBOT, the “Bighuge BLS OSINT Tool.” Due to some Ansible dependencies conflicting with my WSL setup, I transitioned to a dedicated Linux host. This move proved beneficial, as BBOT delivered richer sub-domain outputs, making it a powerful tool for detecting any mischievous domain routing activities.
Although I didn’t uncover any vulnerabilities in my DNS zones, it was fascinating to identify the mail servers in use, the designated Nameservers (who holds control), and the array of subdomains, particularly for my oldest domain, freshbrewed.science.
