Show HN: Osint tool that finds exposed files on domains

Hacker News Top Tools

Summary

A new OSINT tool for searching domains to find exposed paths and misconfigurations, useful for security researchers and penetration testers.

hey guys, wanted to show one of my side projects i just made public.<p>the idea is basically another osint tool for pentesters and bug bounty hunters. it watches certificate transparency logs and checks newly-seen domains for exposed stuff like .env files, open .git dirs, config files, db dumps and so on, and puts whatever it finds into a searchable db. you just search a domain (or part of one) and see what&#x27;s exposed.<p>it&#x27;s read-only and free. one thing i&#x27;ve been thinking about adding is a way to register for certain keywords and get notified when something new shows up for that search.<p>would love to hear if you have other ideas for useful features, and also ideas for how to reduce abuse of the data, since that&#x27;s the part i&#x27;m least sure about.<p><a href="https:&#x2F;&#x2F;search.cerast-intelligence.com&#x2F;" rel="nofollow">https:&#x2F;&#x2F;search.cerast-intelligence.com&#x2F;</a>
Original Article
View Cached Full Text

Cached at: 07/05/26, 10:34 PM

# Cerast Intelligence · Domain Search Source: [https://search.cerast-intelligence.com/](https://search.cerast-intelligence.com/) ![Cerast](https://search.cerast-intelligence.com/logo.png)domain searchSearch observed domains for exposed paths and misconfigurations\. ⌕ Substring search over the domain, case\-insensitive, at least 3 characters\. E\.g\.`staging\.`,`\.org`,`test\-`\.

Similar Articles

@yhslgg: https://x.com/yhslgg/status/2068317116831510838

X AI KOLs Timeline

Introduces the combined use ideas of five free and open-source OSINT tools (Blackbird, Maigret, SpiderFoot, theHarvester, Shodan Python), covering scenarios such as people search, company search, device search, and provides practical cases and installation methods.

Show HN: We post-trained a model that pen tests instead of refusing

Hacker News Top

ArgusRed is a CLI tool that uses a post-trained AI model to perform security scanning and penetration testing on codebases, outputting detailed markdown reports. It offers two modes: security scan (read-only) and pen test (active exploits) with optional exploit verification.

Show HN: An index of indie web/blog indexes

Hacker News Top

Showcasing a curated index of indie web and blog directories, aggregating various tools for discovering personal sites, RSS feeds, and constraint-based web communities.

Humiliating IIS servers for fun and jail time

Hacker News Top

A detailed technical guide on discovering and exploiting misconfigured IIS servers for bug bounty hunting, covering techniques like Shodan queries, tilde enumeration, web.config exploitation, and WAF bypass.