Shodan VS HackerTarget.com

Transform OSINT sources such as shodan, bgpview & urlscan into templates which you can use to query & store any and each of the API endpoints they provide. Source: 10 months ago

I'm a little surprised you're asking this but as you don't know - if you set the rulebase correctly, you won't get hammered by "public". A lot of people (of course not people here) don't do that which is why shodan.io is full of servers with SSH exposed to the world. Source: 10 months ago

Eh, request a full demo before signing anything. If they make you buy before you can try, move on. Just be advised that data they collect from your site may be used in a database that puts a target on your back. Similar to how shodan.io works. I would probe them on how they handle customer data and if data is shared, partitioned, or isolated to ensure safety from a platform leak. They want to be a security... Source: 10 months ago

My network is being hit by China and Russia many times per hour. Make sure your firewall is up-to-date and not have any services available on the Internet (WAN). Look at shodan.io which shows you _everything_ is searched on the Internet. Source: 11 months ago

In the cases of nginx or apache, I suspect they may be acting as proxies to some backend that also chooses not to send a reason phrase back. Searching for "Reason Phrase" yields a number of bug reports/frameworks that may omit it, and shodan.io shows apache tomcat and a few other services/software that omit the code as well. Source: 11 months ago

Then create a threat feed in our Fortigate using the API at https://hackertarget.com/ using that ASN. Source: 6 months ago

So far, I found things like https://pentest-tools.com/, https://hackertarget.com/, and https://www.intruder.io/. Does anyone have any experience with these (or any other) tools? If so, would you consider any of them a valid tool to check the "Have you conducted any penetration testing" box and maybe highlight some areas where we are lacking? Source: almost 2 years ago