1
00:00:05,880 --> 00:00:10,700
All right, so some find out the next best discovery tool when it comes to the means, and you can see

2
00:00:10,700 --> 00:00:13,830
it useful for bounties and penetration testing.

3
00:00:15,210 --> 00:00:18,750
So we can look down here and you can see, you know, much different options, the features.

4
00:00:19,320 --> 00:00:20,550
You see what you can do.

5
00:00:21,330 --> 00:00:26,610
You've got passive sources to maximize results, optimize the speed.

6
00:00:26,970 --> 00:00:30,790
But the real benefit from some finder comes with its training capability.

7
00:00:30,820 --> 00:00:33,390
So you go up here, you go to usage.

8
00:00:34,170 --> 00:00:35,220
You could just run it this way.

9
00:00:35,580 --> 00:00:35,850
Right?

10
00:00:36,170 --> 00:00:37,080
Find the domain.

11
00:00:37,920 --> 00:00:45,330
But we're really we're just one that's really shines is here when you echo domain into supply under

12
00:00:45,980 --> 00:00:47,650
the output that EDP.

13
00:00:48,420 --> 00:00:52,230
So basically what you're saying is, all right, we're going to get to the next lecture, but you can

14
00:00:52,230 --> 00:00:55,020
say, OK, I want to find all the subdomains on one.

15
00:00:56,280 --> 00:01:01,260
Parcelling disappoint her, don't print the banner, just give me the results and then take the results

16
00:01:01,260 --> 00:01:06,960
of each of these returned from the finder and pipe them into HTP X to see if they're alive.

17
00:01:07,560 --> 00:01:07,840
Right.

18
00:01:07,860 --> 00:01:10,290
Because just because you get a domain back doesn't mean it's still active.

19
00:01:10,890 --> 00:01:12,240
This is a really, really nice workflow.

20
00:01:12,240 --> 00:01:14,250
But I want to show you how to set this up as a couple of ways.

21
00:01:14,250 --> 00:01:14,480
Right.

22
00:01:14,490 --> 00:01:15,300
You can use Docker.

23
00:01:16,160 --> 00:01:24,390
You know, I've tried all these methods and really the easiest is just to set it up using go so you

24
00:01:24,390 --> 00:01:31,440
can see when you go installed in order to run this or some other feeds that you can use if you don't

25
00:01:31,440 --> 00:01:35,070
have the API keys for these sources, you won't get results back from them.

26
00:01:35,250 --> 00:01:39,210
You technically don't need the API keys for these sources in order to get value from this tool.

27
00:01:40,530 --> 00:01:42,630
So let's just go ahead and jump into it.

28
00:01:43,690 --> 00:01:44,740
Let me show you something else here.

29
00:01:45,030 --> 00:01:47,500
If you lose your team, Successional, you lose your SFH.

30
00:01:47,520 --> 00:01:48,660
Let's clean it out.

31
00:01:49,170 --> 00:01:49,490
Right.

32
00:01:50,460 --> 00:01:53,940
If I SFH back in, you'll notice I don't have anything related to Tmax.

33
00:01:55,950 --> 00:02:02,880
But if I do Tmax, unless you can see there's a session called bounty and everything to do with type

34
00:02:02,880 --> 00:02:06,840
two mux attach and it comes back precourt control.

35
00:02:06,870 --> 00:02:09,770
X causes pain control.

36
00:02:09,810 --> 00:02:21,330
X causes pain joy x close that pain exit step finder controls the till z to kill that clear.

37
00:02:21,870 --> 00:02:22,710
Let's start fresh.

38
00:02:22,890 --> 00:02:23,790
All right, let's give it a go.

39
00:02:24,570 --> 00:02:26,490
Now this only works because we have go install installed.

40
00:02:26,490 --> 00:02:30,660
So if you're running into issues, make sure you go back to the lesson where I talk about installing

41
00:02:30,660 --> 00:02:35,580
go and let's see if we have sublinear now we do see it's green.

42
00:02:35,910 --> 00:02:38,430
That is an auspicious sign.

43
00:02:38,940 --> 00:02:49,080
So if we do find our tech Dakich we get to help control a single quote and then we can look at some

44
00:02:49,080 --> 00:03:01,140
of the things we can do here so we can read Zero Zip Finder and we give her on the Dashty to find the

45
00:03:01,140 --> 00:03:02,880
subdomains for this domain.

46
00:03:04,230 --> 00:03:08,730
So D'Asti Papabile dot com and what else.

47
00:03:09,150 --> 00:03:11,520
We could list all available sources, but we don't need to do that.

48
00:03:11,520 --> 00:03:12,660
We already know those sources.

49
00:03:13,380 --> 00:03:15,960
Tacho file right output too.

50
00:03:16,680 --> 00:03:17,970
So we do want to do that.

51
00:03:20,340 --> 00:03:21,180
Let's go back up.

52
00:03:23,470 --> 00:03:29,440
Silence is good if you're passing the finder into another tool like HTP X, because it would only output

53
00:03:29,440 --> 00:03:34,000
the subdomains and you can easily Pipestone subdomains into another tool to test that those domains

54
00:03:34,000 --> 00:03:35,890
are active Tactix.

55
00:03:36,370 --> 00:03:41,320
This will give you the option to modify the number of concurrent threads.

56
00:03:42,100 --> 00:03:43,600
You don't want to overwhelm the server.

57
00:03:43,600 --> 00:03:50,260
If you're inundated with too many threads, then well, you might get bad or you might just knock over

58
00:03:50,260 --> 00:03:50,800
the server.

59
00:03:50,920 --> 00:03:55,930
So you want to be polite when you're doing a bug bounty and everything else looks pretty good.

60
00:03:56,980 --> 00:03:58,000
So our press enter

61
00:04:03,130 --> 00:04:07,330
and you'll know the finder is really, really fast, so this is the trade off, right?

62
00:04:07,480 --> 00:04:15,100
So Pinder's quick imasu, slow Ima's as thorough in some finder, isn't as comprehensive.

63
00:04:15,100 --> 00:04:22,250
But when you combine both with their disparate threat intelligence feeds, you concatenate their their

64
00:04:22,260 --> 00:04:23,080
results together.

65
00:04:23,650 --> 00:04:31,000
You have an awesome, awesome file that you can use to, you know, pass to a tool like HTP Probe by

66
00:04:31,000 --> 00:04:35,020
Tom Numnah or HTP X, which is what we're going to do next.

67
00:04:35,580 --> 00:04:42,010
So let's let these results come back and then we'll we'll take a look at the results, the output right

68
00:04:42,010 --> 00:04:43,390
to the finish pretty quickly.

69
00:04:44,200 --> 00:04:47,110
We can do PayPal dot.

70
00:04:50,080 --> 00:04:52,690
Clean that him, as you can see, we've got.

71
00:04:54,190 --> 00:04:58,080
1437 files there and the other one,

72
00:05:01,150 --> 00:05:03,380
we have three thousand four hundred ninety one.

73
00:05:04,210 --> 00:05:07,620
So what we're going to do is concatenate both together, right?

74
00:05:08,230 --> 00:05:16,580
We can do is you look at people that clean that Ima's people, dotcom that her.

75
00:05:17,320 --> 00:05:20,010
Now, if we do that, this is the blending of both.

76
00:05:21,880 --> 00:05:22,870
Everything looks good.

77
00:05:23,820 --> 00:05:28,980
But I do want to make sure that we don't have any leading bases in one of the ways you can do that,

78
00:05:28,980 --> 00:05:31,920
really, by using the translate tool.

79
00:05:37,130 --> 00:05:43,130
You can see if we do blink here, it'll match an all horizontal white space.

80
00:05:45,180 --> 00:05:46,120
Which is what we want.

81
00:05:46,330 --> 00:05:52,150
We'll the daddy to delete horizontal white space for the translate or delete characters to write you

82
00:05:52,200 --> 00:05:55,980
a quick translate delete

83
00:06:00,120 --> 00:06:01,600
and it's going to look the same.

84
00:06:01,610 --> 00:06:09,540
We didn't really change anything there, but we're going to pipe it into people that clean, actually,

85
00:06:09,540 --> 00:06:11,360
we'll just call it combined.

86
00:06:12,390 --> 00:06:12,920
There we go.

87
00:06:13,890 --> 00:06:14,490
And now.

88
00:06:19,240 --> 00:06:21,130
Combined has everything in it.

89
00:06:22,300 --> 00:06:23,740
This is exactly what we wanted.

90
00:06:24,600 --> 00:06:28,960
Now, if we are unique, it we still have the same amount.

91
00:06:29,530 --> 00:06:32,740
So I just wanted to make sure we didn't have any duplicates between both and we don't.

92
00:06:33,370 --> 00:06:40,390
So in the next lecture, what we'll do is we'll paint this over and we'll get a list of all of the things

93
00:06:40,390 --> 00:06:41,260
that are actually valid.

94
00:06:41,680 --> 00:06:41,890
Right.

95
00:06:41,950 --> 00:06:43,630
So I will see you in the next lecture.