Locked DDWPasteRecon: identify code leak, sensitive files, plaintext passwords, password hashes

[itsMe]

This is the hidden content, please

• Sign In
• or
• Sign Up

DDWPasteRecon

Pastesites are websites that allow users to share plain text through public posts called “pastes.”

Once attackers compromise the external perimeter and gain access to the internal resources they release the part of data on the “paste” sites like pastebin or hastebin. As these hackers or malicious groups publish dumps on such sites other users can see sensitive information through paste sites.

With various malicious groups now using these services as communication channels, temporary storage or sharing, and various other sources being used to trade POC code, I thought it would be a good idea to have an easy tool to help organisations Blue and Red Teams to have visibility into these sites via Google dorks.

DDWPasteRecon tool will help you identify code leak, sensitive files, plaintext passwords, and password hashes. It also allows members of SOC & Blue Team to gain situational awareness of the organisation’s web exposure on the pastesites. It Utilises Google’s indexing of pastesites to gain targeted intelligence of the organisation. Blue & SOC teams can collect and analyse data from these indexed pastesites to better protect against unknown threats.

This is the hidden content, please

• Sign In
• or
• Sign Up