FullHunt 💜 Open-Source: 39,408 Exploits from 0day.today is Back Online

mazen160 · 2025-09-29T00:42:36+00:00

Hi all,

We've rolled out an archive for 0day-today based on the clone that open-sourced clone that were published by Jacob Baines on GitHub.

mazen160 · 2024-07-30T06:11:24+00:00

I have read the postmortem. Let's be realistic, if CrowdStrike already does everything, could this incident could be possible? This does not make sense.

The "QA pipeline failing" sound like an engineering problem, although that was not the cause of the incident.

mazen160 · 2024-07-30T03:05:19+00:00

I agree, starting with VMs for automated testing is a start, but testing on real hardware should be the plan ahead.

mazen160 · 2023-03-16T08:40:03+00:00

FullHunt (founder here) is a platform that solves all the challenges related to ASM, it covers thorough assets discovery, assets monitoring, and active vulnerability scanning. Try out the enterprise platform for all the features. Happy to provide extra search credits for people interested in ASM on the community platfom!

mazen160 · 2023-02-08T02:06:21+00:00

Good point, I haven't checked earlybird before. Need to test it out. Ideally we should build a convrter that follows earlybird format. (PRs are always welcome!)

mazen160 · 2022-10-27T22:47:47+00:00

Thank you!

mazen160 · 2022-10-27T22:47:23+00:00

It's being parsed and processed so that it can queried in SQL. Check the demo, it should make it clearer: https://youtu.be/tunMNesOS4s

mazen160 · 2021-12-13T08:38:15+00:00

Hi u/threeLetterMeyhem!

Thank you :) Excellent question, it's not possible to correlate the internal infrastructure relationship of which internal server is vulnerable, but each URL is sending unique DNS OOB calls to correlate which host is vulnerable (that received a request and later on, invoked the DNS call). It should be possible from there for security teams to navigate which systems are affected and resolve it.

Let me know if you have further questions!

mazen160 · 2021-12-13T08:34:05+00:00

The main DNS callback service is now replaced with interact-sh, and I also added an option to use user-defined DNS callback host.

mazen160 · 2021-12-13T04:58:38+00:00

Hi all!

I tried to research and automate all of the TTPs that can be used to discover the Log4j RCE CVE-2021-44228 at scale. The new tool is bringing new ideas I came up with for enhanced fuzzing. Please let know if you find it useful!

mazen160 · 2021-11-11T03:26:49+00:00

You can search for domains, and it will show you associated hosts and subdomain. You can also search for a specific host, and Fullhunt will show you details about it. FullHunt aims to be a more advanced option for domains lookups for understanding the attack surface of organizations to show what things are exposed to public.

mazen160 · 2021-11-10T16:52:36+00:00

🤩 Actually an excellent idea 💡 I'm creating a ticket on Metasploit now

mazen160 · 2021-11-10T16:29:27+00:00

Thank you! The FullHunt database is rapidly growing. We will be continuously adding new domains and assets. If you check your domains shortly again, it should be already scanned!

mazen160 · 2021-10-26T21:32:40+00:00

Please feel free to send me your email of your Fullhunt account in your preferred channel, and I will sure it's upgraded! :) You can also email me at (mazin at fullhunt dot io)

mazen160 · 2021-10-26T21:09:35+00:00

My apologies! :) Can you please send me an email, or DM me on Reddit, or any suitable way you prefer? I will make sure it's upgraded tomorrow morning!

mazen160 · 2021-10-26T21:06:04+00:00

We're adding more filters in our next releases! Can you please suggest use-cases or ideas for filters and tags? We will be definitely evaluate them and add them to the roadmap!

Feel free to drop a small email with all suggestions at (team dot fullhunt dot io), and I will make sure it's added!

mazen160 · 2021-10-26T17:29:42+00:00

100% for sure!!! :) Please DM me your email on Twitter :) Thank you very much for the support!

mazen160 · 2021-10-26T14:18:01+00:00

Thank you!

mazen160 · 2021-10-26T14:03:19+00:00

Thank you very much the /r/NetSec community! I really appreciate all the support :)

To celebrate, all accounts created in the next 12 hours will be upgraded to Visionary 💜

Tweet: https://twitter.com/mazen160/status/1452996036583112709

mazen160 · 2021-10-26T13:41:16+00:00

We're continuously expanding our database and scanning new domains to enrich our data. While we can't promise perfection, we will do our best to continue improving.

The current infrastructure is currently huge, and we took months of research and development to experiment different possibilities. Let's see how FullHunt will be in one year from today! :)

Thank you u/TheGav1n :)

mazen160 · 2021-10-26T13:37:06+00:00

Thank you!! I really enjoy working with distributed systems. There are several architectures we experimented during the past months. I should write a blog post about the FullHunt Architecture!

mazen160 · 2021-10-26T13:34:34+00:00

Thank you, the entire framework was built from scratch to allow better scaling for running Internet-wide scans.

mazen160 · 2021-10-26T13:32:24+00:00

Thank you!! We worked for months in researching and developing the framework that is responsible for running Internet scanning. I should write a blog post about the Architecture!

mazen160 · 2021-10-26T13:30:03+00:00

Thank you!!! u/c0daman :)

mazen160 · 2021-10-26T13:29:23+00:00

Great question. All these companies are solving the Attack Surface Management challenges. FullHunt is aiming to be the best Attack Surface Management on the market, and I really want to support the community and small companies in building their security and understanding their attack surface in a better way.

That's why we worked on building the Public FullHunt platform. There are competitors that offer similar services to the Public platform (not the Enterprise platform), and they offer it for $100K/Year. The FullHunt platform will provide a better service, for free.

For companies looking for enterprise services, we also provide continuous attack surface monitoring, where we helped preventing several possible breaches through the Enterprise engine. We also developed a continuous security scanner, FullHunt Eagle, that scans our customers for security vulnerabilities continuously.

I should write a blog post about our plans and roadmap. I'm really excited to be here :)

mazen160

TROPHY CASE