Skip to content

Latest commit

 

History

History
38 lines (27 loc) · 2.02 KB

README.md

File metadata and controls

38 lines (27 loc) · 2.02 KB

Traverse

Expand on known hosts related to a domain through searching for instances of repeated code/html and tracking ids across publically available data.

Traverse currently uses

  • host.io [free, requires api key]
  • spyonweb [free, requires api key]
  • publicwww [free, requires api key],
  • shodan [free, requires api key (premium api keys are regularly available for free or a low price)],
  • WebArchive scraping.
    • This may take some time depending on how many snapshots of the page there are.
    • Disabled by default, to enable it open traverse.py and add "webarchive" to the 'services' list.
  • Live page scraping

I wrote a blog post going into detail on this topic, some ideas referenced in the post have not yet been implemented.

There are 2 output formats: -oS (output simple) which is just a plain text output of discovered domains, and -oJ (output json) which is a more detailed JSON output.

domain search example output

search string example output

Alternative resources that I (most likely) won't add support for in this tool:

TODO:

  • Facebook Pixel
  • Google Tag Manager
  • Quantcast
  • Yandex Metrika
  • Recursive Search
  • CommonCrawl (?)