Juicy Curl
curl -o [FILENAME.txt][DOMAINNAME OR LINK] //output in file
curl -L [link] //redirect link
curl -I [DOMAIN NAME] //Analyze the response header. & much more
curl -v [] //seeing tls handshake and others
curl --data "log=admin&pwd=password" [DOMAIN NAME]
Output in json format
curl -s https://crt.sh/\?q\=inlanefreight.com\&output\=json | jq .
##we can also have them filtered by the unique subdomains.
curl -s https://crt.sh/\?q\=inlanefreight.com\&output\=json | jq . | grep name | cut -d":" -f2 | grep -v "CN=
##company hosted server
for i in $(cat subdomainlist);do host $i | grep "has address" | grep inlanefreight.com | cut -d" " -f1,4;done
##using shodan
for i in $(cat subdomainlist);do host $i | grep "has address" | grep inlanefreight.com | cut -d" " -f4 >> ip-addresses.txt;done
for i in $(cat ip-addresses.txt);do shodan host $i;done
Last updated