This website aims at improving Webserver security and serves as yet another OSINT source, data that may have be changed already, to hopefully become a valuable tool for Cybersecurity professionals.
Hi, I'm a Website. I was born in January 2024. That means, I'm pretty young and can't do everything right, or - right away. I'm still learning - you can watch me learning, notice the Estimated entries right on top. If this value is rising, be it fast or slowly, it means I'm aggregating data, which takes a lot of my limited resources and makes all operations much slower than usual. At times I'm not learning, then you can get a glimps at what I can do.
If you don't RTFM, read at least this. Try the following settings:
Set to Domain
This should return:
Found: 50 result(s).
Duration: 0.562s
Our tool is made for good intends and purposes: RedTeaming, Pentesting and OSINT.
Searches with good intent will be fast!
While we provide very long timeout limits, to support any type of custom search, knowing a few things about our search tool can improve your results, and search duration, a lot.
Searching for a full domain or IP should be rather instant. You then can try to add more options, one by one. Don't add www or subdomains in front. Don't use CIDR ranges.
Just as fast is the Domain regex - it's called like that, but it's rather a full word search. Domains and URLs are tokenized by real, human words - e.g. dog, eye, jump, ... this search will be fast and work well. On the other hand, due to the amounts of data, we don't support real regex right now and discourage the use of complex terms (in the Domain field). This may or may not be supported later. For now: Use full words on Domains only!
We don't support CIDR ranges. Instead, you can just enter the beginning of an IP. Set the Dropdown to IP enter:
IP: 52.106.
You don't have to add the second dot, but it helps to make the "range" more precise - consider using a number like 13.10 without a second dot, and what possible IPV4 addresses it might fit. Also enable the Regex Switch and hit search.
You likely had regex, two switches, the server field and a date set, while you didn't RTFM.
Your search is likely too broad or too narrow. When there are too many results, for regex terms like google or youtube, or when there are no results at all, you won't find what you need. Sorry.
When you fill the Server text field, turn off the Server switch. The Server switch is a separate boolean field, to make a fast search and narrow down on results, that do have a Server header in the first place. The Server text field is an independent field and will be searched anyway, no matter if the switch is on or off.
Know that switches are boolean while fields are text match or regex searches, thus fields put a lot more strain on the Database - except for the "Individual" switch.
Internally we use 3 different ways of searching atm, depending on the parameter choice on the frontend. In the future we may expose these ways and let the user decide, not only which type of search to use, but also decide the timeout for the search within a range.
Depending on the final performance, once most if not all data is in the DB, we may also add other means like a caching DB or scale horizontally using sharding techniques, additional search indices, etc. A realtime crawler adding more DNS data is also finished half way through.
Not all webservers are the same - we estimated from our data that in the last 5 years there were more than 10.000 different servers and versions used on the Internet. Often times, these webservers have vulnerabilities but are never updated - searching for Apache/2.4.10.* will easily break our current limit of 10.000 results (not all data is online yet).
| Banner | Known Vulns / CVE |
|---|---|
| Apache HTTP Server 2.4.10 and earlier | Shellshock (CVE-2014-6271) |
| Apache Struts 2.3.5 - 2.3.31, 2.5 - 2.5.10 | Apache Struts Remote Code Execution (CVE-2017-5638) |
| nginx 1.5.0 - 1.5.13, 1.4.0 - 1.4.7 | Heartbleed (CVE-2014-0160) in OpenSSL |
| Drupal 7.x, 8.x | Drupalgeddon2 (CVE-2018-7600) |
| Microsoft IIS 10.0 | Remote Code Execution in IIS (CVE-2019-0708) |
| Microsoft Exchange Server 2010-2019 | ProxyLogon (CVE-2021-26855, CVE-2021-27065) |
| Apache Log4j 2.x < 2.15.0 | Log4Shell (CVE-2021-44228) |
| WordPress < 5.8.3 | SQL Injection (CVE-2023-XXXX) |
| Apache-Coyote/1.1 | Multiple vulnerabilities |
| Abyss/2.11.1-X2-Win32 AbyssLib/2.11 | Buffer overflows, XSS |
| AOLserver/4.5.1 | Buffer overflows, script injection |
| Caddy | HTTPS misconfigurations, MiTM attacks |
| Cherokee | Denial of service vulnerabilities |
| AppleHttpServer/2f080fc0 | Potential undiscovered vulnerabilities |
| Ahs/5.x | Lesser-known, delayed patching |
| AkamaiGHost | Potential leverage in DDoS attacks |
| Barracuda/3.0.20 | Remote code execution, denial of service |
| BaseHTTP/0.3 Python/2.6.6 | Multiple security limitations |
| ATS/3.0.4 | Buffer overflow, denial of service |
| EZproxy | Unauthorized access risks |
| EdgePrism/4.2.4.2 | Complex configurations, vulnerabilities |
| squid/2.5.STABLE10 | Buffer overflows, access control issues |
| openresty/1.9.7.4 | Inherits nginx vulnerabilities |
| nginx/www10 | Requires regular updates |
| node/v9.2.0 | Remote code execution, denial of service |
| osiris4 4.8.7189-devel | Lesser-known, delayed patching |
| pump.io/3.0.1 | Data exposure, denial of service |
| sendfaster-edge/1.10.3 | Data caching and distribution vulnerabilities |
| rackcorp/3.0 | Configuration and custom deployment issues |
| BigIP | Don't even know where to start XD |