Bug Bounty Recon At Its Easiest with Netlas.io

Netlas.io is a powerful internet scanning and data analysis platform that provides comprehensive insights into online infrastructure and security. With its intuitive search engine, users can explore various data collections, including internet scan results, DNS registry information, IP WHOIS details, domain WHOIS records, and SSL certificates. It’s an essential tool for cybersecurity professionals, researchers, and IT enthusiasts looking to enhance their understanding of the digital landscape and secure their assets effectively.

Website: https://netlas.io

You can use my referral to get 2x Requests:

https://app.netlas.io/ref/248be147/

Netlas.io offers a lot of features you can use, like:

IP/Domain Info — Gain comprehensive insights into IP addresses and domains with Netlas.io’s Information Lookup tool. Whether you’re investigating network infrastructure or domain details, this feature provides a wealth of valuable data.Responses Search — From time to time Netlas.io scans every domain and host currently available on the Internet and saves responses with some additional information (whois, geolocation, FQDN, CVE, tags and other information). Use this search tool to find a specific group of services or devices, such as IP cameras, IoT devices, databases, web servers and so on.DNS Search — Netlas.io obtains domains from whatever resources are available. Centralized Zone Data Service (CZDS) is the general source of information. The certificates collection is another source. Some domains are obtained from whois records. And, of course, Netlas.io accumulates domain names while processing redirects which are occurred during periodic scans.Domain Whois Search — The domain whois protocol is maintained by domain registrars. Netlas.io collects information directly from them. Registrants are required to provide accurate contact details and maintain their accuracy throughout the registration period.Certificates Search — Here you can search certificates collected from the Certificate Transparency Log and certificates received with host responses during scans. This is the largest part of all certificates ever issued. IMPORTANT: Due to the giant amount of data we store this collection on HDD (data storage with slow access speed).

But The Most Important Thing.

Is it Free ????

YES IT IS!

In this blog we are going to use it for Bug Bounty Reconnaissance.

What do you do first after choosing a target?

Yes, collect more information about the target, so how can you do it with netlas.io ?

So for example lets take yahoo.com as example target

First we will do a Domain Whois search on yahoo.com to know about the organization, as given in the screenshot below:

As you can see in the last line

Organization: Yahoo Assets LLC

Now we can use registrant.organization:”Name of the organization” to get all the domains under it.

You can see we got 23,198 results to look into and we also have filter mapping which can be really helpful during the process

The next thing we need is the Subdomains!

The basic search you can do in the DNS Search Tool for subdomains is:

“domain:*.target.com”

As you can see we found 23,493 subdomains for yahoo.com and another good feature is you can filter them based on levels for example

a.b.c.yahoo.com is 5 levels

You also get an inbuilt feature to download all the results!

For Example I download 100 Subdomains

Now I will get a json file, but I can use this command to extract all the subdomains to a file.

cat yourfile.json | jq -r '.[].data.domain' | grep '\.target\.com$' > target_domains.txt

And then you can perform further recon on these subdomains.

You also have a feature to view the certificates of the domains, with many different filters:

You can play around with these features and create scripts of your own to integrate this with other tools.

We can also do all this stuff in CLI

You can install it through:

sudo apt install netlas

Here you can save your api key which you can find in the netlas.io dashboard after you create an account.

And the best thing about it is you get 50 requests free everyday and upto 200 results per download.

Netlas.io offers a comprehensive suite of features for bug bounty reconnaissance, making it an invaluable tool for security researchers and penetration testers. With its non-invasive scanning capabilities and extensive database of IP and domain information, Netlas.io empowers users to gather critical intelligence about their targets efficiently and effectively.