DOMAIN/SUBDOMAIN

Logocrt.sh | Certificate Search
//overview
root@oco:~$ curl -s https://crt.sh/\?q\=cnd.dev\&output\=json | jq .
 [
  {
    "issuer_ca_id": 286236,
    "issuer_name": "C=US, O=Google Trust Services, CN=WE1",
    "common_name": "git.cnd.dev",
    "name_value": "git.cnd.dev",
    "id": 19712941882,
    "entry_timestamp": "2025-07-16T15:32:15.865",
    "not_before": "2025-07-16T13:44:12",
    "not_after": "2025-10-14T14:44:04",
    "serial_number": "00b981d268ffb7cae60e122c7893af80ae",
    "result_count": 2
  },
 ...
 
//filter on unique subdomains
root@oco:~$ curl -s https://crt.sh/\?q\=cnd.dev\&output\=json | jq . | grep name | cut -d":" -f2 | grep -v "CN=" | cut -d'"' -f2 | awk '{gsub(/\\n/,"\n");}1;' | sort -u
 *.cnd.dev
 cnd.dev
 git.cnd.dev
 nuclear.cnd.dev
 payload.cnd.dev
 vpn.cnd.dev
 www.cnd.dev
LogoShodanShodan
//identify live hosts
root@oco:~$ nano subdomainList
 *.cnd.dev
 cnd.dev
 git.cnd.dev
 nuclear.cnd.dev
 payload.cnd.dev
 vpn.cnd.dev
 www.cnd.dev

root@oco:~$ for i in $(cat subdomainlist);do host $i | grep "has address" | grep cnd.dev | cut -d" " -f1,4;done
 cnd.dev 185.199.108.153
 cnd.dev 185.199.109.153
 cnd.dev 185.199.110.153
 cnd.dev 185.199.111.153
 nuclear.cnd.dev 20.185.241.94
 payload.cnd.dev 52.168.6.167
 
root@oco:~$ for i in $(cat subdomainlist);do host $i | grep "has address" | grep cnd.dev | cut -d" " -f4 >> ip-addresses.txt;done
root@oco:~$ for i in $(cat ip-addresses.txt);do shodan host $i;done
 185.199.108.153
 Hostnames:               github.io;github.com;www.github.com;cdn-185-199-108-153.github.com;githubusercontent.com
 City:                    San Francisco
 Country:                 United States
 Organization:            GitHub, Inc.
 Updated:                 2025-08-10T15:00:11.647251
 Number of open ports:    2

 Ports:
     80/tcp  
	|-- HTTP title: Site not found · GitHub Pages
    443/tcp  
	|-- HTTP title: Site not found · GitHub Pages
	|-- Cert Issuer: C=GB, ST=Greater Manchester, CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford
	|-- Cert Subject: CN=*.github.io
	|-- SSL Versions: -SSLv2, -SSLv3, -TLSv1, -TLSv1.1, TLSv1.2, TLSv1.3
 ...
 Error: Unable to parse JSON response
 Error: No information available for that IP.
 Error: No information available for that IP.

root@oco:~$ dig any cnd.dev
 ; <<>> DiG 9.18.33-1~deb12u2-Debian <<>> any cnd.dev
 ;; global options: +cmd
 ;; Got answer:
 ;; ->>HEADER<<- opcode: QUERY, status: NOTIMP, id: 56972
 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

 ;; OPT PSEUDOSECTION:
 ; EDNS: version: 0, flags:; udp: 1232
 ;; QUESTION SECTION:
 ;cnd.dev.			IN	ANY

 ;; Query time: 3 msec
 ;; SERVER: 1.1.1.1#53(1.1.1.1) (TCP)
 ;; WHEN: Sun Aug 10 22:36:10 CDT 2025
 ;; MSG SIZE  rcvd: 36
PreviousOSINT (EXTERNAL)NextVULNERABILITY ASSESSMENT

Last updated