Juicy Curl

curl -o [FILENAME.txt][DOMAINNAME OR LINK] //output in file

curl -L [link] //redirect link

curl -I [DOMAIN NAME] //Analyze the response header. & much more

curl -v [] //seeing tls handshake and others

curl --data "log=admin&pwd=password" [DOMAIN NAME]

Output in json format

curl -s https://crt.sh/\?q\=inlanefreight.com\&output\=json | jq .


##we can also have them filtered by the unique subdomains.
curl -s https://crt.sh/\?q\=inlanefreight.com\&output\=json | jq . | grep name | cut -d":" -f2 | grep -v "CN=


##company hosted server
for i in $(cat subdomainlist);do host $i | grep "has address" | grep inlanefreight.com | cut -d" " -f1,4;done

##using shodan
for i in $(cat subdomainlist);do host $i | grep "has address" | grep inlanefreight.com | cut -d" " -f4 >> ip-addresses.txt;done
for i in $(cat ip-addresses.txt);do shodan host $i;done

Previous143-IMAP/POP3 Next100 Web Vulnerabilities, categorized into various types

Last updated 4 months ago