Recon One Step Advanced With OTX
“I Never Find My Luck With Me”
First Of All Everyone Would Be Thinking What The Heck Is This OTX?
Open Threat Exchange®(OTX™) is a threat data platform that allows security researchers and threat data producers to share research and investigate new threats.
“In the name of Allah, the Most Gracious, the Most Merciful” Let’s Start.
I Got To Know about OTX From One Of My Brother Prial Islam Khan, He Once Shared a Bug Bounty Tip Regarding OTX , From Then I Also Started To Use OTX, And To be Honest It is Worth To Give it a Try.
How To Use OTX?
https://otx.alienvault.com/indicator/domain/target.com
Just Change The Target.com to Your Target Website.
There After Searching You Will Find Many Information, Among Them The Section “Associated URLs” is the Most Interesting One 😀
I Mainly Look For Interesting URL Endpoints , so I Only Search for the Associated URLS, Making this Easy One Bash Oneliner Was Also Provided By Prial Islam Khan.
otx(){
gron "https://otx.alienvault.com/otxapi/indicator/hostname/url_list/$1?limit=100&page=1" | grep "\burl\b" | gron --ungron | jq
}How To Use This?
Open Terminal, Then Type ‘nano .bash_profile’;
Then Paste the Code in The .bash_profile and Save and Exit.
Then Type “source ~/.bash_profile” in the Terminal.
Now, Just Type
‘otx target.com’; and You will get all the associated URLs in your Cli.
Note: You Will Need To Install ‘gron and jq’
I Don’t Think Anyone Will Suffer Doing the Process Mentioned Above. Even If you Go Through Any Problem , Don’t Hesitate to DM me on Twitter.
So You Would Be Thinking Why I am Suggesting This And What Things You Might Find With This?
I Can’t Ensure You What Kind Of Things you Can Find With This. You Might Get Many Sensitive Information Disclosed in the Url Endpoint ;)
Talking about My Experience with OTX:
I Found one Endpoint Which Was Disclosing a Total of 55 User’s Invoice Information, I Reported That And Was Triaged in Low and Didn’t Get any Bounty :(
Then I Also Found an Endpoint Where I Was Able To Download a File of PhoneNumberData; But the File was in Binary Format and I Wasn’t Able to Read The Internal Files.
As I Said In The Starting “I Never Find My Luck With Me”
So Hope You Will Find Anything With This :D
Last But Not The Least.
Everyone Suggests To Use OTX on Each and Every Subdomain, Which Is Much Time Consuming.
But I am Here With The Solution.
Recently Mehedi Hasan Remon, Created a Tool Called “Priotx” To Automate The Process Of Using OTX in Every Subdomains.
You Can Find The Tool and It’s Usage Here : https://github.com/remonsec/Pri0tx
Hope You Guys Like This, Please Share and Stay Tuned. And Don’t Forget To Share Your Experience With OTX here ;)
Twitter : https://twitter.com/SMHTahsin33
Facebook: https://www.facebook.com/smhtahsin33
Youtube: https://www.youtube.com/channel/UCPv9JretwFnKw-5mtu3A0jw
Allah Hafiz
